Zavirované PC, přeměrovávání na zavirované stránky.

Zpráva

ViroBijec · #1 Příspěvek od **ViroBijec** » 06 pro 2010 09:00

Dobrý den, asi tam bude nějaký hajzlík.

Logfile of random's system information tool 1.08 (written by random/random)
Run by ADMIN at 2010-12-06 08:56:03
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (14%) free of 38 GB
Total RAM: 447 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:56:05, on 6.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\VTTimer.exe
C:\WINDOWS.0\system32\VTtrayp.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\WINDOWS.0\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\WINDOWS.0\system32\taskmgr.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Documents and Settings\ADMIN\Plocha\MIX\Programy\Sys-Programy\startuplist\StartupList.exe
C:\Documents and Settings\ADMIN.PC-8D650F7FBB56\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\RSIT.exe
C:\Program Files\trend micro\ADMIN.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS.0\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.0\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.0\system32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 3961 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2008-09-23 756840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-30 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-30 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=C:\WINDOWS.0\system32\VTTimer.exe [2006-09-14 53248]
"VTTrayp"=C:\WINDOWS.0\system32\VTtrayp.exe [2007-04-25 176128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS.0\system32\ctfmon.exe [2008-10-19 66560]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [2010-01-08 2002160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS.0\system32\ctfmon.exe [2008-10-19 66560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]
C:\Program Files\Vista Components\Vista Drive Icon\DrvIcon.exe [2007-07-04 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS.0\ehome\ehtray.exe [2005-08-05 64512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"McrdSvc"=3
"ehRecvr"=2
"ehSched"=2
"FontCache3.0.0.0"=3
"idsvc"=3
"MSIServer"=3
"mnmsrvc"=3
"CryptSvc"=2
"Browser"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS.0\system32\WgaLogon.dll [2008-09-24 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=C:\WINDOWS.0\system32\lsass.exe [2008-04-14 13312]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS.0\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS.0\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-12-06 07:56:02 ----D---- C:\Program Files\trend micro
2010-12-06 07:56:01 ----D---- C:\rsit
2010-12-04 13:50:18 ----AD---- C:\WINDOWS.0\VDLL.DLL
2010-12-04 13:50:17 ----AD---- C:\WINDOWS.0\system32\runouce.exe
2010-12-04 13:50:17 ----AD---- C:\WINDOWS.0\rundll16.exe
2010-12-04 13:50:17 ----AD---- C:\WINDOWS.0\RUNDL132.EXE
2010-12-04 13:50:17 ----AD---- C:\WINDOWS.0\logo1_.exe
2010-12-04 13:50:17 ----AD---- C:\WINDOWS.0\logo_1.exe
2010-12-04 13:44:50 ----D---- C:\Program Files\Common Files\MicroWorld
2010-12-04 13:32:58 ----N---- C:\WINDOWS.0\SchedLgU.Txt
2010-12-04 13:32:30 ----A---- C:\WINDOWS.0\system32\msvcr80.dll
2010-12-04 13:32:28 ----A---- C:\WINDOWS.0\system32\msvcp80.dll
2010-12-04 13:32:26 ----A---- C:\WINDOWS.0\system32\eEmpty.exe
2010-12-04 13:32:11 ----A---- C:\WINDOWS.0\system32\T.COM
2010-12-04 13:32:10 ----A---- C:\WINDOWS.0\system32\TASKMGR.COM
2010-12-04 13:32:10 ----A---- C:\WINDOWS.0\REGEDIT.COM
2010-12-04 13:32:10 ----A---- C:\WINDOWS.0\R.COM
2010-12-04 13:31:55 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\MicroWorld
2010-12-04 13:08:58 ----A---- C:\WINDOWS.0\isRS-000.tmp
2010-11-30 02:46:22 ----D---- C:\WINDOWS.0\Sun
2010-11-30 02:44:25 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Sun
2010-11-30 02:43:24 ----A---- C:\WINDOWS.0\system32\javaws.exe
2010-11-30 02:43:24 ----A---- C:\WINDOWS.0\system32\javaw.exe
2010-11-30 02:43:24 ----A---- C:\WINDOWS.0\system32\java.exe
2010-11-30 02:43:24 ----A---- C:\WINDOWS.0\system32\deployJava1.dll
2010-11-30 00:37:27 ----D---- C:\Documents and Settings\ADMIN.PC-8D650F7FBB56\Data aplikací\Malwarebytes
2010-11-30 00:37:20 ----A---- C:\WINDOWS.0\system32\drivers\mbamswissarmy.sys
2010-11-30 00:37:15 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Malwarebytes
2010-11-30 00:37:15 ----A---- C:\WINDOWS.0\system32\drivers\mbam.sys
2010-11-29 20:04:14 ----D---- C:\Documents and Settings\ADMIN.PC-8D650F7FBB56\Data aplikací\KC Softwares
2010-11-29 12:48:01 ----D---- C:\Documents and Settings\ADMIN.PC-8D650F7FBB56\Data aplikací\skypePM
2010-11-25 23:32:20 ----D---- C:\Documents and Settings\ADMIN.PC-8D650F7FBB56\Data aplikací\VitySoft
2010-11-25 23:29:33 ----D---- C:\c2d52d78b3b1ddce3883f3
2010-11-14 14:13:55 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Alwil Software
2010-11-13 17:32:38 ----D---- C:\Documents and Settings\ADMIN.PC-8D650F7FBB56\Data aplikací\Hoyle FaceCreator
2010-11-13 17:32:33 ----D---- C:\Documents and Settings\ADMIN.PC-8D650F7FBB56\Data aplikací\Hoyle
2010-11-13 17:30:27 ----A---- C:\WINDOWS.0\system32\D3DX9_37.dll
2010-11-13 17:25:51 ----D---- C:\Program Files\Encore
2010-11-12 22:36:02 ----A---- C:\WINDOWS.0\system32\drivers\USBSTOR.SYS
2010-11-12 20:56:12 ----D---- C:\Documents and Settings\ADMIN.PC-8D650F7FBB56\Data aplikací\vlc
2010-11-12 20:26:05 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\SUPERAntiSpyware.com
2010-11-12 20:26:05 ----D---- C:\Documents and Settings\ADMIN.PC-8D650F7FBB56\Data aplikací\SUPERAntiSpyware.com
2010-11-12 20:19:12 ----HD---- C:\WINDOWS.0\system32\GroupPolicy
2010-11-12 19:39:55 ----D---- C:\Documents and Settings\ADMIN.PC-8D650F7FBB56\Data aplikací\VoipDiscount
2010-11-12 19:08:12 ----RA---- C:\WINDOWS.0\system32\VModes.exe
2010-11-12 19:07:09 ----A---- C:\WINDOWS.0\system32\VTTrayp.exe
2010-11-12 19:07:09 ----A---- C:\WINDOWS.0\system32\VTTimer.exe
2010-11-12 19:07:09 ----A---- C:\WINDOWS.0\system32\VTovrlay.dll
2010-11-12 19:07:09 ----A---- C:\WINDOWS.0\system32\VTInfo2.dll
2010-11-12 19:07:09 ----A---- C:\WINDOWS.0\system32\vticd.dll
2010-11-12 19:07:09 ----A---- C:\WINDOWS.0\system32\VTGamma2.dll
2010-11-12 19:07:09 ----A---- C:\WINDOWS.0\system32\drivers\vtmini.sys
2010-11-12 19:07:08 ----A---- C:\WINDOWS.0\system32\VTDisply.dll
2010-11-12 19:07:08 ----A---- C:\WINDOWS.0\system32\vtdisp.dll
2010-11-12 18:25:02 ----D---- C:\WINDOWS.0\system32\ReinstallBackups
2010-11-12 17:18:01 ----A---- C:\WINDOWS.0\system32\XceedZip.dll
2010-11-12 17:17:59 ----D---- C:\Program Files\Driver-Soft
2010-11-12 17:04:47 ----D---- C:\Documents and Settings\ADMIN.PC-8D650F7FBB56\Data aplikací\Opera
2010-11-12 17:04:32 ----D---- C:\Program Files\Opera
2010-11-12 16:33:38 ----D---- C:\WINDOWS.0\pss
2010-11-12 15:31:22 ----A---- C:\WINDOWS.0\system32\TURegOpt.exe
2010-11-12 15:31:17 ----A---- C:\WINDOWS.0\system32\uxtuneup.dll
2010-11-12 15:30:31 ----D---- C:\Documents and Settings\ADMIN.PC-8D650F7FBB56\Data aplikací\TuneUp Software
