Mebroot.

[Ivy]

Dobrý večer.
Prosim o pomoc s trojskym konom MEBROOT. Uz som citala vsadejake navody ako to odstranit ale som z toho totalne mimo. Najhorsie na tom je, ze som si ho (asi cez flasku, alebo externy disk) dostala aj do druheho notebooku. Poradite niekto? Velmi pekne dakujem

Ivka

[Ivy]

Log z RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Ivana at 2010-04-17 01:14:40
Microsoft® Windows Vista™ Home Premium
System drive C: has 96 GB (64%) free of 151 GB
Total RAM: 2046 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:50, on 17.4.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ7.1\ICQ.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCEM7SZN\RSIT[1].exe
C:\Program Files\trend micro\Ivana.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?CZ (file missing)
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0EAD270-4E10-4AC1-8970-F943C56A4C8D}: NameServer = 172.20.67.254,10.11.0.94
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10143 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-03-29 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-04-10 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-04-10 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Lištička - C:\Program Files\Seznam.cz\listicka.dll [2009-07-22 1411736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-04-10 279664]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2010-04-11 1006264]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-01-18 4349952]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2006-12-19 411768]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-07 55416]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-02-06 509496]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2007-01-17 534648]
"KeNotify"=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2006-11-06 34352]
"HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2006-11-01 413696]
"SVPWUTIL"=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2006-03-22 438272]
"NDSTray.exe"=NDSTray.exe []
"topi"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-03-02 577536]
"Desktop SMS"=C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [2007-01-19 1507328]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-01-13 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-01-13 7766016]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-01-13 81920]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-03-20 1451304]
"Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2007-02-19 571024]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2007-03-15 413696]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-04-07 2145000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-04-11 1232896]
"TOSCDSPD"=TOSCDSPD.EXE []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-04-06 26102056]
"ICQ"=C:\Program Files\ICQ7.1\ICQ.exe [2010-04-13 133368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-04-17 01:14:40 ----D---- C:\rsit
2010-04-17 01:14:40 ----D---- C:\Program Files\trend micro
2010-04-15 11:59:41 ----A---- C:\Windows\system32\vbscript.dll
2010-04-15 11:59:39 ----A---- C:\Windows\system32\jscript.dll
2010-04-15 00:23:08 ----A---- C:\Windows\system32\occache.dll
2010-04-15 00:23:08 ----A---- C:\Windows\system32\mstime.dll
2010-04-15 00:23:08 ----A---- C:\Windows\system32\jsproxy.dll
2010-04-15 00:23:08 ----A---- C:\Windows\system32\iepeers.dll
2010-04-15 00:23:07 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-04-15 00:23:07 ----A---- C:\Windows\system32\msfeeds.dll
2010-04-15 00:23:07 ----A---- C:\Windows\system32\ieui.dll
2010-04-15 00:23:06 ----A---- C:\Windows\system32\wininet.dll
2010-04-15 00:23:06 ----A---- C:\Windows\system32\iesetup.dll
2010-04-15 00:23:06 ----A---- C:\Windows\system32\iernonce.dll
2010-04-15 00:23:05 ----A---- C:\Windows\system32\msfeedssync.exe
2010-04-15 00:23:05 ----A---- C:\Windows\system32\ieUnatt.exe
2010-04-15 00:23:05 ----A---- C:\Windows\system32\iertutil.dll
2010-04-15 00:23:05 ----A---- C:\Windows\system32\iedkcs32.dll
2010-04-15 00:23:05 ----A---- C:\Windows\system32\ie4uinit.exe
2010-04-15 00:23:04 ----A---- C:\Windows\system32\urlmon.dll
2010-04-15 00:23:04 ----A---- C:\Windows\system32\iesysprep.dll
2010-04-15 00:23:03 ----A---- C:\Windows\system32\ieframe.dll
2010-04-15 00:23:02 ----A---- C:\Windows\system32\mshtml.dll
2010-04-15 00:21:49 ----D---- C:\Program Files\Seznam.cz
2010-04-15 00:19:10 ----A---- C:\Windows\system32\mshtmled.dll
2010-04-15 00:19:10 ----A---- C:\Windows\system32\icardie.dll
2010-04-15 00:19:09 ----A---- C:\Windows\system32\msls31.dll
2010-04-15 00:19:09 ----A---- C:\Windows\system32\mshtmler.dll
2010-04-15 00:19:09 ----A---- C:\Windows\system32\corpol.dll
2010-04-15 00:19:09 ----A---- C:\Windows\system32\admparse.dll
2010-04-15 00:19:08 ----A---- C:\Windows\system32\imgutil.dll
2010-04-15 00:19:08 ----A---- C:\Windows\system32\ieakeng.dll
2010-04-15 00:19:08 ----A---- C:\Windows\system32\dxtrans.dll
2010-04-15 00:19:08 ----A---- C:\Windows\system32\dxtmsft.dll
2010-04-15 00:19:07 ----A---- C:\Windows\system32\webcheck.dll
2010-04-15 00:19:07 ----A---- C:\Windows\system32\msrating.dll
2010-04-15 00:19:07 ----A---- C:\Windows\system32\licmgr10.dll
2010-04-15 00:19:07 ----A---- C:\Windows\system32\inseng.dll
2010-04-15 00:19:07 ----A---- C:\Windows\system32\ieaksie.dll
2010-04-15 00:19:06 ----A---- C:\Windows\system32\WinFXDocObj.exe
2010-04-15 00:19:06 ----A---- C:\Windows\system32\wextract.exe
2010-04-15 00:19:06 ----A---- C:\Windows\system32\pngfilt.dll
2010-04-15 00:19:06 ----A---- C:\Windows\system32\ieakui.dll
2010-04-15 00:19:06 ----A---- C:\Windows\system32\advpack.dll
2010-04-15 00:19:05 ----A---- C:\Windows\system32\url.dll
2010-04-15 00:19:05 ----A---- C:\Windows\system32\ieapfltr.dll
2010-04-15 00:19:04 ----A---- C:\Windows\system32\mshta.exe
2010-04-15 00:19:04 ----A---- C:\Windows\system32\iexpress.exe
2010-04-15 00:19:03 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2010-04-15 00:19:03 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2010-04-15 00:19:03 ----A---- C:\Windows\system32\PDMSetup.exe
2010-04-14 12:29:26 ----D---- C:\Users\Ivana\AppData\Roaming\GRETECH
2010-04-14 12:25:49 ----D---- C:\Program Files\GRETECH
2010-04-14 08:34:03 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-04-14 08:34:02 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-04-14 08:33:46 ----A---- C:\Windows\system32\tcpipcfg.dll
2010-04-14 08:33:46 ----A---- C:\Windows\system32\netiougc.exe
2010-04-14 08:33:46 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-04-14 08:31:10 ----A---- C:\Windows\system32\wintrust.dll
2010-04-14 08:30:52 ----A---- C:\Windows\system32\cabview.dll
2010-04-13 23:15:13 ----D---- C:\ProgramData\ICQ
2010-04-13 23:15:13 ----D---- C:\Program Files\ICQ6Toolbar
2010-04-13 23:15:01 ----D---- C:\Users\Ivana\AppData\Roaming\ICQ
2010-04-13 23:14:56 ----D---- C:\Program Files\ICQ7.1
2010-04-13 03:03:43 ----A---- C:\Windows\system32\winhttp.dll
2010-04-13 03:03:14 ----A---- C:\Windows\system32\es.dll
2010-04-11 15:14:23 ----A---- C:\Windows\system32\msshsq.dll
2010-04-11 15:14:01 ----A---- C:\Windows\system32\kerberos.dll
2010-04-11 15:14:00 ----A---- C:\Windows\system32\schannel.dll
2010-04-11 15:13:15 ----A---- C:\Windows\system32\browserchoice.exe
2010-04-11 15:12:31 ----A---- C:\Windows\system32\wshrm.dll
2010-04-11 15:11:43 ----A---- C:\Windows\system32\wmpdxm.dll
2010-04-11 15:10:50 ----A---- C:\Windows\system32\msdrm.dll
2010-04-11 15:10:49 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-04-11 15:10:49 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-04-11 15:10:49 ----A---- C:\Windows\system32\secproc.dll
2010-04-11 15:10:49 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-04-11 15:10:49 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-04-11 15:10:49 ----A---- C:\Windows\system32\RMActivate.exe
2010-04-11 15:10:48 ----A---- C:\Windows\system32\secproc_isv.dll
2010-04-11 15:10:48 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-04-11 15:10:22 ----A---- C:\Windows\system32\sbunattend.exe
2010-04-11 15:09:35 ----A---- C:\Windows\system32\dnsrslvr.dll
2010-04-11 15:09:35 ----A---- C:\Windows\system32\dnscacheugc.exe
2010-04-11 15:09:35 ----A---- C:\Windows\system32\dnsapi.dll
2010-04-11 15:04:04 ----A---- C:\Windows\system32\infocardapi.dll
2010-04-11 15:04:04 ----A---- C:\Windows\system32\icardres.dll
2010-04-11 15:04:04 ----A---- C:\Windows\system32\icardagt.exe
2010-04-11 15:04:02 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-04-11 15:04:01 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2010-04-11 15:04:01 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-04-11 15:04:01 ----A---- C:\Windows\system32\PresentationHost.exe
2010-04-11 13:52:13 ----A---- C:\Windows\system32\t2embed.dll
2010-04-11 13:52:12 ----A---- C:\Windows\system32\lpk.dll
2010-04-11 13:52:12 ----A---- C:\Windows\system32\fontsub.dll
2010-04-11 13:52:12 ----A---- C:\Windows\system32\dciman32.dll
2010-04-11 13:52:12 ----A---- C:\Windows\system32\atmlib.dll
2010-04-11 13:52:12 ----A---- C:\Windows\system32\atmfd.dll
2010-04-11 13:50:52 ----A---- C:\Windows\system32\winipsec.dll
2010-04-11 13:50:52 ----A---- C:\Windows\system32\polstore.dll
2010-04-11 13:50:52 ----A---- C:\Windows\system32\IPSECSVC.DLL
2010-04-11 13:50:52 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2010-04-11 13:49:35 ----A---- C:\Windows\system32\riched32.dll
2010-04-11 13:49:35 ----A---- C:\Windows\system32\riched20.dll
2010-04-11 13:49:32 ----A---- C:\Windows\system32\rasser.dll
2010-04-11 13:49:32 ----A---- C:\Windows\system32\rasmxs.dll
2010-04-11 13:49:32 ----A---- C:\Windows\system32\rasdiag.dll
2010-04-11 13:49:32 ----A---- C:\Windows\system32\rascfg.dll
2010-04-11 13:49:32 ----A---- C:\Windows\system32\netcfgx.dll
2010-04-11 13:49:31 ----A---- C:\Windows\system32\msftedit.dll
2010-04-11 13:49:31 ----A---- C:\Windows\system32\ipnathlp.dll
2010-04-11 13:49:31 ----A---- C:\Windows\system32\icsunattend.exe
2010-04-11 13:49:30 ----A---- C:\Windows\system32\wshqos.dll
2010-04-11 13:49:30 ----A---- C:\Windows\system32\traffic.dll
2010-04-11 13:49:30 ----A---- C:\Windows\system32\pacerprf.dll
2010-04-11 13:49:29 ----A---- C:\Windows\system32\dps.dll
2010-04-11 13:49:29 ----A---- C:\Windows\system32\cdd.dll
2010-04-11 13:46:53 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2010-04-11 13:46:53 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2010-04-11 13:46:52 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2010-04-11 13:44:43 ----A---- C:\Windows\system32\msoert2.dll
2010-04-11 13:44:43 ----A---- C:\Windows\system32\msoeacct.dll
2010-04-11 13:44:43 ----A---- C:\Windows\system32\ACCTRES.dll
2010-04-11 13:43:03 ----A---- C:\Windows\system32\netevent.dll
2010-04-11 13:43:03 ----A---- C:\Windows\system32\MRINFO.EXE
2010-04-11 13:43:02 ----A---- C:\Windows\system32\TCPSVCS.EXE
2010-04-11 13:43:02 ----A---- C:\Windows\system32\ROUTE.EXE
2010-04-11 13:43:02 ----A---- C:\Windows\system32\NETSTAT.EXE
2010-04-11 13:43:02 ----A---- C:\Windows\system32\netiohlp.dll
2010-04-11 13:43:02 ----A---- C:\Windows\system32\HOSTNAME.EXE
2010-04-11 13:43:02 ----A---- C:\Windows\system32\finger.exe
2010-04-11 13:43:02 ----A---- C:\Windows\system32\ARP.EXE
2010-04-11 13:41:15 ----A---- C:\Windows\system32\wtsapi32.dll
2010-04-11 13:41:12 ----A---- C:\Windows\system32\sysmain.dll
2010-04-11 13:40:00 ----A---- C:\Windows\system32\WebClnt.dll
2010-04-11 13:38:46 ----A---- C:\Windows\system32\L2SecHC.dll
2010-04-11 13:38:45 ----A---- C:\Windows\system32\wlansvc.dll
2010-04-11 13:38:45 ----A---- C:\Windows\system32\wlansec.dll
2010-04-11 13:38:45 ----A---- C:\Windows\system32\wlanmsm.dll
2010-04-11 13:38:45 ----A---- C:\Windows\system32\wlanhlp.dll
2010-04-11 13:38:45 ----A---- C:\Windows\system32\wlanapi.dll
2010-04-11 13:37:19 ----A---- C:\Windows\system32\msxml3r.dll
2010-04-11 13:37:19 ----A---- C:\Windows\system32\msxml3.dll
2010-04-11 13:37:18 ----A---- C:\Windows\system32\msxml6r.dll
2010-04-11 13:37:18 ----A---- C:\Windows\system32\msxml6.dll
2010-04-11 13:35:51 ----A---- C:\Windows\system32\wdigest.dll
2010-04-11 13:35:51 ----A---- C:\Windows\system32\secur32.dll
2010-04-11 13:35:51 ----A---- C:\Windows\system32\msv1_0.dll
2010-04-11 13:35:51 ----A---- C:\Windows\system32\lsass.exe
2010-04-11 13:35:51 ----A---- C:\Windows\system32\lsasrv.dll
2010-04-11 13:34:20 ----A---- C:\Windows\system32\winsrv.dll
2010-04-11 13:34:20 ----A---- C:\Windows\system32\csrsrv.dll
2010-04-11 13:33:01 ----A---- C:\Windows\system32\rrinstaller.exe
2010-04-11 13:33:01 ----A---- C:\Windows\system32\mfps.dll
2010-04-11 13:33:01 ----A---- C:\Windows\system32\mfpmp.exe
2010-04-11 13:33:01 ----A---- C:\Windows\system32\mferror.dll
2010-04-11 13:33:01 ----A---- C:\Windows\system32\mf.dll
2010-04-11 13:32:59 ----A---- C:\Windows\system32\WMVCORE.DLL
2010-04-11 13:27:51 ----A---- C:\Windows\system32\atl.dll
2010-04-11 13:25:35 ----A---- C:\Windows\system32\gdi32.dll
2010-04-11 13:21:51 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2010-04-11 13:20:47 ----A---- C:\Windows\system32\xolehlp.dll
2010-04-11 13:20:47 ----A---- C:\Windows\system32\msdtcprx.dll
2010-04-11 13:19:36 ----A---- C:\Windows\system32\wkssvc.dll
2010-04-11 13:18:21 ----A---- C:\Windows\system32\tsgqec.dll
2010-04-11 13:18:21 ----A---- C:\Windows\system32\mstscax.dll
2010-04-11 13:18:21 ----A---- C:\Windows\system32\aaclient.dll
2010-04-11 13:17:02 ----A---- C:\Windows\system32\wmpeffects.dll
2010-04-11 13:14:44 ----A---- C:\Windows\system32\msscp.dll
2010-04-11 13:12:20 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2010-04-11 13:11:12 ----A---- C:\Windows\system32\MPSSVC.dll
2010-04-11 13:11:12 ----A---- C:\Windows\system32\FirewallAPI.dll
2010-04-11 13:11:11 ----A---- C:\Windows\system32\wfapigp.dll
2010-04-11 13:11:11 ----A---- C:\Windows\system32\icfupgd.dll
2010-04-11 13:11:11 ----A---- C:\Windows\system32\cmifw.dll
2010-04-11 13:10:05 ----A---- C:\Windows\system32\netapi32.dll
2010-04-11 13:05:52 ----A---- C:\Windows\system32\mcmde.dll
2010-04-11 13:05:52 ----A---- C:\Windows\system32\EncDec.dll
2010-04-11 13:05:51 ----A---- C:\Windows\system32\psisdecd.dll
2010-04-11 13:03:47 ----A---- C:\Windows\system32\shell32.dll
2010-04-11 13:02:57 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-04-11 13:02:02 ----A---- C:\Windows\system32\tzres.dll
2010-04-11 13:00:40 ----A---- C:\Windows\system32\localspl.dll
2010-04-11 12:55:17 ----A---- C:\Windows\system32\DWWIN.EXE
2010-04-11 12:51:42 ----A---- C:\Windows\explorer.exe
2010-04-11 12:50:51 ----A---- C:\Windows\system32\hcrstco.dll
2010-04-11 12:50:51 ----A---- C:\Windows\system32\hccoin.dll
2010-04-11 12:49:15 ----A---- C:\Windows\system32\netcfg.exe