2010-11-12 15:29:57 ----D---- C:\Program Files\TuneUp Utilities 2010
2010-11-12 15:29:38 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\TuneUp Software
2010-11-12 15:28:54 ----SHD---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-11-12 15:21:07 ----D---- C:\Documents and Settings\ADMIN.PC-8D650F7FBB56\Data aplikací\WinRAR
2010-11-12 15:07:14 ----D---- C:\Documents and Settings\ADMIN.PC-8D650F7FBB56\Data aplikací\Macromedia
2010-11-12 15:06:02 ----D---- C:\Documents and Settings\ADMIN.PC-8D650F7FBB56\Data aplikací\Mozilla
2010-11-12 15:05:52 ----D---- C:\Documents and Settings\ADMIN.PC-8D650F7FBB56\Data aplikací\Adobe
2010-11-12 15:02:48 ----D---- C:\Documents and Settings\ADMIN.PC-8D650F7FBB56\Data aplikací\Skype
2010-11-12 15:01:05 ----A---- C:\WINDOWS.0\system32\wmpns.dll
2010-11-12 15:01:02 ----D---- C:\Documents and Settings\ADMIN.PC-8D650F7FBB56\Data aplikací\Identities
2010-11-12 14:58:20 ----D---- C:\Documents and Settings\ADMIN.PC-8D650F7FBB56\Data aplikací\Notepad++
2010-11-12 14:58:11 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\NVIDIA Corporation
2010-11-12 14:57:57 ----A---- C:\WINDOWS.0\system32\MFC71.dll
2010-11-12 14:57:57 ----A---- C:\WINDOWS.0\system32\DSETUP.dll
2010-11-12 14:57:57 ----A---- C:\WINDOWS.0\system32\atl71.dll
2010-11-12 14:57:56 ----D---- C:\Program Files\NVIDIA Corporation
2010-11-12 14:57:56 ----A---- C:\WINDOWS.0\system32\drivers\pfc.sys
2010-11-12 14:57:56 ----A---- C:\WINDOWS.0\system32\drivers\nvport.sys
2010-11-12 14:57:56 ----A---- C:\WINDOWS.0\system32\DolbyHph.dll
2010-11-12 14:57:41 ----D---- C:\Program Files\Total Commander
2010-11-12 14:57:38 ----D---- C:\Program Files\VisualTaskTips
2010-11-12 14:57:16 ----A---- C:\WINDOWS.0\system32\rmoc3260.dll
2010-11-12 14:57:16 ----A---- C:\WINDOWS.0\system32\pndx5032.dll
2010-11-12 14:57:16 ----A---- C:\WINDOWS.0\system32\pndx5016.dll
2010-11-12 14:57:16 ----A---- C:\WINDOWS.0\system32\pncrt.dll
2010-11-12 14:57:15 ----A---- C:\WINDOWS.0\system32\unrar.dll
2010-11-12 14:57:14 ----A---- C:\WINDOWS.0\avisplitter.ini
2010-11-12 14:57:12 ----A---- C:\WINDOWS.0\system32\yv12vfw.dll
2010-11-12 14:57:12 ----A---- C:\WINDOWS.0\system32\xvidvfw.dll
2010-11-12 14:57:12 ----A---- C:\WINDOWS.0\system32\xvidcore.dll
2010-11-12 14:57:11 ----A---- C:\WINDOWS.0\system32\qt-dx331.dll
2010-11-12 14:57:11 ----A---- C:\WINDOWS.0\system32\dpl100.dll
2010-11-12 14:57:11 ----A---- C:\WINDOWS.0\system32\divx.dll
2010-11-12 14:57:10 ----A---- C:\WINDOWS.0\system32\ff_vfw.dll.manifest
2010-11-12 14:57:10 ----A---- C:\WINDOWS.0\system32\ff_vfw.dll
2010-11-12 14:57:09 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Real
2010-11-12 14:57:09 ----D---- C:\Documents and Settings\ADMIN.PC-8D650F7FBB56\Data aplikací\Real
2010-11-12 14:57:09 ----A---- C:\WINDOWS.0\system32\msvcr71.dll
2010-11-12 14:57:09 ----A---- C:\WINDOWS.0\system32\msvcp71.dll
2010-11-12 14:55:04 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Adobe
2010-11-12 14:53:10 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Google
2010-11-12 14:53:08 ----D---- C:\Program Files\QIP
2010-11-12 14:53:01 ----D---- C:\Program Files\Google
2010-11-12 14:52:30 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Skype
2010-11-12 14:51:20 ----D---- C:\Program Files\IEPro
2010-11-12 14:50:42 ----N---- C:\WINDOWS.0\system32\spmsg2.dll
2010-11-12 14:50:37 ----HDC---- C:\WINDOWS.0\$NtUninstallXPSEPSCLP$
2010-11-12 14:48:24 ----D---- C:\WINDOWS.0\system32\XPSViewer
2010-11-12 14:48:21 ----D---- C:\Program Files\MSBuild
2010-11-12 14:48:20 ----D---- C:\WINDOWS.0\system32\en-US
2010-11-12 14:47:31 ----N---- C:\WINDOWS.0\system32\xpssvcs.dll
2010-11-12 14:47:31 ----N---- C:\WINDOWS.0\system32\xpsshhdr.dll
2010-11-12 14:47:31 ----N---- C:\WINDOWS.0\system32\prntvpt.dll
2010-11-12 14:47:30 ----D---- C:\a7df356ddad3a0cec6e67fd8ee5b5624
2010-11-12 14:45:42 ----A---- C:\WINDOWS.0\system32\h323log.txt
2010-11-12 14:45:07 ----A---- C:\WINDOWS.0\system32\drivers\NABTSFEC.sys
2010-11-12 14:45:06 ----A---- C:\WINDOWS.0\system32\drivers\splitter.sys
2010-11-12 14:45:04 ----A---- C:\WINDOWS.0\system32\drivers\aec.sys
2010-11-12 14:45:02 ----A---- C:\WINDOWS.0\system32\drivers\NdisIP.sys
2010-11-12 14:45:00 ----A---- C:\WINDOWS.0\system32\drivers\CCDECODE.sys
2010-11-12 14:44:58 ----A---- C:\WINDOWS.0\system32\drivers\swmidi.sys
2010-11-12 14:44:57 ----A---- C:\WINDOWS.0\system32\drivers\WSTCODEC.SYS
2010-11-12 14:44:55 ----A---- C:\WINDOWS.0\system32\drivers\DMusic.sys
2010-11-12 14:44:53 ----A---- C:\WINDOWS.0\system32\drivers\MSKSSRV.sys
2010-11-12 14:44:51 ----A---- C:\WINDOWS.0\system32\drivers\MSPCLOCK.sys
2010-11-12 14:44:50 ----A---- C:\WINDOWS.0\system32\drivers\drmkaud.sys
2010-11-12 14:44:48 ----A---- C:\WINDOWS.0\system32\drivers\MSPQM.sys
2010-11-12 14:44:47 ----A---- C:\WINDOWS.0\system32\drivers\sysaudio.sys
2010-11-12 14:44:45 ----A---- C:\WINDOWS.0\system32\drivers\StreamIP.sys
2010-11-12 14:44:43 ----A---- C:\WINDOWS.0\system32\drivers\wdmaud.sys
2010-11-12 14:44:42 ----A---- C:\WINDOWS.0\system32\drivers\kmixer.sys
2010-11-12 14:44:40 ----A---- C:\WINDOWS.0\system32\drivers\SLIP.sys
2010-11-12 14:44:07 ----A---- C:\WINDOWS.0\system32\vfwwdm32.dll
2010-11-12 14:44:04 ----A---- C:\WINDOWS.0\system32\LVUI2RC.dll
2010-11-12 14:44:04 ----A---- C:\WINDOWS.0\system32\LVUI2.dll
2010-11-12 14:44:03 ----A---- C:\WINDOWS.0\system32\LVCodec2.dll
2010-11-12 14:44:02 ----A---- C:\WINDOWS.0\system32\ksuser.dll
2010-11-12 14:44:02 ----A---- C:\WINDOWS.0\system32\drivers\USBAUDIO.sys
2010-11-12 14:44:02 ----A---- C:\WINDOWS.0\system32\drivers\portcls.sys
2010-11-12 14:44:01 ----A---- C:\WINDOWS.0\system32\drivers\drmk.sys
2010-11-12 14:43:42 ----A---- C:\WINDOWS.0\system32\drivers\redbook.sys
2010-11-12 14:42:42 ----A---- C:\WINDOWS.0\system32\drivers\enum1394.sys
2010-11-12 14:42:38 ----A---- C:\WINDOWS.0\system32\drivers\fetnd5.sys
2010-11-12 14:42:35 ----A---- C:\WINDOWS.0\system32\usbui.dll
2010-11-12 14:42:26 ----A---- C:\WINDOWS.0\system32\drivers\GAGP30KX.SYS
2010-11-12 14:42:14 ----D---- C:\Documents and Settings\ADMIN.PC-8D650F7FBB56\Data aplikací\Sun
2010-11-12 14:38:17 ----SHD---- C:\WINDOWS.0\Installer
2010-11-12 14:38:17 ----A---- C:\WINDOWS.0\system32\PerfStringBackup.INI
2010-11-12 14:38:16 ----A---- C:\WINDOWS.0\ODBCINST.INI
2010-11-12 14:38:01 ----RA---- C:\WINDOWS.0\system32\kbdtuq.dll
2010-11-12 14:38:01 ----RA---- C:\WINDOWS.0\system32\kbdazel.dll
2010-11-12 14:38:00 ----RA---- C:\WINDOWS.0\system32\kbdtuf.dll
2010-11-12 14:37:58 ----RA---- C:\WINDOWS.0\system32\kbdkyr.dll
2010-11-12 14:37:57 ----RA---- C:\WINDOWS.0\system32\kbdycc.dll
2010-11-12 14:37:57 ----RA---- C:\WINDOWS.0\system32\kbduzb.dll
2010-11-12 14:37:57 ----RA---- C:\WINDOWS.0\system32\kbdur.dll
2010-11-12 14:37:57 ----RA---- C:\WINDOWS.0\system32\kbdtat.dll
2010-11-12 14:37:57 ----RA---- C:\WINDOWS.0\system32\kbdru1.dll
2010-11-12 14:37:57 ----RA---- C:\WINDOWS.0\system32\kbdmon.dll
2010-11-12 14:37:57 ----RA---- C:\WINDOWS.0\system32\kbdkaz.dll
2010-11-12 14:37:57 ----RA---- C:\WINDOWS.0\system32\kbdaze.dll