2010-04-11 12:48:20 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2010-04-11 12:48:20 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2010-04-11 12:48:19 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2010-04-11 12:48:19 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2010-04-11 12:48:19 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2010-04-11 12:48:19 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2010-04-11 12:48:18 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2010-04-11 12:48:18 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2010-04-11 12:48:17 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2010-04-11 12:48:16 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2010-04-11 12:48:15 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2010-04-11 12:48:15 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2010-04-11 12:48:15 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2010-04-11 12:48:14 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2010-04-11 12:48:14 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2010-04-11 12:48:13 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2010-04-11 12:48:12 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2010-04-11 12:48:12 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2010-04-11 12:48:12 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2010-04-11 12:48:11 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2010-04-11 12:48:10 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2010-04-11 12:48:10 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2010-04-11 12:48:09 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2010-04-11 12:48:09 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2010-04-11 12:48:09 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2010-04-11 12:48:08 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2010-04-11 12:48:08 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2010-04-11 12:48:08 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2010-04-11 12:48:07 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2010-04-11 12:48:06 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2010-04-11 12:48:06 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2010-04-11 12:48:05 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2010-04-11 12:48:05 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2010-04-11 12:48:04 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2010-04-11 12:48:03 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2010-04-11 12:48:03 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2010-04-11 12:48:02 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2010-04-11 12:48:02 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2010-04-11 12:48:01 ----A---- C:\Windows\system32\NlsModels0011.dll
2010-04-11 12:48:01 ----A---- C:\Windows\system32\NlsData0046.dll
2010-04-11 12:48:01 ----A---- C:\Windows\system32\NlsData0045.dll
2010-04-11 12:48:00 ----A---- C:\Windows\system32\NlsData0049.dll
2010-04-11 12:48:00 ----A---- C:\Windows\system32\NlsData0047.dll
2010-04-11 12:47:59 ----A---- C:\Windows\system32\NlsData0039.dll
2010-04-11 12:47:59 ----A---- C:\Windows\system32\NlsData0020.dll
2010-04-11 12:47:58 ----A---- C:\Windows\system32\NlsData0026.dll
2010-04-11 12:47:58 ----A---- C:\Windows\system32\NlsData0024.dll
2010-04-11 12:47:58 ----A---- C:\Windows\system32\NlsData0022.dll
2010-04-11 12:47:58 ----A---- C:\Windows\system32\NlsData0021.dll
2010-04-11 12:47:57 ----A---- C:\Windows\system32\NlsData0027.dll
2010-04-11 12:47:57 ----A---- C:\Windows\system32\NlsData0011.dll
2010-04-11 12:47:57 ----A---- C:\Windows\system32\NlsData0010.dll
2010-04-11 12:47:56 ----A---- C:\Windows\system32\NlsData0019.dll
2010-04-11 12:47:56 ----A---- C:\Windows\system32\NlsData0018.dll
2010-04-11 12:47:56 ----A---- C:\Windows\system32\NlsData0013.dll
2010-04-11 12:47:56 ----A---- C:\Windows\system32\NlsData0000.dll
2010-04-11 12:47:55 ----A---- C:\Windows\system32\NlsData0003.dll
2010-04-11 12:47:55 ----A---- C:\Windows\system32\NlsData0002.dll
2010-04-11 12:47:55 ----A---- C:\Windows\system32\NlsData0001.dll
2010-04-11 12:47:54 ----A---- C:\Windows\system32\NlsData0007.dll
2010-04-11 12:47:52 ----A---- C:\Windows\system32\NlsData004a.dll
2010-04-11 12:47:52 ----A---- C:\Windows\system32\NlsData0009.dll
2010-04-11 12:47:51 ----A---- C:\Windows\system32\NlsData004e.dll
2010-04-11 12:47:51 ----A---- C:\Windows\system32\NlsData004c.dll
2010-04-11 12:47:51 ----A---- C:\Windows\system32\NlsData004b.dll
2010-04-11 12:47:50 ----A---- C:\Windows\system32\NlsData003e.dll
2010-04-11 12:47:50 ----A---- C:\Windows\system32\NlsData002a.dll
2010-04-11 12:47:50 ----A---- C:\Windows\system32\NlsData001b.dll
2010-04-11 12:47:50 ----A---- C:\Windows\system32\NlsData001a.dll
2010-04-11 12:47:49 ----A---- C:\Windows\system32\NlsData001d.dll
2010-04-11 12:47:49 ----A---- C:\Windows\system32\NlsData000a.dll
2010-04-11 12:47:48 ----A---- C:\Windows\system32\NlsData000f.dll
2010-04-11 12:47:48 ----A---- C:\Windows\system32\NlsData000d.dll
2010-04-11 12:47:48 ----A---- C:\Windows\system32\NlsData000c.dll
2010-04-11 12:47:47 ----A---- C:\Windows\system32\NlsData0414.dll
2010-04-11 12:47:46 ----A---- C:\Windows\system32\NlsData0816.dll
2010-04-11 12:47:46 ----A---- C:\Windows\system32\NlsData0416.dll
2010-04-11 12:47:46 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2010-04-11 12:47:45 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2010-04-11 12:47:45 ----A---- C:\Windows\system32\NlsData0c1a.dll
2010-04-11 12:47:45 ----A---- C:\Windows\system32\NlsData081a.dll
2010-04-11 12:43:24 ----A---- C:\Windows\system32\setupapi.dll
2010-04-11 12:42:58 ----A---- C:\Windows\system32\srdelayed.exe
2010-04-11 12:42:58 ----A---- C:\Windows\system32\srcore.dll
2010-04-11 12:42:58 ----A---- C:\Windows\system32\srclient.dll
2010-04-11 12:42:58 ----A---- C:\Windows\system32\rstrui.exe
2010-04-11 12:42:57 ----A---- C:\Windows\system32\wpd_ci.dll
2010-04-11 12:42:57 ----A---- C:\Windows\system32\winresume.exe
2010-04-11 12:42:57 ----A---- C:\Windows\system32\winload.exe
2010-04-11 12:42:57 ----A---- C:\Windows\system32\kd1394.dll
2010-04-11 12:42:56 ----A---- C:\Windows\system32\umpnpmgr.dll
2010-04-11 12:42:56 ----A---- C:\Windows\system32\drvinst.exe
2010-04-11 12:42:56 ----A---- C:\Windows\system32\ci.dll
2010-04-11 12:42:56 ----A---- C:\Windows\system32\cfgmgr32.dll
2010-04-11 12:42:55 ----A---- C:\Windows\system32\kbd106n.dll
2010-04-11 12:42:55 ----A---- C:\Windows\system32\dpx.dll
2010-04-11 12:42:54 ----A---- C:\Windows\system32\unlodctr.exe
2010-04-11 12:42:54 ----A---- C:\Windows\system32\prflbmsg.dll
2010-04-11 12:42:54 ----A---- C:\Windows\system32\oleaut32.dll
2010-04-11 12:42:54 ----A---- C:\Windows\system32\lodctr.exe
2010-04-11 12:42:54 ----A---- C:\Windows\system32\loadperf.dll
2010-04-11 12:42:53 ----A---- C:\Windows\system32\schedsvc.dll
2010-04-11 12:42:52 ----A---- C:\Windows\system32\f3ahvoas.dll
2010-04-11 12:42:52 ----A---- C:\Windows\system32\dispci.dll
2010-04-11 12:42:52 ----A---- C:\Windows\system32\batt.dll
2010-04-11 12:41:16 ----A---- C:\Windows\system32\rpcss.dll
2010-04-11 12:41:15 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2010-04-11 12:41:15 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2010-04-11 12:41:13 ----A---- C:\Windows\system32\iasdatastore.dll
2010-04-11 12:41:13 ----A---- C:\Windows\system32\iasads.dll
2010-04-11 12:41:12 ----A---- C:\Windows\system32\sdohlp.dll
2010-04-11 12:41:12 ----A---- C:\Windows\system32\iasrecst.dll
2010-04-11 12:36:53 ----A---- C:\Windows\system32\WMASF.DLL
2010-04-11 12:36:53 ----A---- C:\Windows\system32\LAPRXY.DLL
2010-04-11 12:36:53 ----A---- C:\Windows\system32\asferror.dll
2010-04-11 12:36:04 ----A---- C:\Windows\system32\kernel32.dll
2010-04-11 12:36:03 ----A---- C:\Windows\system32\apilogen.dll
2010-04-11 12:36:03 ----A---- C:\Windows\system32\amxread.dll
2010-04-11 12:34:58 ----A---- C:\Windows\system32\slwmi.dll
2010-04-11 12:34:58 ----A---- C:\Windows\system32\SLC.dll
2010-04-11 12:34:58 ----A---- C:\Windows\system32\mcbuilder.exe
2010-04-11 12:34:57 ----A---- C:\Windows\system32\SLCommDlg.dll
2010-04-11 12:34:56 ----A---- C:\Windows\system32\SLUINotify.dll
2010-04-11 12:34:56 ----A---- C:\Windows\system32\SLUI.exe
2010-04-11 12:34:56 ----A---- C:\Windows\system32\SLsvc.exe
2010-04-11 12:34:56 ----A---- C:\Windows\system32\SLLUA.exe
2010-04-11 12:34:56 ----A---- C:\Windows\system32\slcinst.dll
2010-04-11 12:33:47 ----A---- C:\Windows\system32\WindowsCodecs.dll
2010-04-11 12:33:47 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2010-04-11 12:33:46 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2010-04-11 12:32:02 ----A---- C:\Windows\system32\ntprint.exe
2010-04-11 12:32:01 ----A---- C:\Windows\system32\ntprint.dll
2010-04-11 12:32:00 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2010-04-11 12:32:00 ----A---- C:\Windows\system32\dhcpcsvc.dll
2010-04-11 12:32:00 ----A---- C:\Windows\system32\dhcpcmonitor.dll
2010-04-11 12:31:59 ----A---- C:\Windows\system32\authui.dll
2010-04-11 12:31:57 ----A---- C:\Windows\system32\sendmail.dll
2010-04-11 12:31:03 ----A---- C:\Windows\system32\win32spl.dll
2010-04-11 12:31:03 ----A---- C:\Windows\system32\printcom.dll
2010-04-11 12:05:37 ----A---- C:\Windows\system32\netfxperf.dll
2010-04-11 12:05:37 ----A---- C:\Windows\system32\dfshim.dll
2010-04-11 12:05:35 ----A---- C:\Windows\system32\mscoree.dll
2010-04-11 12:05:34 ----A---- C:\Windows\system32\mscories.dll
2010-04-11 12:05:34 ----A---- C:\Windows\system32\mscorier.dll
2010-04-11 11:50:51 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-04-11 11:50:49 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-04-11 11:50:49 ----A---- C:\Windows\system32\gameux.dll
2010-04-11 11:50:13 ----A---- C:\Windows\system32\WMNetMgr.dll
2010-04-11 11:50:13 ----A---- C:\Windows\system32\logagent.exe
2010-04-11 11:49:14 ----A---- C:\Windows\system32\INETRES.dll
2010-04-11 11:49:14 ----A---- C:\Windows\system32\inetcomm.dll
2010-04-11 11:48:53 ----A---- C:\Windows\system32\msasn1.dll
2010-04-11 11:48:29 ----A---- C:\Windows\system32\connect.dll
2010-04-11 11:48:10 ----A---- C:\Windows\system32\wmi.dll
2010-04-11 11:48:10 ----A---- C:\Windows\system32\imagehlp.dll
2010-04-11 11:47:54 ----A---- C:\Windows\system32\rpcrt4.dll
2010-04-11 11:47:16 ----A---- C:\Windows\system32\httpapi.dll
2010-04-11 11:47:15 ----A---- C:\Windows\system32\nshhttp.dll
2010-04-11 11:45:29 ----A---- C:\Windows\system32\crypt32.dll
2010-04-11 11:44:54 ----A---- C:\Windows\system32\rastls.dll
2010-04-11 11:44:54 ----A---- C:\Windows\system32\raschap.dll
2010-04-11 11:44:31 ----A---- C:\Windows\system32\WSDApi.dll
2010-04-11 11:43:55 ----D---- C:\Program Files\MSXML 4.0
2010-04-11 11:43:44 ----A---- C:\Windows\system32\user32.dll
2010-04-11 11:42:16 ----A---- C:\Windows\system32\tsbyuv.dll
2010-04-11 11:42:16 ----A---- C:\Windows\system32\msyuv.dll
2010-04-11 11:42:16 ----A---- C:\Windows\system32\iyuv_32.dll
2010-04-11 11:42:15 ----A---- C:\Windows\system32\quartz.dll
2010-04-11 11:42:15 ----A---- C:\Windows\system32\msvidc32.dll
2010-04-11 11:42:15 ----A---- C:\Windows\system32\msvfw32.dll
2010-04-11 11:42:15 ----A---- C:\Windows\system32\msrle32.dll
2010-04-11 11:42:15 ----A---- C:\Windows\system32\mciavi32.dll
2010-04-11 11:42:15 ----A---- C:\Windows\system32\avifil32.dll
2010-04-11 11:42:15 ----A---- C:\Windows\system32\avicap32.dll
2010-04-11 11:41:15 ----A---- C:\Windows\system32\qmgr.dll
2010-04-11 11:40:57 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2010-04-11 11:40:13 ----A---- C:\Windows\system32\wmploc.DLL
2010-04-11 11:40:13 ----A---- C:\Windows\system32\wmp.dll
2010-04-11 11:40:12 ----A---- C:\Windows\system32\spwmp.dll
2010-04-11 11:40:11 ----A---- C:\Windows\system32\dxmasf.dll
2010-04-11 11:40:07 ----A---- C:\Windows\system32\unregmp2.exe
2010-04-11 11:23:39 ----D---- C:\Temp
2010-04-11 11:00:05 ----HD---- C:\Program Files\Temp
2010-04-11 10:59:11 ----A---- C:\Windows\ODBC.INI
2010-04-11 10:59:03 ----A---- C:\Windows\system32\mdimon.dll
2010-04-11 10:57:26 ----D---- C:\Program Files\Common Files\DESIGNER
2010-04-11 10:56:53 ----D---- C:\Windows\PCHEALTH
2010-04-11 10:56:53 ----D---- C:\Program Files\Microsoft.NET
2010-04-11 10:56:53 ----D---- C:\Program Files\Microsoft Office
2010-04-11 10:53:36 ----RHD---- C:\MSOCache
2010-04-11 10:15:01 ----N---- C:\Windows\system32\MpSigStub.exe
2010-04-10 22:10:01 ----D---- C:\Users\Ivana\AppData\Roaming\Macromedia
2010-04-10 19:58:41 ----D---- C:\ProgramData\McAfee
2010-04-10 19:56:25 ----D---- C:\Users\Ivana\AppData\Roaming\Google
2010-04-10 19:53:20 ----D---- C:\ProgramData\Google
2010-04-10 19:53:20 ----D---- C:\Program Files\Google
2010-04-10 15:30:41 ----A---- C:\Windows\system32\wups2.dll
2010-04-10 15:30:41 ----A---- C:\Windows\system32\wucltux.dll
2010-04-10 15:30:41 ----A---- C:\Windows\system32\wuaueng.dll
2010-04-10 15:30:41 ----A---- C:\Windows\system32\wuauclt.exe
2010-04-10 15:30:11 ----A---- C:\Windows\system32\wups.dll
2010-04-10 15:30:11 ----A---- C:\Windows\system32\wudriver.dll
2010-04-10 15:30:10 ----A---- C:\Windows\system32\wuapi.dll
2010-04-10 15:29:49 ----A---- C:\Windows\system32\wuwebv.dll
2010-04-10 15:29:49 ----A---- C:\Windows\system32\wuapp.exe
2010-04-10 13:18:01 ----D---- C:\Users\Ivana\AppData\Roaming\skypePM
2010-04-10 13:17:32 ----D---- C:\Users\Ivana\AppData\Roaming\Skype
2010-04-10 13:17:19 ----D---- C:\Program Files\Common Files\Skype
2010-04-10 13:17:18 ----RD---- C:\Program Files\Skype
2010-04-10 13:17:12 ----D---- C:\ProgramData\Skype
2010-04-10 13:10:33 ----D---- C:\Users\Ivana\AppData\Roaming\AdobeUM
2010-04-10 11:27:38 ----D---- C:\Users\Ivana\AppData\Roaming\Adobe
2010-04-10 10:34:17 ----D---- C:\ProgramData\ESET
2010-04-10 10:34:17 ----D---- C:\Program Files\ESET
2010-04-10 10:32:34 ----D---- C:\Users\Ivana\AppData\Roaming\Toshiba
2010-04-10 10:15:59 ----D---- C:\Program Files\Camera Assistant Software for Toshiba
2010-04-10 10:15:38 ----D---- C:\Users\Ivana\AppData\Roaming\InstallShield
2010-04-10 10:13:07 ----D---- C:\Users\Ivana\AppData\Roaming\Identities
2010-04-10 10:10:24 ----D---- C:\ProgramData\ToshibaEurope
2010-04-10 10:10:13 ----SD---- C:\Users\Ivana\AppData\Roaming\Microsoft
2010-04-10 10:10:13 ----D---- C:\Users\Ivana\AppData\Roaming\Media Center Programs
2010-04-10 10:06:53 ----SHD---- C:\ProgramData\Šablony
2010-04-10 10:06:53 ----SHD---- C:\ProgramData\Plocha
2010-04-10 10:06:53 ----SHD---- C:\ProgramData\Oblíbené položky
2010-04-10 10:06:53 ----SHD---- C:\ProgramData\Nabídka Start
2010-04-10 10:06:53 ----SHD---- C:\ProgramData\Dokumenty
2010-04-10 10:06:53 ----SHD---- C:\ProgramData\Data aplikací
2010-04-10 10:06:36 ----D---- C:\Windows\SoftwareDistribution
2010-04-10 10:03:02 ----D---- C:\Program Files\Synaptics
2010-04-10 09:59:55 ----A---- C:\Windows\system32\xactengine2_0.dll
2010-04-10 09:59:55 ----A---- C:\Windows\system32\x3daudio1_0.dll
2010-04-10 09:59:49 ----A---- C:\Windows\system32\d3dx9_29.dll
2010-04-10 09:59:49 ----A---- C:\Windows\system32\d3dx9_28.dll
2010-04-10 09:59:48 ----A---- C:\Windows\system32\d3dx9_27.dll
2010-04-10 09:59:48 ----A---- C:\Windows\system32\d3dx9_26.dll
2010-04-10 09:59:47 ----A---- C:\Windows\system32\d3dx9_25.dll
2010-04-10 09:59:46 ----A---- C:\Windows\system32\d3dx9_24.dll
2010-04-10 09:54:10 ----SHD---- C:\System Volume Information