2010-11-12 14:37:56 ----RA---- C:\WINDOWS.0\system32\kbdru.dll
2010-11-12 14:37:56 ----RA---- C:\WINDOWS.0\system32\kbdbu.dll
2010-11-12 14:37:56 ----RA---- C:\WINDOWS.0\system32\kbdblr.dll
2010-11-12 14:37:53 ----RA---- C:\WINDOWS.0\system32\kbdhept.dll
2010-11-12 14:37:53 ----RA---- C:\WINDOWS.0\system32\kbdhela3.dll
2010-11-12 14:37:53 ----RA---- C:\WINDOWS.0\system32\kbdhela2.dll
2010-11-12 14:37:53 ----RA---- C:\WINDOWS.0\system32\kbdhe319.dll
2010-11-12 14:37:53 ----RA---- C:\WINDOWS.0\system32\kbdhe220.dll
2010-11-12 14:37:53 ----RA---- C:\WINDOWS.0\system32\kbdhe.dll
2010-11-12 14:37:53 ----RA---- C:\WINDOWS.0\system32\kbdgkl.dll
2010-11-12 14:37:50 ----RA---- C:\WINDOWS.0\system32\kbdlv1.dll
2010-11-12 14:37:50 ----RA---- C:\WINDOWS.0\system32\kbdlv.dll
2010-11-12 14:37:50 ----RA---- C:\WINDOWS.0\system32\kbdlt1.dll
2010-11-12 14:37:50 ----RA---- C:\WINDOWS.0\system32\kbdlt.dll
2010-11-12 14:37:50 ----RA---- C:\WINDOWS.0\system32\kbdest.dll
2010-11-12 14:37:38 ----RA---- C:\WINDOWS.0\system32\kbdsl1.dll
2010-11-12 14:37:37 ----RA---- C:\WINDOWS.0\system32\kbdycl.dll
2010-11-12 14:37:37 ----RA---- C:\WINDOWS.0\system32\kbdsl.dll
2010-11-12 14:37:37 ----RA---- C:\WINDOWS.0\system32\kbdro.dll
2010-11-12 14:37:37 ----RA---- C:\WINDOWS.0\system32\kbdpl1.dll
2010-11-12 14:37:37 ----RA---- C:\WINDOWS.0\system32\kbdpl.dll
2010-11-12 14:37:37 ----RA---- C:\WINDOWS.0\system32\kbdhu1.dll
2010-11-12 14:37:37 ----RA---- C:\WINDOWS.0\system32\kbdhu.dll
2010-11-12 14:37:37 ----RA---- C:\WINDOWS.0\system32\kbdcr.dll
2010-11-12 14:37:37 ----RA---- C:\WINDOWS.0\system32\KBDAL.DLL
2010-11-12 14:37:33 ----A---- C:\WINDOWS.0\system32\spxcoins.dll
2010-11-12 14:37:33 ----A---- C:\WINDOWS.0\system32\irclass.dll
2010-11-12 14:37:33 ----A---- C:\WINDOWS.0\system32\EqnClass.Dll
2010-11-12 14:37:33 ----A---- C:\WINDOWS.0\system32\dgsetup.dll
2010-11-12 14:37:33 ----A---- C:\WINDOWS.0\system32\dgrpsetu.dll
2010-11-12 14:37:29 ----N---- C:\WINDOWS.0\system32\CONFIG.TMP
2010-11-12 14:37:29 ----A---- C:\WINDOWS.0\TASKMAN.EXE
2010-11-12 14:37:28 ----A---- C:\WINDOWS.0\system32\drivers\irenum.sys
2010-11-12 14:37:28 ----A---- C:\WINDOWS.0\system32\batt.dll
2010-11-12 14:37:27 ----A---- C:\WINDOWS.0\system32\storprop.dll
2010-11-12 14:37:17 ----ASH---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\desktop.ini
2010-11-12 14:37:08 ----RA---- C:\WINDOWS.0\SET8.tmp
2010-11-12 14:37:05 ----RA---- C:\WINDOWS.0\SET4.tmp
2010-11-12 14:37:03 ----RA---- C:\WINDOWS.0\SET3.tmp
2010-11-12 14:36:57 ----D---- C:\WINDOWS.0\system32\CatRoot2
2010-11-12 14:36:57 ----D---- C:\WINDOWS.0\system32\CatRoot
2010-11-12 14:36:51 ----SD---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Microsoft
2010-11-12 14:28:33 ----A---- C:\WINDOWS.0\system32\drivers\audstub.sys
2010-11-12 14:27:44 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Windows Genuine Advantage
2010-11-12 14:27:27 ----ASH---- C:\Documents and Settings\ADMIN.PC-8D650F7FBB56\Data aplikací\desktop.ini
2010-11-12 14:27:26 ----SD---- C:\Documents and Settings\ADMIN.PC-8D650F7FBB56\Data aplikací\Microsoft
2010-11-12 14:25:54 ----A---- C:\WINDOWS.0\system32\drivers\LVUSBSta.sys
2010-11-12 14:25:53 ----A---- C:\WINDOWS.0\system32\drivers\LV302AV.SYS
2010-11-12 14:25:53 ----A---- C:\WINDOWS.0\system32\drivers\lv302af.sys
2010-11-12 14:25:49 ----A---- C:\WINDOWS.0\system32\lvcoinst.dll
2010-11-12 14:25:30 ----A---- C:\WINDOWS.0\system32\lvcoinst.ini
2010-11-12 14:25:04 ----D---- C:\WINDOWS.0\system32\SoftwareDistribution
2010-11-12 14:23:26 ----D---- C:\WINDOWS.0\IIS Temporary Compressed Files
2010-11-12 14:22:40 ----D---- C:\WINDOWS.0\Prefetch
2010-11-12 14:22:16 ----A---- C:\WINDOWS.0\system32\drivers\point32.sys
2010-11-12 14:22:16 ----A---- C:\WINDOWS.0\system32\drivers\L8042Kbd.sys
2010-11-12 14:16:18 ----D---- C:\WINDOWS.0\system32\xircom
2010-11-12 14:15:34 ----D---- C:\Program Files\Microsoft Games
2010-11-12 14:15:02 ----D---- C:\Program Files\Vista Components
2010-11-12 14:14:23 ----D---- C:\Program Files\Alky for Applications
2010-11-12 14:12:00 ----D---- C:\WINDOWS.0\system32\URTTemp
2010-11-12 14:11:52 ----RSD---- C:\WINDOWS.0\assembly
2010-11-12 14:11:14 ----D---- C:\Program Files\Microsoft Silverlight
2010-11-12 14:10:30 ----D---- C:\WINDOWS.0\system32\PreInstall
2010-11-12 14:10:29 ----HD---- C:\WINDOWS.0\$hf_mig$
2010-11-12 14:10:09 ----N---- C:\WINDOWS.0\system32\spmsg.dll
2010-11-12 14:10:09 ----A---- C:\WINDOWS.0\system32\spupdsvc.exe
2010-11-12 14:09:53 ----N---- C:\AUTOEXEC.BAT
2010-11-12 14:09:53 ----A---- C:\WINDOWS.0\control.ini
2010-11-12 14:09:24 ----A---- C:\WINDOWS.0\system32\mapi32.dll
2010-11-12 14:09:13 ----SD---- C:\WINDOWS.0\Downloaded Program Files
2010-11-12 14:09:13 ----RSHDC---- C:\WINDOWS.0\system32\dllcache
2010-11-12 14:09:13 ----RSD---- C:\WINDOWS.0\Fonts
2010-11-12 14:09:13 ----RD---- C:\WINDOWS.0\Web
2010-11-12 14:09:13 ----HD---- C:\WINDOWS.0\inf
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\WinSxS
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\WBEM
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\twain_32
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\Temp
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\wins
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\wbem
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\usmt
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\spool
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\ShellExt
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\Setup
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\ras
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\oobe
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\npp
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\mui
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\inetsrv
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\IME
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\icsxml
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\ias
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\export
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\drivers\UMDF
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\drivers\etc
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\drivers\disdn
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\drivers
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\dhcp
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\cs-cz
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\cs
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\config
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\3com_dmi
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\3076
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\2052
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\1054
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\1042
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\1041
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\1037
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\1033