======List of files/folders modified in the last 1 months======

2010-04-17 01:14:50 ----D---- C:\Windows\Prefetch
2010-04-17 01:14:43 ----D---- C:\Windows\Temp
2010-04-17 01:14:40 ----RD---- C:\Program Files
2010-04-16 23:43:01 ----D---- C:\Windows\System32
2010-04-16 23:43:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-16 23:43:00 ----D---- C:\Windows\inf
2010-04-16 03:16:22 ----D---- C:\Windows\system32\drivers
2010-04-16 03:01:09 ----D---- C:\Windows\winsxs
2010-04-15 12:13:32 ----D---- C:\Windows\system32\catroot
2010-04-15 12:13:31 ----D---- C:\Windows\system32\catroot2
2010-04-15 12:13:24 ----HD---- C:\ProgramData
2010-04-15 12:11:33 ----D---- C:\Windows\system32\migration
2010-04-15 12:11:33 ----D---- C:\Program Files\Windows Mail
2010-04-15 11:52:57 ----SHD---- C:\Windows\Installer
2010-04-15 00:34:34 ----D---- C:\Windows\system32\cs-CZ
2010-04-15 00:34:34 ----D---- C:\Program Files\Internet Explorer
2010-04-15 00:34:32 ----D---- C:\Windows\system32\en-US
2010-04-15 00:34:32 ----D---- C:\Windows\PolicyDefinitions
2010-04-15 00:24:20 ----HD---- C:\Windows\msdownld.tmp
2010-04-15 00:21:41 ----D---- C:\Windows
2010-04-14 08:25:01 ----D---- C:\Windows\servicing
2010-04-13 23:15:10 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-13 03:05:15 ----D---- C:\Windows\Microsoft.NET
2010-04-13 03:02:33 ----D---- C:\Windows\rescache
2010-04-13 03:01:41 ----RSD---- C:\Windows\assembly
2010-04-12 11:58:00 ----A---- C:\Windows\win.ini
2010-04-11 23:54:38 ----D---- C:\Program Files\Common Files\microsoft shared
2010-04-11 15:28:36 ----D---- C:\Windows\system32\WDI
2010-04-11 15:23:57 ----HD---- C:\Windows\system32\GroupPolicy
2010-04-11 15:21:33 ----D---- C:\Windows\system32\Tasks
2010-04-11 15:16:37 ----D---- C:\Program Files\Windows Sidebar
2010-04-11 15:16:34 ----D---- C:\Windows\system32\XPSViewer
2010-04-11 15:16:34 ----D---- C:\Windows\system32\wbem
2010-04-11 14:04:31 ----ASH---- C:\Program Files\desktop.ini
2010-04-11 13:57:43 ----D---- C:\Windows\system32\ras
2010-04-11 13:57:43 ----D---- C:\Windows\system32\icsxml
2010-04-11 13:57:43 ----D---- C:\Program Files\Windows Calendar
2010-04-11 13:57:41 ----D---- C:\Program Files\Common Files\System
2010-04-11 13:57:38 ----D---- C:\Program Files\Windows Defender
2010-04-11 13:57:34 ----D---- C:\Windows\ehome
2010-04-11 13:57:34 ----D---- C:\Program Files\Movie Maker
2010-04-11 13:57:28 ----D---- C:\Windows\AppPatch
2010-04-11 13:57:24 ----D---- C:\Windows\system32\manifeststore
2010-04-11 13:57:23 ----D---- C:\Windows\system32\SLUI
2010-04-11 13:57:14 ----RSD---- C:\Windows\Fonts
2010-04-11 13:57:14 ----D---- C:\Program Files\Windows Media Player
2010-04-11 12:27:25 ----D---- C:\Windows\Debug
2010-04-11 11:04:21 ----D---- C:\Windows\system32\LogFiles
2010-04-11 11:01:10 ----D---- C:\Program Files\Realtek
2010-04-11 10:57:41 ----D---- C:\Windows\ShellNew
2010-04-11 10:57:26 ----D---- C:\Program Files\Common Files
2010-04-11 10:56:53 ----SD---- C:\ProgramData\Microsoft
2010-04-11 10:53:40 ----D---- C:\Windows\system
2010-04-11 09:54:51 ----SD---- C:\Windows\Downloaded Program Files
2010-04-10 23:05:26 ----D---- C:\Windows\Tasks
2010-04-10 10:33:07 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-04-10 10:32:38 ----D---- C:\ProgramData\Symantec
2010-04-10 10:13:39 ----D---- C:\Toshiba
2010-04-10 10:13:22 ----SHD---- C:\$Recycle.Bin
2010-04-10 10:10:13 ----RD---- C:\Users
2010-04-10 10:06:53 ----D---- C:\Program Files\Windows NT
2010-04-10 10:00:47 ----D---- C:\Program Files\InterVideo
2010-04-10 09:59:29 ----D---- C:\Windows\system32\restore
2010-04-10 09:57:09 ----D---- C:\Windows\Panther
2010-04-06 19:52:54 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys [2010-04-07 95872]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2010-04-11 14208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-01-18 1729632]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-01-13 4452288]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-04 59392]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-04-11 82432]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-03-20 208688]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2009-06-19 290816]
R3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
R3 UVCFTR;UVCFTR; C:\Windows\system32\DRIVERS\UVCFTR_S.SYS [2007-03-12 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-04-07 133512]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2006-12-09 2206720]
S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys []
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-01-18 219392]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-01-18 211072]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-04-07 810120]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2006-12-19 428152]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-02 118784]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-10 135664]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-04-07 33560]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-04-10 182768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

[motji]

Dobré ranko

Máte v pc jeden nebo dva disky?

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

[Ivy]

Zdravim, a hned dekuji za zajem pomoct.

V pc mam uz jenom jeden disk C. Mam pred spustenim ComboFixu zapnout i Externi disk a flasky ktere pouzivam?
Jeste jeden dotaz, kdyz chci vypnout antivirak, tak mi to hlasi, ze se neporadilo korektne nacist Firewal. Ja jsem totiz prednedavnem delala Boot z CD, takze v pc. temer nic nemam.

[Ivy]

Tak jsem zapojila i externi disk a 2x USB a vyslo mi toto:

ComboFix 10-04-15.05 - Ivana 17.04.2010 11:11:36.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.420.1029.18.2046.1143 [GMT 2:00]
Spuštěný z: c:\users\Ivana\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 4.2 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-17 do 2010-04-17 )))))))))))))))))))))))))))))))
.

2010-04-17 09:15 . 2010-04-17 09:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-17 09:15 . 2010-04-17 09:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-16 23:14 . 2010-04-16 23:14 -------- d-----w- C:\rsit
2010-04-16 23:14 . 2010-04-16 23:14 -------- d-----w- c:\program files\trend micro
2010-04-15 15:17 . 2010-04-15 15:17 680 ----a-w- c:\users\Ivana\AppData\Local\d3d9caps.dat
2010-04-15 09:59 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 22:21 . 2010-04-14 22:21 -------- d-----w- c:\program files\Seznam.cz
2010-04-14 10:29 . 2010-04-14 10:29 -------- d-----w- c:\users\Ivana\AppData\Roaming\GRETECH
2010-04-14 10:25 . 2010-04-14 10:25 -------- d-----w- c:\program files\GRETECH
2010-04-14 06:34 . 2010-02-23 13:14 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 06:34 . 2010-02-23 13:14 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 06:34 . 2010-02-23 13:14 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 06:34 . 2010-02-18 14:54 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 06:34 . 2010-02-18 14:54 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 06:33 . 2010-02-18 14:22 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-04-14 06:33 . 2010-02-18 14:19 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 06:33 . 2010-02-18 12:05 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 06:33 . 2010-02-18 12:04 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-04-14 06:33 . 2010-02-18 12:04 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 06:33 . 2010-02-18 12:04 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-04-14 06:31 . 2009-12-23 12:45 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 06:30 . 2010-01-13 18:23 97792 ----a-w- c:\windows\system32\cabview.dll
2010-04-13 21:15 . 2010-04-13 21:15 -------- d-----w- c:\programdata\ICQ
2010-04-13 21:15 . 2010-04-13 21:15 -------- d-----w- c:\program files\ICQ6Toolbar
2010-04-13 21:15 . 2010-04-17 08:52 -------- d-----w- c:\users\Ivana\AppData\Roaming\ICQ
2010-04-13 21:15 . 2010-04-13 21:15 -------- d-----w- c:\users\Ivana\AppData\Local\AOL
2010-04-13 21:14 . 2010-04-13 21:16 -------- d-----w- c:\program files\ICQ7.1
2010-04-13 01:03 . 2010-04-13 01:03 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-04-13 01:03 . 2010-04-13 01:03 268800 ----a-w- c:\windows\system32\es.dll
2010-04-11 13:21 . 2010-04-11 13:21 35896 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2010-04-11 13:21 . 2010-04-11 13:21 503864 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2010-04-11 13:14 . 2010-04-11 13:14 229888 ----a-w- c:\windows\system32\msshsq.dll
2010-04-11 13:14 . 2010-04-11 13:14 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-04-11 13:14 . 2010-04-11 13:14 272384 ----a-w- c:\windows\system32\schannel.dll
2010-04-11 13:13 . 2010-04-11 13:13 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-11 13:12 . 2010-04-11 13:12 14848 ----a-w- c:\windows\system32\wshrm.dll
2010-04-11 13:12 . 2010-04-11 13:12 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2010-04-11 13:11 . 2010-04-11 13:11 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-04-11 13:10 . 2010-04-11 13:10 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-04-11 13:10 . 2010-04-11 13:10 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-04-11 13:10 . 2010-04-11 13:10 472576 ----a-w- c:\windows\system32\secproc.dll
2010-04-11 13:10 . 2010-04-11 13:10 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-04-11 13:10 . 2010-04-11 13:10 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-04-11 13:10 . 2010-04-11 13:10 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-04-11 13:10 . 2010-04-11 13:10 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-04-11 13:10 . 2010-04-11 13:10 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-04-11 13:10 . 2010-04-11 13:10 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-04-11 13:10 . 2010-04-11 13:10 11776 ----a-w- c:\windows\system32\sbunattend.exe
2010-04-11 13:09 . 2010-04-11 13:09 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2010-04-11 13:09 . 2010-04-11 13:09 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2010-04-11 13:09 . 2010-04-11 13:09 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2010-04-11 13:04 . 2010-04-11 13:04 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-04-11 13:04 . 2010-04-11 13:04 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-04-11 13:04 . 2010-04-11 13:04 11264 ----a-w- c:\windows\system32\icardres.dll
2010-04-11 13:04 . 2010-04-11 13:04 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-04-11 13:04 . 2010-04-11 13:04 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-04-11 13:04 . 2010-04-11 13:04 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-04-11 13:04 . 2010-04-11 13:04 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-04-11 12:35 . 2010-04-11 12:35 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-11 11:52 . 2010-04-11 11:52 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-04-11 11:52 . 2010-04-11 11:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-04-11 11:52 . 2010-04-11 11:52 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-04-11 11:52 . 2010-04-11 11:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-04-11 11:52 . 2010-04-11 11:52 24064 ----a-w- c:\windows\system32\lpk.dll
2010-04-11 11:52 . 2010-04-11 11:52 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-04-11 11:50 . 2010-04-11 11:50 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-04-11 11:50 . 2010-04-11 11:50 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-04-11 11:50 . 2010-04-11 11:50 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2010-04-11 11:50 . 2010-04-11 11:50 272896 ----a-w- c:\windows\system32\polstore.dll
2010-04-11 11:48 . 2010-04-11 11:48 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-04-11 11:48 . 2010-04-11 11:48 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2010-04-11 11:46 . 2010-04-11 11:46 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-04-11 11:46 . 2010-04-11 11:46 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-04-11 11:46 . 2010-04-11 11:46 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-04-11 11:44 . 2010-04-11 11:44 87040 ----a-w- c:\windows\system32\msoert2.dll
2010-04-11 11:44 . 2010-04-11 11:44 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2010-04-11 11:44 . 2010-04-11 11:44 205824 ----a-w- c:\windows\system32\msoeacct.dll
2010-04-11 11:43 . 2010-04-11 11:43 15360 ----a-w- c:\windows\system32\netevent.dll
2010-04-11 11:43 . 2010-04-11 11:43 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-04-11 11:43 . 2010-04-11 11:43 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-04-11 11:43 . 2010-04-11 11:43 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-04-11 11:43 . 2010-04-11 11:43 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-04-11 11:43 . 2010-04-11 11:43 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-04-11 11:43 . 2010-04-11 11:43 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-04-11 11:43 . 2010-04-11 11:43 103936 ----a-w- c:\windows\system32\netiohlp.dll
2010-04-11 11:43 . 2010-04-11 11:43 10240 ----a-w- c:\windows\system32\finger.exe
2010-04-11 11:43 . 2010-04-11 11:43 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2010-04-11 11:41 . 2010-04-11 11:41 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2010-04-11 11:41 . 2010-04-11 11:41 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2010-04-11 11:41 . 2010-04-11 11:41 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2010-04-11 11:41 . 2010-04-11 11:41 28344 ----a-w- c:\windows\system32\drivers\battc.sys
2010-04-11 11:41 . 2010-04-11 11:41 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2010-04-11 11:41 . 2010-04-11 11:41 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys
2010-04-11 11:41 . 2010-04-11 11:41 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2010-04-11 11:41 . 2010-04-11 11:41 542720 ----a-w- c:\windows\system32\sysmain.dll
2010-04-11 11:40 . 2010-04-11 11:40 194560 ----a-w- c:\windows\system32\WebClnt.dll