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\1031
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\1029
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\1028
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32\1025
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system32
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\system
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\SoftwareDistribution
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\security
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\Resources
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\repair
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\Provisioning
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\pchealth
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\PeerNet
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\Offline Web Pages
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\Network Diagnostic
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\mui
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\msapps
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\msagent
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\Media
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\L2Schemas
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\java
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\ime
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\Help
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\ehome
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\Driver Cache
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\Debug
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\Cursors
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\Connection Wizard
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\Config
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\AppPatch
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0\addins
2010-11-12 14:09:13 ----D---- C:\WINDOWS.0
2010-11-12 14:09:13 ----ASH---- C:\pagefile.sys
2010-11-12 14:07:24 ----RAH---- C:\WINDOWS.0\system32\logonui.exe.manifest
2010-11-12 14:07:17 ----RAH---- C:\WINDOWS.0\system32\cdplayer.exe.manifest
2010-11-12 14:07:01 ----D---- C:\Program Files\Online Services
2010-11-12 14:06:20 ----D---- C:\WINDOWS.0\system32\DirectX
2010-11-12 14:06:07 ----A---- C:\WINDOWS.0\system32\atrace.dll
2010-11-12 14:06:04 ----A---- C:\WINDOWS.0\system32\desktop.ini
2010-11-12 14:06:03 ----A---- C:\WINDOWS.0\desktop.ini
2010-11-12 14:05:52 ----A---- C:\WINDOWS.0\system32\nmevtmsg.dll
2010-11-12 14:05:50 ----A---- C:\WINDOWS.0\system32\acctres.dll
2010-11-12 14:05:42 ----SD---- C:\WINDOWS.0\Tasks
2010-11-12 14:05:42 ----A---- C:\WINDOWS.0\system32\icfgnt5.dll
2010-11-12 14:05:33 ----D---- C:\WINDOWS.0\srchasst
2010-11-12 14:05:32 ----D---- C:\WINDOWS.0\system32\Macromed
2010-11-12 14:05:30 ----A---- C:\WINDOWS.0\system32\wuweb.dll
2010-11-12 14:05:29 ----A---- C:\WINDOWS.0\system32\wups.dll
2010-11-12 14:05:29 ----A---- C:\WINDOWS.0\system32\wucltui.dll
2010-11-12 14:05:29 ----A---- C:\WINDOWS.0\system32\wuauserv.dll
2010-11-12 14:05:29 ----A---- C:\WINDOWS.0\system32\wuaueng1.dll
2010-11-12 14:05:29 ----A---- C:\WINDOWS.0\system32\wuaueng.dll
2010-11-12 14:05:28 ----A---- C:\WINDOWS.0\system32\wuauclt1.exe
2010-11-12 14:05:28 ----A---- C:\WINDOWS.0\system32\wuauclt.exe
2010-11-12 14:05:28 ----A---- C:\WINDOWS.0\system32\wuapi.dll
2010-11-12 14:05:28 ----A---- C:\WINDOWS.0\system32\bitsprx4.dll
2010-11-12 14:05:28 ----A---- C:\WINDOWS.0\system32\bitsprx3.dll
2010-11-12 14:05:27 ----A---- C:\WINDOWS.0\system32\qmgrprxy.dll
2010-11-12 14:05:27 ----A---- C:\WINDOWS.0\system32\qmgr.dll
2010-11-12 14:05:27 ----A---- C:\WINDOWS.0\system32\bitsprx2.dll
2010-11-12 14:04:44 ----A---- C:\WINDOWS.0\system32\safrslv.dll
2010-11-12 14:04:44 ----A---- C:\WINDOWS.0\system32\safrdm.dll
2010-11-12 14:04:44 ----A---- C:\WINDOWS.0\system32\safrcdlg.dll
2010-11-12 14:04:44 ----A---- C:\WINDOWS.0\system32\racpldlg.dll
2010-11-12 14:04:39 ----A---- C:\WINDOWS.0\system32\fltMc.exe
2010-11-12 14:04:39 ----A---- C:\WINDOWS.0\system32\fltlib.dll
2010-11-12 14:04:39 ----A---- C:\WINDOWS.0\system32\drivers\fltMgr.sys
2010-11-12 14:04:38 ----D---- C:\WINDOWS.0\system32\Restore
2010-11-12 14:04:38 ----A---- C:\WINDOWS.0\system32\srsvc.dll
2010-11-12 14:04:38 ----A---- C:\WINDOWS.0\system32\srrstr.dll
2010-11-12 14:04:38 ----A---- C:\WINDOWS.0\system32\srclient.dll
2010-11-12 14:04:38 ----A---- C:\WINDOWS.0\system32\drivers\sr.sys
2010-11-12 14:04:37 ----A---- C:\WINDOWS.0\system32\isrdbg32.dll
2010-11-12 14:04:37 ----A---- C:\WINDOWS.0\system32\ils.dll
2010-11-12 14:04:36 ----A---- C:\WINDOWS.0\system32\nmmkcert.dll
2010-11-12 14:04:36 ----A---- C:\WINDOWS.0\system32\mnmsrvc.exe
2010-11-12 14:04:36 ----A---- C:\WINDOWS.0\system32\mnmdd.dll
2010-11-12 14:04:35 ----A---- C:\WINDOWS.0\system32\msconf.dll
2010-11-12 14:04:30 ----A---- C:\WINDOWS.0\system32\msoert2.dll
2010-11-12 14:04:30 ----A---- C:\WINDOWS.0\system32\msoeacct.dll
2010-11-12 14:04:28 ----A---- C:\WINDOWS.0\system32\inetres.dll
2010-11-12 14:04:27 ----A---- C:\WINDOWS.0\system32\inetcomm.dll
2010-11-12 14:04:25 ----A---- C:\WINDOWS.0\system32\schedsvc.dll
2010-11-12 14:04:25 ----A---- C:\WINDOWS.0\system32\mstinit.exe
2010-11-12 14:04:24 ----A---- C:\WINDOWS.0\system32\mstask.dll
2010-11-12 14:04:23 ----A---- C:\WINDOWS.0\system32\isign32.dll
2010-11-12 14:04:23 ----A---- C:\WINDOWS.0\system32\inetcfg.dll
2010-11-12 14:04:23 ----A---- C:\WINDOWS.0\system32\icwphbk.dll
2010-11-12 14:04:23 ----A---- C:\WINDOWS.0\system32\icwdial.dll
2010-11-12 14:02:51 ----D---- C:\Program Files\ComPlus Applications
2010-11-12 14:02:49 ----A---- C:\WINDOWS.0\vbaddin.ini
2010-11-12 14:02:49 ----A---- C:\WINDOWS.0\vb.ini
2010-11-12 14:02:42 ----D---- C:\WINDOWS.0\Registration
2010-11-12 14:02:31 ----SD---- C:\WINDOWS.0\system32\Microsoft
2010-11-12 14:02:30 ----D---- C:\WINDOWS.0\system32\Cache
2010-11-12 13:59:20 ----D---- C:\Program Files\VistaExperience.org
2010-11-12 13:56:53 ----D---- C:\Program Files\Windows Sidebar
2010-11-12 13:56:04 ----D---- C:\Program Files\Windows Plus
2010-11-12 13:55:48 ----A---- C:\WINDOWS.0\system32\drivers\pxhelp20.sys
2010-11-12 13:55:38 ----D---- C:\Program Files\Windows Media Connect 2
2010-11-12 13:54:34 ----D---- C:\WINDOWS.0\Microsoft.NET
2010-11-12 13:54:25 ----A---- C:\WINDOWS.0\system32\drivers\mhndrv.sys
2010-11-12 13:53:41 ----A---- C:\WINDOWS.0\system32\mhn.dll
2010-11-12 13:53:41 ----A---- C:\WINDOWS.0\system32\igdetect.dll
2010-11-12 13:52:27 ----D---- C:\Program Files\Messenger
2010-11-12 13:52:23 ----A---- C:\WINDOWS.0\system32\w3svapi.dll
2010-11-12 13:52:23 ----A---- C:\WINDOWS.0\system32\w3ctrs.ini
2010-11-12 13:52:23 ----A---- C:\WINDOWS.0\system32\w3ctrs.dll
2010-11-12 13:52:23 ----A---- C:\WINDOWS.0\system32\axperf.ini
2010-11-12 13:52:23 ----A---- C:\WINDOWS.0\system32\aspperf.dll
2010-11-12 13:52:22 ----A---- C:\WINDOWS.0\system32\iisrstap.dll