2010-04-11 11:40 . 2010-04-11 11:40 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2010-04-11 11:38 . 2010-04-11 11:38 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2010-04-11 11:38 . 2010-04-11 11:38 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2010-04-11 11:38 . 2010-04-11 11:38 502272 ----a-w- c:\windows\system32\wlansvc.dll
2010-04-11 11:38 . 2010-04-11 11:38 47104 ----a-w- c:\windows\system32\wlanapi.dll
2010-04-11 11:38 . 2010-04-11 11:38 297984 ----a-w- c:\windows\system32\wlansec.dll
2010-04-11 11:38 . 2010-04-11 11:38 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2010-04-11 11:37 . 2010-04-11 11:37 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-04-11 11:37 . 2010-04-11 11:37 1260032 ----a-w- c:\windows\system32\msxml3.dll
2010-04-11 11:37 . 2010-04-11 11:37 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-04-11 11:37 . 2010-04-11 11:37 1406464 ----a-w- c:\windows\system32\msxml6.dll
2010-04-11 11:35 . 2010-04-11 11:35 7680 ----a-w- c:\windows\system32\lsass.exe
2010-04-11 11:35 . 2010-04-11 11:35 72704 ----a-w- c:\windows\system32\secur32.dll
2010-04-11 11:35 . 2010-04-11 11:35 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-04-11 11:35 . 2010-04-11 11:35 216576 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-11 11:35 . 2010-04-11 11:35 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-04-11 11:35 . 2010-04-11 11:35 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-11 11:34 . 2010-04-11 11:34 49664 ----a-w- c:\windows\system32\csrsrv.dll
2010-04-11 11:34 . 2010-04-11 11:34 376320 ----a-w- c:\windows\system32\winsrv.dll
2010-04-11 11:33 . 2010-04-11 11:33 98816 ----a-w- c:\windows\system32\mfps.dll
2010-04-11 11:33 . 2010-04-11 11:33 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2010-04-11 11:33 . 2010-04-11 11:33 2855424 ----a-w- c:\windows\system32\mf.dll
2010-04-11 11:33 . 2010-04-11 11:33 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-04-11 11:33 . 2010-04-11 11:33 2048 ----a-w- c:\windows\system32\mferror.dll
2010-04-11 11:27 . 2010-04-11 11:27 71680 ----a-w- c:\windows\system32\atl.dll
2010-04-11 11:25 . 2010-04-11 11:25 297472 ----a-w- c:\windows\system32\gdi32.dll
2010-04-11 11:24 . 2010-04-11 11:24 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2010-04-11 11:24 . 2010-04-11 11:24 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2010-04-11 11:21 . 2010-04-11 11:21 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 09:13 . 2007-01-08 21:09 81404 ----a-w- c:\windows\system32\perfc005.dat
2010-04-17 09:13 . 2007-01-08 21:09 473598 ----a-w- c:\windows\system32\perfh005.dat
2010-04-16 23:53 . 2010-04-10 09:27 13025 ----a-w- c:\users\Ivana\AppData\Roaming\nvModes.dat
2010-04-15 10:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-13 21:15 . 2007-03-29 06:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-11 22:10 . 2010-04-10 08:10 68088 ----a-w- c:\users\Ivana\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-11 13:22 . 2010-04-11 13:22 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-04-11 13:22 . 2010-04-11 13:22 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-04-11 13:21 . 2010-04-11 13:21 3 ----a-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2010-04-11 13:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-04-11 13:16 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-11 13:14 . 2010-04-11 13:14 272384 ----a-w- c:\windows\system32\schannel.dll
2010-04-11 11:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-04-11 11:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-04-11 10:53 . 2010-04-11 10:53 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2010-04-11 10:47 . 2010-04-11 10:47 1963520 ----a-w- c:\windows\system32\NlsData0026.dll
2010-04-11 10:42 . 2010-04-11 10:42 40960 ----a-w- c:\windows\system32\srclient.dll
2010-04-11 10:36 . 2010-04-11 10:36 40960 ----a-w- c:\windows\AppPatch\apihex86.dll
2010-04-11 09:50 . 2010-04-11 09:50 2560 ----a-w- c:\windows\AppPatch\AcRes.dll
2010-04-11 09:50 . 2010-04-11 09:50 537600 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-11 09:50 . 2010-04-11 09:50 449024 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-11 09:50 . 2010-04-11 09:50 2143744 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-04-11 09:50 . 2010-04-11 09:50 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-11 09:01 . 2007-03-29 06:29 -------- d-----w- c:\program files\Realtek
2010-04-10 08:33 . 2007-03-29 07:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-10 08:32 . 2007-03-29 07:17 -------- d-----w- c:\programdata\Symantec
2010-04-10 08:10 . 2010-04-10 08:10 -------- d-----w- c:\programdata\ToshibaEurope
2010-04-10 08:06 . 2010-04-10 08:06 -------- d-sh--we c:\programdata\Plocha
2010-04-10 08:06 . 2010-04-10 08:06 -------- d-sh--we c:\programdata\Oblíbené položky
2010-04-10 08:06 . 2010-04-10 08:06 -------- d-sh--we c:\programdata\Šablony
2010-04-10 08:06 . 2010-04-10 08:06 -------- d-sh--we c:\programdata\Nabídka Start
2010-04-10 08:06 . 2010-04-10 08:06 -------- d-sh--we c:\programdata\Dokumenty
2010-04-10 08:06 . 2010-04-10 08:06 -------- d-sh--we c:\programdata\Data aplikací
2010-04-10 08:03 . 2010-04-10 08:03 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-04-10 08:00 . 2007-03-29 07:06 -------- d-----w- c:\program files\InterVideo
2010-04-10 07:59 . 2010-04-10 07:59 0 --sha-r- c:\windows\system32\drivers\TOSHIBA_Satellite A200_05004-CZ_PSAECE-02C00.MRK
2010-02-23 06:39 . 2010-04-14 22:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-14 22:23 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-04-14 22:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-04-14 22:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-04-17_09.02.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-10 08:07 . 2010-04-17 09:05 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-10 08:07 . 2010-04-17 08:55 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-10 08:07 . 2010-04-17 08:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-10 08:07 . 2010-04-17 09:05 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-10 08:07 . 2010-04-17 08:55 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-10 08:07 . 2010-04-17 09:05 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-11 16:45 . 2010-04-16 01:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-11 16:45 . 2010-04-17 08:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-11 16:45 . 2010-04-17 08:49 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-11 16:45 . 2010-04-16 01:17 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-11 16:45 . 2010-04-17 08:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-11 16:45 . 2010-04-16 01:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 10:33 . 2010-04-16 21:43 610142 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-04-17 09:13 610142 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-04-16 21:43 103924 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-04-17 09:13 103924 c:\windows\System32\perfc009.dat
+ 2010-04-15 09:47 . 2010-04-17 09:05 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-04-15 09:47 . 2010-04-17 08:55 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-04-11 1232896]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2010-04-13 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2010-04-11 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-02-06 509496]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-03-02 577536]
"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 1507328]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-13 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-13 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-13 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-03-15 413696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 135664]
R3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-04-07 133512]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2010-04-07 95872]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-04-07 810120]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

.
Obsah adresáře 'Naplánované úlohy'

2010-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 21:05]

2010-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 21:05]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?CZ
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: {C0EAD270-4E10-4AC1-8970-F943C56A4C8D} = 172.20.67.254,10.11.0.94
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 11:15
Windows 6.0.6000 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(4636)
c:\program files\IDM\Desktop SMS\oehook.dll
.
Celkový čas: 2010-04-17 11:17:33
ComboFix-quarantined-files.txt 2010-04-17 09:17
ComboFix2.txt 2010-04-17 09:04

Před spuštěním: Volných bajtů: 100 700 848 128
Po spuštění: Volných bajtů: 100 678 492 160

- - End Of File - - E27CD7D6B2174463BA6052231B2ABB96

[motji]

To Vám hlásí NOd, toho mebroota?

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu a spusťte
-vytvoří se log s názvem mbr.log, vložte ho zde

[Ivy]

jj Nod, ale hlasi to jen obcas... kdyz dam kontrolu, tak je vse OK. a zas nekdy mi vyhodi hlasku.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: error reading MBR

[motji]

Prosím Vás, zkuste spustit Mbr.exe v nouzovém režimu (po restartu mačkejte F8)

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

Zkuste spustit ještě tyto dva programy a nahlaste, jestli něco našli
http://www.eset.eu/download/emebremover
http://www.pctools.com/mebroot/download/

[Ivy]

tak delam ted ten druhy sken Gmer... ale uz to jede dost dlouho teda... tak jeste pockam... pak udelam ty dalsi dva...

muzu tento celej postup (combofix, MBR, gmer) udelat i pro druhej notebook? Tady mi tu hlasku ukazalo asi ´2 dny zpet...

[motji]

Založte druh topic, napište pro Motji - notebook a vložte tam log ze Rsitu, Gmeru z Mbr.exe. je také možné, že je to nějaký falešný poplach Nodu, ale mebroot krade hesla a data, takže to nemůžeme podcenovat. Uvidíme, jestli něco najdeme

[Ivy]

Gmer 1

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-17 13:22:11
Windows 6.0.6000
Running: gmer.exe; Driver: C:\Users\Ivana\AppData\Local\Temp\kwrorpog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----




Gmer 2

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-17 13:56:46
Windows 6.0.6000
Running: gmer.exe; Driver: C:\Users\Ivana\AppData\Local\Temp\kwrorpog.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\Users\Ivana\AppData\Local\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \FileSystem\fastfat \Fat 98C219F6

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)

---- EOF - GMER 1.0.15 ----


a jdu zalozit ten novy topic

[motji]

Ještě spustte ten Mbr.exe v nouzovém režimu a ty dva programy. Ale já nikde mbr rootkita zatím nevidím
Já tu budu až večer, pro Váš klid duše ještě spustte webcureit,pokud ani on nic nenajde, odešlu Vás na podporu Esetu . Už se tu párkrát stalo, že měl Eset nějaké falešné detekce na Mbr rootkita.

Stahněte dr. Web CureIt http://www.viry.cz/forum/viewtopic.php?f=29&t=47721
-udělejte sken , co najde nechte léčit, smazat
-sken může trvat několik hodin
-Soubor/Uložit výsledky - uložíte jako textovy soubor a zkopírujete zde

[Ivy]

Tak jsem zkousela i ty dalsi dva programky... nebo co to je... ten prvni mi zahlasil ze mebroot se nachazi na 2.disku... nevim presne jak to tam bylo... zavrela jsem to a nevim jestli to je nekde ulozene?
a ten druhej odkaz... ze to funguje jenom na W XP... ja mam Visty...

[motji]

Na druhím disku? Máte disk rozdělený na 2 části?
Prosím spustte program znovu a udělejte screen.

[Ivy]

Tak jsem to zkusila znovu a ted mi to vypsalo ze v mem systemu MBR neni. takze snad OK?

disk nemam rozdelen na 2 casti... jenom C.