2010-11-12 13:52:22 ----A---- C:\WINDOWS.0\system32\iisreset.exe
2010-11-12 13:52:22 ----A---- C:\WINDOWS.0\system32\ftpsapi2.dll
2010-11-12 13:52:21 ----A---- C:\WINDOWS.0\system32\wamregps.dll
2010-11-12 13:52:21 ----A---- C:\WINDOWS.0\system32\infoctrs.ini
2010-11-12 13:52:21 ----A---- C:\WINDOWS.0\system32\infoctrs.dll
2010-11-12 13:52:21 ----A---- C:\WINDOWS.0\system32\inetsloc.dll
2010-11-12 13:52:21 ----A---- C:\WINDOWS.0\system32\iismui.dll
2010-11-12 13:52:21 ----A---- C:\WINDOWS.0\system32\convlog.exe
2010-11-12 13:52:21 ----A---- C:\WINDOWS.0\system32\admxprox.dll
2010-11-12 13:52:15 ----A---- C:\WINDOWS.0\system32\write.exe
2010-11-12 13:51:46 ----A---- C:\WINDOWS.0\system32\sndvol32.exe
2010-11-12 13:51:46 ----A---- C:\WINDOWS.0\system32\hticons.dll
2010-11-12 13:51:45 ----A---- C:\WINDOWS.0\system32\avwav.dll
2010-11-12 13:51:45 ----A---- C:\WINDOWS.0\system32\avtapi.dll
2010-11-12 13:51:45 ----A---- C:\WINDOWS.0\system32\avmeter.dll
2010-11-12 13:51:44 ----A---- C:\WINDOWS.0\system32\winchat.exe
2010-11-12 13:51:27 ----A---- C:\WINDOWS.0\system32\charmap.exe
2010-11-12 13:51:27 ----A---- C:\WINDOWS.0\system32\getuname.dll
2010-11-12 13:51:26 ----A---- C:\WINDOWS.0\system32\sol.exe
2010-11-12 13:51:25 ----A---- C:\WINDOWS.0\system32\winmine.exe
2010-11-12 13:51:25 ----A---- C:\WINDOWS.0\system32\mshearts.exe
2010-11-12 13:51:24 ----A---- C:\WINDOWS.0\system32\usrlogon.cmd
2010-11-12 13:51:24 ----A---- C:\WINDOWS.0\system32\tskill.exe
2010-11-12 13:51:24 ----A---- C:\WINDOWS.0\system32\reset.exe
2010-11-12 13:51:24 ----A---- C:\WINDOWS.0\system32\freecell.exe
2010-11-12 13:51:23 ----A---- C:\WINDOWS.0\system32\tsshutdn.exe
2010-11-12 13:51:23 ----A---- C:\WINDOWS.0\system32\tslabels.ini
2010-11-12 13:51:23 ----A---- C:\WINDOWS.0\system32\tsdiscon.exe
2010-11-12 13:51:23 ----A---- C:\WINDOWS.0\system32\tscon.exe
2010-11-12 13:51:23 ----A---- C:\WINDOWS.0\system32\shadow.exe
2010-11-12 13:51:23 ----A---- C:\WINDOWS.0\system32\rwinsta.exe
2010-11-12 13:51:22 ----A---- C:\WINDOWS.0\system32\regini.exe
2010-11-12 13:51:22 ----A---- C:\WINDOWS.0\system32\rdpcfgex.dll
2010-11-12 13:51:22 ----A---- C:\WINDOWS.0\system32\qwinsta.exe
2010-11-12 13:51:22 ----A---- C:\WINDOWS.0\system32\qappsrv.exe
2010-11-12 13:51:22 ----A---- C:\WINDOWS.0\system32\msg.exe
2010-11-12 13:51:21 ----A---- C:\WINDOWS.0\system32\msdtcprf.ini
2010-11-12 13:51:21 ----A---- C:\WINDOWS.0\system32\logoff.exe
2010-11-12 13:51:21 ----A---- C:\WINDOWS.0\system32\cdmodem.dll
2010-11-12 13:51:08 ----A---- C:\WINDOWS.0\system32\wmimgmt.msc
2010-11-12 13:51:06 ----A---- C:\WINDOWS.0\system32\smtpapi.dll
2010-11-12 13:51:05 ----A---- C:\WINDOWS.0\system32\rwnh.dll
2010-11-12 13:51:05 ----A---- C:\WINDOWS.0\system32\iisext.dll
2010-11-12 13:51:05 ----A---- C:\WINDOWS.0\system32\adsiis.dll
2010-11-12 13:51:04 ----A---- C:\WINDOWS.0\system32\infoadmn.dll
2010-11-12 13:51:04 ----A---- C:\WINDOWS.0\system32\iisRtl.dll
2010-11-12 13:51:04 ----A---- C:\WINDOWS.0\system32\iismap.dll
2010-11-12 13:51:04 ----A---- C:\WINDOWS.0\system32\exstrace.dll
2010-11-12 13:51:04 ----A---- C:\WINDOWS.0\system32\admwprox.dll
2010-11-12 13:51:02 ----A---- C:\WINDOWS.0\system32\staxmem.dll
2010-11-12 13:51:00 ----A---- C:\WINDOWS.0\system32\sndrec32.exe
2010-11-12 13:51:00 ----A---- C:\WINDOWS.0\system32\mplay32.exe
2010-11-12 13:51:00 ----A---- C:\WINDOWS.0\system32\hypertrm.dll
2010-11-12 13:51:00 ----A---- C:\WINDOWS.0\system32\accwiz.exe
2010-11-12 13:50:58 ----A---- C:\WINDOWS.0\system32\spider.exe
2010-11-12 13:50:58 ----A---- C:\WINDOWS.0\system32\clipbrd.exe
2010-11-12 13:50:57 ----A---- C:\WINDOWS.0\system32\drivers\tdtcp.sys
2010-11-12 13:50:57 ----A---- C:\WINDOWS.0\system32\drivers\tdpipe.sys
2010-11-12 13:50:56 ----A---- C:\WINDOWS.0\system32\tsgqec.dll
2010-11-12 13:50:56 ----A---- C:\WINDOWS.0\system32\tscfgwmi.dll
2010-11-12 13:50:56 ----A---- C:\WINDOWS.0\system32\rhttpaa.dll
2010-11-12 13:50:56 ----A---- C:\WINDOWS.0\system32\drivers\rdpwd.sys
2010-11-12 13:50:56 ----A---- C:\WINDOWS.0\system32\aaclient.dll
2010-11-12 13:50:55 ----A---- C:\WINDOWS.0\system32\mstscax.dll
2010-11-12 13:50:55 ----A---- C:\WINDOWS.0\system32\mstsc.exe
2010-11-12 13:50:54 ----A---- C:\WINDOWS.0\system32\sessmgr.exe
2010-11-12 13:50:54 ----A---- C:\WINDOWS.0\system32\remotepg.dll
2010-11-12 13:50:54 ----A---- C:\WINDOWS.0\system32\rdshost.exe
2010-11-12 13:50:54 ----A---- C:\WINDOWS.0\system32\rdsaddin.exe
2010-11-12 13:50:54 ----A---- C:\WINDOWS.0\system32\rdchost.dll
2010-11-12 13:50:53 ----A---- C:\WINDOWS.0\system32\termsrv.dll
2010-11-12 13:50:53 ----A---- C:\WINDOWS.0\system32\rdpwsx.dll
2010-11-12 13:50:53 ----A---- C:\WINDOWS.0\system32\rdpsnd.dll
2010-11-12 13:50:53 ----A---- C:\WINDOWS.0\system32\rdpclip.exe
2010-11-12 13:50:53 ----A---- C:\WINDOWS.0\system32\qprocess.exe
2010-11-12 13:50:53 ----A---- C:\WINDOWS.0\system32\icaapi.dll
2010-11-12 13:50:52 ----D---- C:\WINDOWS.0\system32\MsDtc
2010-11-12 13:50:52 ----A---- C:\WINDOWS.0\system32\mtxoci.dll
2010-11-12 13:50:52 ----A---- C:\WINDOWS.0\system32\msdtcuiu.dll
2010-11-12 13:50:52 ----A---- C:\WINDOWS.0\system32\msdtcprx.dll
2010-11-12 13:50:52 ----A---- C:\WINDOWS.0\system32\cfgbkend.dll
2010-11-12 13:50:51 ----A---- C:\WINDOWS.0\system32\xolehlp.dll
2010-11-12 13:50:51 ----A---- C:\WINDOWS.0\system32\msdtctm.dll
2010-11-12 13:50:51 ----A---- C:\WINDOWS.0\system32\msdtclog.dll
2010-11-12 13:50:51 ----A---- C:\WINDOWS.0\system32\msdtc.exe
2010-11-12 13:50:50 ----A---- C:\WINDOWS.0\system32\mtxlegih.dll
2010-11-12 13:50:50 ----A---- C:\WINDOWS.0\system32\mtxex.dll
2010-11-12 13:50:50 ----A---- C:\WINDOWS.0\system32\dcomcnfg.exe
2010-11-12 13:50:49 ----D---- C:\WINDOWS.0\system32\Com
2010-11-12 13:50:49 ----A---- C:\WINDOWS.0\system32\stclient.dll
2010-11-12 13:50:49 ----A---- C:\WINDOWS.0\system32\mtxdm.dll
2010-11-12 13:50:49 ----A---- C:\WINDOWS.0\system32\comrepl.dll
2010-11-12 13:50:49 ----A---- C:\WINDOWS.0\system32\comaddin.dll
2010-11-12 13:50:49 ----A---- C:\WINDOWS.0\system32\colbact.dll
2010-11-12 13:50:48 ----A---- C:\WINDOWS.0\system32\comsvcs.dll
2010-11-12 13:50:48 ----A---- C:\WINDOWS.0\system32\clbcatex.dll
2010-11-12 13:50:48 ----A---- C:\WINDOWS.0\system32\catsrvut.dll
2010-11-12 13:50:48 ----A---- C:\WINDOWS.0\system32\catsrvps.dll
2010-11-12 13:50:48 ----A---- C:\WINDOWS.0\system32\catsrv.dll
2010-11-12 13:50:47 ----A---- C:\WINDOWS.0\system32\comuid.dll
2010-11-12 13:50:47 ----A---- C:\WINDOWS.0\system32\comsnap.dll
2010-11-12 13:50:47 ----A---- C:\WINDOWS.0\system32\clbcatq.dll
2010-11-12 13:50:36 ----A---- C:\WINDOWS.0\system32\servdeps.dll
2010-11-12 13:50:36 ----A---- C:\WINDOWS.0\system32\mmfutil.dll
2010-11-12 13:50:36 ----A---- C:\WINDOWS.0\system32\licwmi.dll
2010-11-12 13:50:36 ----A---- C:\WINDOWS.0\system32\cmprops.dll
2010-11-12 13:50:33 ----A---- C:\WINDOWS.0\system32\drivers\termdd.sys
2010-11-12 13:50:33 ----A---- C:\WINDOWS.0\system32\drivers\rdpdr.sys
2010-11-12 13:50:30 ----D---- C:\WINDOWS.0\system32\Logfiles
2010-11-12 13:50:30 ----D---- C:\Inetpub

======List of files/folders modified in the last 1 months======

2010-12-06 07:56:02 ----RD---- C:\Program Files
2010-12-06 07:50:49 ----D---- C:\Program Files\SpeedFan
2010-12-06 07:25:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-04 13:44:50 ----D---- C:\Program Files\Common Files
2010-12-03 09:20:39 ----SHD---- C:\System Volume Information
2010-12-02 19:20:28 ----D---- C:\Program Files\Mozilla Firefox
2010-11-30 16:08:08 ----D---- C:\Program Files\Top Password
2010-11-30 02:14:37 ----D---- C:\QIP Infium JadrisPack
2010-11-30 02:14:37 ----D---- C:\Program Files\Moon Phase Calculator
2010-11-30 02:14:36 ----D---- C:\Program Files\Vegas Strip
2010-11-30 02:14:36 ----D---- C:\Program Files\Super Fast Shutdown
2010-11-30 02:14:36 ----D---- C:\Program Files\Prism Casino
2010-11-30 02:14:36 ----D---- C:\Program Files\Invisible Secrets 4
2010-11-30 02:14:36 ----D---- C:\Program Files\Common Files\eBay
2010-11-12 20:48:27 ----D---- C:\Documents and Settings
2010-11-12 20:21:07 ----D---- C:\Program Files\CCleaner
2010-11-12 20:00:02 ----D---- C:\Program Files\Notepad++
2010-11-12 18:29:15 ----D---- C:\Program Files\Common Files\LogiShrd
2010-11-12 16:36:05 ----SH---- C:\boot.ini
2010-11-12 16:36:05 ----A---- C:\WINDOWS.0\win.ini
2010-11-12 16:36:05 ----A---- C:\WINDOWS.0\system.ini
2010-11-12 15:21:50 ----SHD---- C:\RECYCLER
2010-11-12 14:57:56 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-12 14:57:26 ----D---- C:\Program Files\K-Lite Codec Pack
2010-11-12 14:56:21 ----D---- C:\Program Files\IrfanView
2010-11-12 14:52:56 ----RD---- C:\Program Files\Skype
2010-11-12 14:52:23 ----D---- C:\Program Files\WinRAR
2010-11-12 14:42:47 ----D---- C:\Program Files\Java
2010-11-12 14:42:23 ----D---- C:\Program Files\Common Files\Java
2010-11-12 14:12:14 ----D---- C:\Program Files\Internet Explorer
2010-11-12 14:08:38 ----ASH---- C:\WINDOWS.0\fonts\desktop.ini
2010-11-12 14:05:53 ----D---- C:\Program Files\Windows Media Player
2010-11-12 14:05:52 ----D---- C:\Program Files\NetMeeting
2010-11-12 14:05:50 ----D---- C:\Program Files\Common Files\Services
2010-11-12 14:05:43 ----D---- C:\Program Files\Outlook Express
2010-11-12 14:05:25 ----D---- C:\Program Files\Movie Maker
2010-11-12 14:04:29 ----D---- C:\Program Files\Common Files\System
2010-11-12 13:51:46 ----D---- C:\Program Files\Windows NT
2010-11-10 19:43:54 ----AD---- C:\WINDOWS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 gagp30kx;Filtr Microsoft Generic AGPv3.0 pro procesorovou platformu K8; C:\WINDOWS.0\system32\DRIVERS\gagp30kx.sys [2008-04-13 46464]
R0 giveio;giveio; C:\WINDOWS.0\system32\giveio.sys [1996-04-03 5248]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS.0\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS.0\System32\Drivers\PxHelp20.sys [2005-05-12 20576]
R0 speedfan;speedfan; C:\WINDOWS.0\system32\speedfan.sys [2006-09-24 5248]
R0 VIAMRAID;VIAMRAID; C:\WINDOWS.0\system32\DRIVERS\viamraid.sys [2005-04-27 60928]
R1 nvport;NVIDIA PORT IO Control Driver; \??\C:\WINDOWS.0\system32\Drivers\nvport.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R3 aracpi;aracpi; C:\WINDOWS.0\system32\DRIVERS\aracpi.sys [2008-11-05 22784]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS.0\system32\DRIVERS\arkbcfltr.sys [2008-11-05 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS.0\system32\DRIVERS\armoucfltr.sys [2008-11-05 4992]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS.0\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS.0\system32\DRIVERS\arpolicy.sys [2008-11-05 10112]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS.0\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS.0\system32\DRIVERS\L8042Kbd.sys [2006-07-19 13568]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS.0\system32\drivers\lvusbsta.sys [2006-12-14 41248]
R3 NIC1394;1394 Net Driver; C:\WINDOWS.0\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pepifilter;Volume Adapter; C:\WINDOWS.0\system32\DRIVERS\lv302af.sys [2006-12-14 14240]
R3 pfc;Padus ASPI Shell; C:\WINDOWS.0\system32\drivers\pfc.sys [2006-03-29 9856]
R3 PID_08A0;QuickCam IM(PID_08A0); C:\WINDOWS.0\system32\DRIVERS\LV302AV.SYS [2005-12-05 916096]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS.0\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS.0\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS.0\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 viagfx;viagfx; C:\WINDOWS.0\system32\DRIVERS\vtmini.sys [2007-04-28 283904]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS.0\system32\drivers\vinyl97.sys [2007-06-27 207488]
S3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS.0\system32\DRIVERS\arhidfltr.sys [2008-11-05 19200]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS.0\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MHNDRV;Ovladač platformy MHN; C:\WINDOWS.0\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS.0\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS.0\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS.0\system32\DRIVERS\point32.sys [2006-11-07 21760]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS.0\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS.0\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS.0\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS.0\system32\DRIVERS\WudfPf.sys [2008-09-23 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS.0\system32\DRIVERS\wudfrd.sys [2008-09-23 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 IISADMIN;Správa služby IIS; C:\WINDOWS.0\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-30 153376]
S3 ARSVC;ARSVC; C:\WINDOWS.0\arservice.exe [2008-11-05 58880]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-11-12 435008]
S3 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-09-30 1051968]
S3 W3SVC;Publikování na webu; C:\WINDOWS.0\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336]
S4 ehRecvr;Služba přijímače aplikace Media Center; C:\WINDOWS.0\eHome\ehRecvr.exe [2008-10-10 238592]
S4 ehSched;Služba plánování aplikace Media Center; C:\WINDOWS.0\eHome\ehSched.exe [2005-08-05 103424]
S4 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S4 idsvc;Windows CardSpace; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 McrdSvc;Media Center Extender Service; C:\WINDOWS.0\ehome\mcrdsvc.exe [2005-08-05 99328]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

#2 Příspěvek od **motji** » 06 pro 2010 09:24

Dobré ranko

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

ViroBijec · #3 Příspěvek od **ViroBijec** » 06 pro 2010 09:57

Detekován rootkit...
Také dobré "ránko"...

ComboFix 10-12-04.03 - ADMIN 06.12.2010 9:44.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.447.227 [GMT 1:00]
Spuštěný z: c:\documents and settings\ADMIN.PC-8D650F7FBB56\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ADMIN\Data aplikací\WindowsApplication1
c:\documents and settings\ADMIN\Data aplikací\WindowsApplication1\WindowsApplication1.config
c:\documents and settings\All Users.WINDOWS.0\Dokumenty\Server\admin.txt
c:\program files\WinPCap
c:\program files\WinPCap\install.log
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows.0\regedit.com
c:\windows.0\system32\Cache
c:\windows.0\system32\taskmgr.com

c:\windows.0\explorer.exe . . . je infikován!!

c:\windows.0\system32\winlogon.exe . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-06 do 2010-12-06 )))))))))))))))))))))))))))))))
.

2010-12-06 06:56 . 2010-12-06 07:56 -------- d-----w- c:\program files\trend micro
2010-12-06 06:56 . 2010-12-06 06:56 -------- d-----w- C:\rsit
2010-12-04 12:44 . 2010-12-04 12:44 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-11-25 22:29 . 2010-11-25 22:29 -------- d-----w- C:\c2d52d78b3b1ddce3883f3
2010-11-13 16:25 . 2010-11-13 16:25 -------- d-----w- c:\program files\Encore
2010-11-12 16:17 . 2010-11-12 16:17 -------- d-----w- c:\program files\Driver-Soft
2010-11-12 16:04 . 2010-11-12 16:04 -------- d-----w- c:\program files\Opera
2010-11-12 14:29 . 2010-11-12 14:35 -------- d-----w- c:\program files\TuneUp Utilities 2010

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-04 13:04 . 2010-12-04 13:04 4370394 ----a-w- c:\windows.0\REGBK00.ZIP
.

------- Sigcheck -------

[-] 2008-10-19 . C00C0E353C3A0B77C52FF4D58E4C9551 . 557056 . . [5.1.2600.5512] . . c:\windows.0\system32\winlogon.exe

[-] 2008-10-19 . 3AC5A6BB0491CADA4F424978ECCD9A29 . 678400 . . [5.82] . . c:\windows.0\system32\comctl32.dll
[7] 2008-04-14 . D7B7AE36A2EBA312AC4B53862019B3F5 . 1054208 . . [6.0] . . c:\windows.0\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows.0\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2008-10-19 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows.0\system32\user32.dll

[-] 2008-10-19 . 024EC02A67BF60BBAEA6700E79465EAE . 1589760 . . [6.00.2900.5512] . . c:\windows.0\explorer.exe

[-] 2008-11-05 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows.0\system32\sfcfiles.dll

[-] 2008-10-19 . 0AB43CE7EFFAD6B4914AE3C1B489AAA1 . 66560 . . [5.1.2600.5512] . . c:\windows.0\system32\ctfmon.exe

[-] 2008-11-30 . 073FC04264BBE3AC30539D7448FB0419 . 2229248 . . [5.1.2600.5657] . . c:\windows.0\system32\ntkrnlpa.exe

[-] 2008-10-19 . 2A3930BDD50BEA50CA5D6CE3D0EA4F94 . 2352384 . . [5.1.2600.5657] . . c:\windows.0\system32\ntoskrnl.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2010-01-08 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2006-09-14 53248]
"VTTrayp"="VTtrayp.exe" [2007-04-25 176128]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-10-19 06:35 66560 ----a-w- c:\windows.0\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]
2007-07-04 20:59 45056 ----a-w- c:\program files\Vista Components\Vista Drive Icon\DrvIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 12:56 64512 ----a-w- c:\windows.0\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"McrdSvc"=3 (0x3)
"ehRecvr"=2 (0x2)
"ehSched"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"idsvc"=3 (0x3)
"MSIServer"=3 (0x3)
"mnmsrvc"=3 (0x3)
"CryptSvc"=2 (0x2)
"Browser"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"VoipDiscount"="c:\program files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
"ctfmon.exe"=c:\windows.0\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [16.12.2009 16:26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [16.12.2009 16:26 74480]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16.12.2009 16:27 7408]
S3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.9.2010 13:42 1051968]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 7:48 10064]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2008-10-16 19:33 124928 ----a-w- c:\windows.0\system32\advpack.dll
.
.
------- Doplňkový sken -------
.
FF - ProfilePath - c:\documents and settings\ADMIN.PC-8D650F7FBB56\Data aplikací\Mozilla\Firefox\Profiles\mal82dzr.default\
FF - prefs.js: browser.startup.homepage - hxxp://cs.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:cs:official
FF - prefs.js: keyword.URL - hxxp://start.facemoods.com/results.php?f=5&a=kcs&q=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: SQLite Manager: SQLiteManager@mrinalkant.blogspot.com - c:\documents and settings\ADMIN.PC-8D650F7FBB56\Data aplikací\Mozilla\Firefox\Profiles\mal82dzr.default\extensions\SQLiteManager@mrinalkant.blogspot.com
FF - Extension: Context Highlight: {8051A235-3BDB-4450-9C02-8CD8C6F9E2CB} - c:\documents and settings\ADMIN.PC-8D650F7FBB56\Data aplikací\Mozilla\Firefox\Profiles\mal82dzr.default\extensions\{8051A235-3BDB-4450-9C02-8CD8C6F9E2CB}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\ADMIN.PC-8D650F7FBB56\Data aplikací\Mozilla\Firefox\Profiles\mal82dzr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Default Full Zoom Level: {D9A7CBEC-DE1A-444f-A092-844461596C4D} - c:\documents and settings\ADMIN.PC-8D650F7FBB56\Data aplikací\Mozilla\Firefox\Profiles\mal82dzr.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
FF - Extension: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - c:\documents and settings\ADMIN.PC-8D650F7FBB56\Data aplikací\Mozilla\Firefox\Profiles\mal82dzr.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-06 09:51
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\windows.0\system32\SETUPAPI.dll
c:\windows.0\system32\COMRes.dll
c:\windows.0\system32\cscui.dll

- - - - - - - > 'lsass.exe'(880)
c:\windows.0\system32\SETUPAPI.dll
.
Celkový čas: 2010-12-06 09:54:19
ComboFix-quarantined-files.txt 2010-12-06 08:54

Před spuštěním: 5 420 797 952
Po spuštění: 5 905 825 792

- - End Of File - - D9F684E1487D5CA60B74AC00B11C5C11

#4 Příspěvek od **motji** » 06 pro 2010 10:11

nádhera

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše


Restore::
C:\windows.0\explorer.exe 
c:\windows.0\system32\winlogon.exe

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

ViroBijec · #5 Příspěvek od **ViroBijec** » 06 pro 2010 10:43

Takže učinil jsem dle instrukcí: Přetáhl jsem skript na ikonu CF a texťák zmizl, CF se spustil. Zde je výsledek:

ComboFix 10-12-04.03 - ADMIN 06.12.2010 10:31:50.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.447.223 [GMT 1:00]
Spuštěný z: c:\documents and settings\ADMIN.PC-8D650F7FBB56\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\ADMIN.PC-8D650F7FBB56\Plocha\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows.0\explorer.exe . . . je infikován!!

c:\windows.0\system32\winlogon.exe . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-06 do 2010-12-06 )))))))))))))))))))))))))))))))
.

2010-12-06 06:56 . 2010-12-06 07:56 -------- d-----w- c:\program files\trend micro
2010-12-06 06:56 . 2010-12-06 06:56 -------- d-----w- C:\rsit
2010-12-04 12:44 . 2010-12-04 12:44 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-11-25 22:29 . 2010-11-25 22:29 -------- d-----w- C:\c2d52d78b3b1ddce3883f3
2010-11-13 16:25 . 2010-11-13 16:25 -------- d-----w- c:\program files\Encore
2010-11-12 16:17 . 2010-11-12 16:17 -------- d-----w- c:\program files\Driver-Soft
2010-11-12 16:04 . 2010-11-12 16:04 -------- d-----w- c:\program files\Opera
2010-11-12 14:29 . 2010-11-12 14:35 -------- d-----w- c:\program files\TuneUp Utilities 2010

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-04 13:04 . 2010-12-04 13:04 4370394 ----a-w- c:\windows.0\REGBK00.ZIP
.

------- Sigcheck -------

[-] 2008-10-19 . C00C0E353C3A0B77C52FF4D58E4C9551 . 557056 . . [5.1.2600.5512] . . c:\windows.0\system32\winlogon.exe

[-] 2008-10-19 . 3AC5A6BB0491CADA4F424978ECCD9A29 . 678400 . . [5.82] . . c:\windows.0\system32\comctl32.dll
[7] 2008-04-14 . D7B7AE36A2EBA312AC4B53862019B3F5 . 1054208 . . [6.0] . . c:\windows.0\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows.0\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2008-10-19 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows.0\system32\user32.dll

[-] 2008-10-19 . 024EC02A67BF60BBAEA6700E79465EAE . 1589760 . . [6.00.2900.5512] . . c:\windows.0\explorer.exe

[-] 2008-11-05 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows.0\system32\sfcfiles.dll

[-] 2008-10-19 . 0AB43CE7EFFAD6B4914AE3C1B489AAA1 . 66560 . . [5.1.2600.5512] . . c:\windows.0\system32\ctfmon.exe

[-] 2008-11-30 . 073FC04264BBE3AC30539D7448FB0419 . 2229248 . . [5.1.2600.5657] . . c:\windows.0\system32\ntkrnlpa.exe

[-] 2008-10-19 . 2A3930BDD50BEA50CA5D6CE3D0EA4F94 . 2352384 . . [5.1.2600.5657] . . c:\windows.0\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-12-06_08.51.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-06 09:29 . 2010-12-06 09:29 16384 c:\windows.0\Temp\Perflib_Perfdata_710.dat
- 2001-10-25 15:00 . 2010-11-12 19:12 79312 c:\windows.0\system32\perfc009.dat
+ 2001-10-25 15:00 . 2010-12-06 09:33 79312 c:\windows.0\system32\perfc009.dat
- 2001-10-25 15:00 . 2010-11-12 19:12 92148 c:\windows.0\system32\perfc005.dat
+ 2001-10-25 15:00 . 2010-12-06 09:33 92148 c:\windows.0\system32\perfc005.dat
- 2001-10-25 15:00 . 2010-11-12 19:12 474128 c:\windows.0\system32\perfh009.dat
+ 2001-10-25 15:00 . 2010-12-06 09:33 474128 c:\windows.0\system32\perfh009.dat
+ 2001-10-25 15:00 . 2010-12-06 09:33 473070 c:\windows.0\system32\perfh005.dat
- 2001-10-25 15:00 . 2010-11-12 19:12 473070 c:\windows.0\system32\perfh005.dat
+ 2010-11-12 13:02 . 2010-12-06 09:29 207538 c:\windows.0\system32\inetsrv\MetaBase.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2010-01-08 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2006-09-14 53248]
"VTTrayp"="VTtrayp.exe" [2007-04-25 176128]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-10-19 06:35 66560 ----a-w- c:\windows.0\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]
2007-07-04 20:59 45056 ----a-w- c:\program files\Vista Components\Vista Drive Icon\DrvIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 12:56 64512 ----a-w- c:\windows.0\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"McrdSvc"=3 (0x3)
"ehRecvr"=2 (0x2)
"ehSched"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"idsvc"=3 (0x3)
"MSIServer"=3 (0x3)
"mnmsrvc"=3 (0x3)
"CryptSvc"=2 (0x2)
"Browser"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"VoipDiscount"="c:\program files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
"ctfmon.exe"=c:\windows.0\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [16.12.2009 16:26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [16.12.2009 16:26 74480]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16.12.2009 16:27 7408]
S3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.9.2010 13:42 1051968]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 7:48 10064]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2008-10-16 19:33 124928 ----a-w- c:\windows.0\system32\advpack.dll
.
.
------- Doplňkový sken -------
.
FF - ProfilePath - c:\documents and settings\ADMIN.PC-8D650F7FBB56\Data aplikací\Mozilla\Firefox\Profiles\mal82dzr.default\
FF - prefs.js: browser.startup.homepage - hxxp://cs.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:cs:official
FF - prefs.js: keyword.URL - hxxp://start.facemoods.com/results.php?f=5&a=kcs&q=
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: SQLite Manager: SQLiteManager@mrinalkant.blogspot.com - c:\documents and settings\ADMIN.PC-8D650F7FBB56\Data aplikací\Mozilla\Firefox\Profiles\mal82dzr.default\extensions\SQLiteManager@mrinalkant.blogspot.com
FF - Extension: Context Highlight: {8051A235-3BDB-4450-9C02-8CD8C6F9E2CB} - c:\documents and settings\ADMIN.PC-8D650F7FBB56\Data aplikací\Mozilla\Firefox\Profiles\mal82dzr.default\extensions\{8051A235-3BDB-4450-9C02-8CD8C6F9E2CB}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\ADMIN.PC-8D650F7FBB56\Data aplikací\Mozilla\Firefox\Profiles\mal82dzr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Default Full Zoom Level: {D9A7CBEC-DE1A-444f-A092-844461596C4D} - c:\documents and settings\ADMIN.PC-8D650F7FBB56\Data aplikací\Mozilla\Firefox\Profiles\mal82dzr.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
FF - Extension: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - c:\documents and settings\ADMIN.PC-8D650F7FBB56\Data aplikací\Mozilla\Firefox\Profiles\mal82dzr.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-06 10:38
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows.0\system32\SETUPAPI.dll
c:\windows.0\system32\COMRes.dll
c:\windows.0\system32\cscui.dll

- - - - - - - > 'lsass.exe'(880)
c:\windows.0\system32\SETUPAPI.dll
.
Celkový čas: 2010-12-06 10:40:37
ComboFix-quarantined-files.txt 2010-12-06 09:40
ComboFix2.txt 2010-12-06 08:54

Před spuštěním: 5 985 263 616
Po spuštění: 5 982 191 616

- - End Of File - - A8BD35463F3DA293F6DD065B82497ED5

#6 Příspěvek od **motji** » 06 pro 2010 11:28

Stáhněte SystemLook
http://jpshortstuff.247fixes.com/SystemLook.exe

- uložte ho na plochu a spustte.
- do okénka zkopírujte

Kód: Vybrat vše

:filefind
explorer.exe
winlogon.exe

- klikněte na Look, proběhne sken, na konci se zobrazí log, jehož obsah zkopírujete sem

ViroBijec · #7 Příspěvek od **ViroBijec** » 06 pro 2010 11:35

SystemLook 04.09.10 by jpshortstuff
Log created at 11:31 on 06/12/2010 by ADMIN
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.exe"
C:\WINDOWS\explorer.exe --a---- 1550848 bytes [12:00 02/03/2006] [12:00 02/03/2006] 48D7D12BBCB99024FC792628AC1AA7B9
C:\WINDOWS.0\explorer.exe --a---- 1589760 bytes [06:35 19/10/2008] [06:35 19/10/2008] 024EC02A67BF60BBAEA6700E79465EAE

Searching for "winlogon.exe"
C:\WINDOWS\system32\winlogon.exe --a---- 541696 bytes [12:00 02/03/2006] [12:00 02/03/2006] 96112B362A1F419384CE57E5D92C6267
C:\WINDOWS.0\system32\winlogon.exe --a---- 557056 bytes [06:38 19/10/2008] [06:38 19/10/2008] C00C0E353C3A0B77C52FF4D58E4C9551

-= EOF =-

#8 Příspěvek od **motji** » 06 pro 2010 11:47

Vy nemáte žádnou zálohu syst. souborů

Stahněte si z přílohy rar soubor, rozbalte ho a soubory umístěte přímo na disk C, aby cesta byla
c:\explorer.exe
c:\winlogon.exe

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

FCOPY::
c:\explorer.exe | c:\windows.0\explorer.exe
c:\explorer.exe | c:\windows.0\system32\dllcache\explorer.exe
c:\winlogon.exe | c:\windows.0\system32\winlogon.exe
c:\winlogon.exe | c:\windows.0\system32\dllcache\winlogon.exe

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC

Stahněte http://www.jpshortstuff.247fixes.com/Defogger.exe
- spustte,
- potvrdte disabled
-log vložte zde

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu

start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde

Já tu zkusím odpoledne mezi 2-3. hodinou nakouknout, pak až večer

#9 Příspěvek od **motji** » 06 pro 2010 11:48

Pardon, ještě ta příloha

ViroBijec · #10 Příspěvek od **ViroBijec** » 06 pro 2010 11:52

Děkuji, za chvíli se na to vrhnu, taky mi příjde divné, že nemám žádnou zálohu :O

ViroBijec · #11 Příspěvek od **ViroBijec** » 06 pro 2010 13:45

CF při kontrole furt restartovává PC. Mám pokračovat v tom dalším?

#12 Příspěvek od **motji** » 06 pro 2010 15:31

Počkejte, ted Vás nechápu. Když spustíte combofix s tím skriptem, tak se Vám pak restartuje počítač a už se do něj nedostanete, nebo ano?
Měním vám winlogon, ten potřebujete k přihlášení do počítače.

ViroBijec · #13 Příspěvek od **ViroBijec** » 06 pro 2010 15:48

Jasan, rozumím. Myslím, že bude nějaký problém v tom systémovém souboru, nebo nevim.
Takto: spustím přes CF skript, CF najede, krom ostatního zahlásí, že byl detekován rootkit a potřebuje restartovat PC. PC se restartuje, CF spustí kontrolu a asi u bodu 4 (fáze z padesáti) se restartuje bez upozornění PC. Jak najede systém, CF už se nespustí a vše vypadá tak, jako bych jen spustil PC, najíždí běžné programy a tak, nikde ani stopa po kontrole.

#14 Příspěvek od **motji** » 06 pro 2010 15:50

Ok, asi pak použijeme na výměnu avenger, raději.
udělejte ještě tu kontrolu gmerem, koukneme se, zda tam není ještě něco jiného, kromě těch dvou napadenýchsystémových souborů.
Budu tu večer po 9.hodině

ViroBijec · #15 Příspěvek od **ViroBijec** » 06 pro 2010 17:40

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-06 17:39:02
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400BB-00JHC0 rev.05.01C05
Running: gmer.exe; Driver: C:\DOCUME~1\ADMIN~1.PC-\LOCALS~1\Temp\afniqaoc.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF517B0B0]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS.0\Explorer.EXE[1700] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 00D58369

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS.0\Explorer.EXE[1700] @ C:\WINDOWS.0\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5D067774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[1700] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5D067774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[1700] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5D067774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[1700] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5D067774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[1700] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5D067774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[1700] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5D067774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[1700] @ C:\WINDOWS.0\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5D067774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[1700] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5D067774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[1700] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5D067774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[1700] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5D067774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[1700] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5D067774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[1700] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5D067774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[1700] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5D067774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[1700] @ C:\WINDOWS.0\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5D067774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[1700] @ C:\WINDOWS.0\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5D067774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[1700] @ C:\WINDOWS.0\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5D067774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[1700] @ C:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5D067774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[1700] @ C:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5D067774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1

---- EOF - GMER 1.0.15 ----

VIRY.CZ

Zavirované PC, přeměrovávání na zavirované stránky.

Zavirované PC, přeměrovávání na zavirované stránky.

Re: Zavirované PC, přeměrovávání na zavirované stránky.

Re: Zavirované PC, přeměrovávání na zavirované stránky.

Re: Zavirované PC, přeměrovávání na zavirované stránky.

Re: Zavirované PC, přeměrovávání na zavirované stránky.

Re: Zavirované PC, přeměrovávání na zavirované stránky.

Re: Zavirované PC, přeměrovávání na zavirované stránky.

Re: Zavirované PC, přeměrovávání na zavirované stránky.

Re: Zavirované PC, přeměrovávání na zavirované stránky.

Re: Zavirované PC, přeměrovávání na zavirované stránky.

Re: Zavirované PC, přeměrovávání na zavirované stránky.

Re: Zavirované PC, přeměrovávání na zavirované stránky.

Re: Zavirované PC, přeměrovávání na zavirované stránky.

Re: Zavirované PC, přeměrovávání na zavirované stránky.

Re: Zavirované PC, přeměrovávání na zavirované stránky.