TSR.BOOT virus

Zpráva

#16 Příspěvek od **vyosek** » 17 bře 2012 21:33

Ano, mbr sektor disku neni pri formatu dotcen...ale staci odstranit partici a je to OK pac pak se zapisuje novy mbr...

ovsem s flash diskem to nema nic spolecneho, vy nacitate system z HDD nez z flash disku...

rey_619 · #17 Příspěvek od **rey_619** » 18 bře 2012 20:09

Logfile of random's system information tool 1.09 (written by random/random)
Run by Lenka at 2012-03-18 20:07:38
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (66%) free of 10 GB
Total RAM: 759 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:08:29, on 18.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Documents and Settings\Lenka\My Documents\Downloads\RSIT.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\trend micro\Lenka.exe

O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Lenka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 3383 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-583907252-1177238915-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-583907252-1177238915-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-05-05 143360]
"DrvLsnr"=C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe [2003-05-08 69632]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2003-10-02 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2003-10-02 118784]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-01-31 258512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Lenka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-18 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-10-02 319488]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MIDI1"=SYNCOR11.DLL

======List of files/folders created in the last 1 month======

2012-03-18 20:08:17 ----D---- C:\Program Files\trend micro
2012-03-18 20:07:38 ----D---- C:\rsit
2012-03-18 20:05:14 ----D---- C:\WINDOWS\system32\1051
2012-03-18 20:05:14 ----A---- C:\WINDOWS\system32\WMErrSKY.dll
2012-03-18 20:04:39 ----A---- C:\WINDOWS\system32\h323log.txt
2012-03-18 20:00:43 ----D---- C:\Program Files\WinRAR
2012-03-18 20:00:22 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2012-03-18 20:00:09 ----A---- C:\WINDOWS\system32\hidserv.dll
2012-03-18 19:59:53 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2012-03-18 19:59:20 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2012-03-18 19:58:37 ----A---- C:\WINDOWS\system32\usbui.dll
2012-03-18 19:58:32 ----A---- C:\WINDOWS\system32\drivers\intelide.sys
2012-03-18 19:57:34 ----A---- C:\WINDOWS\imsins.BAK
2012-03-18 19:57:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-03-18 19:57:31 ----SHD---- C:\WINDOWS\Installer
2012-03-18 19:57:31 ----D---- C:\Program Files\Common Files\ODBC
2012-03-18 19:57:31 ----A---- C:\WINDOWS\ODBCINST.INI
2012-03-18 19:57:27 ----RD---- C:\Program Files
2012-03-18 19:57:27 ----D---- C:\Program Files\Common Files\SpeechEngines
2012-03-18 19:57:27 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-03-18 19:57:27 ----D---- C:\Program Files\Common Files
2012-03-18 19:57:19 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2012-03-18 19:57:19 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2012-03-18 19:57:19 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2012-03-18 19:57:18 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2012-03-18 19:57:18 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2012-03-18 19:57:18 ----RA---- C:\WINDOWS\system32\kbdur.dll
2012-03-18 19:57:18 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2012-03-18 19:57:18 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2012-03-18 19:57:18 ----RA---- C:\WINDOWS\system32\kbdru.dll
2012-03-18 19:57:18 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2012-03-18 19:57:18 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2012-03-18 19:57:18 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2012-03-18 19:57:18 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2012-03-18 19:57:18 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2012-03-18 19:57:18 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2012-03-18 19:57:16 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2012-03-18 19:57:16 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2012-03-18 19:57:16 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2012-03-18 19:57:16 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2012-03-18 19:57:16 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2012-03-18 19:57:16 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2012-03-18 19:57:16 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2012-03-18 19:57:15 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2012-03-18 19:57:15 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2012-03-18 19:57:15 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2012-03-18 19:57:15 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2012-03-18 19:57:15 ----RA---- C:\WINDOWS\system32\kbdest.dll
2012-03-18 19:57:14 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2012-03-18 19:57:14 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2012-03-18 19:57:14 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2012-03-18 19:57:14 ----RA---- C:\WINDOWS\system32\kbdro.dll
2012-03-18 19:57:14 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2012-03-18 19:57:14 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2012-03-18 19:57:14 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2012-03-18 19:57:14 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2012-03-18 19:57:14 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2012-03-18 19:57:14 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2012-03-18 19:57:14 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2012-03-18 19:57:14 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2012-03-18 19:57:14 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2012-03-18 19:57:10 ----A---- C:\WINDOWS\system32\irclass.dll
2012-03-18 19:57:09 ----A---- C:\WINDOWS\system32\spxcoins.dll
2012-03-18 19:57:09 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2012-03-18 19:57:09 ----A---- C:\WINDOWS\system32\dgsetup.dll
2012-03-18 19:57:09 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2012-03-18 19:57:07 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2012-03-18 19:57:07 ----A---- C:\WINDOWS\TASKMAN.EXE
2012-03-18 19:57:07 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2012-03-18 19:57:07 ----A---- C:\WINDOWS\system32\batt.dll
2012-03-18 19:57:06 ----A---- C:\WINDOWS\NOTEPAD.EXE
2012-03-18 19:57:05 ----A---- C:\WINDOWS\system32\storprop.dll
2012-03-18 19:56:57 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2012-03-18 19:56:54 ----RA---- C:\WINDOWS\SET8.tmp
2012-03-18 19:56:52 ----RA---- C:\WINDOWS\SET4.tmp
2012-03-18 19:56:50 ----RA---- C:\WINDOWS\SET3.tmp
2012-03-18 19:56:45 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-18 19:56:45 ----D---- C:\WINDOWS\system32\CatRoot
2012-03-18 19:56:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2012-03-18 19:56:21 ----A---- C:\WINDOWS\setuplog.txt
2012-03-18 19:56:16 ----D---- C:\Documents and Settings
2012-03-18 19:56:15 ----SHD---- C:\System Volume Information
2012-03-18 19:56:15 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2012-03-18 19:54:29 ----SH---- C:\boot.ini
2012-03-18 19:50:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-03-18 19:50:41 ----RSD---- C:\WINDOWS\Fonts
2012-03-18 19:50:41 ----RD---- C:\WINDOWS\Web
2012-03-18 19:50:41 ----HD---- C:\WINDOWS\inf
2012-03-18 19:50:41 ----D---- C:\WINDOWS\WinSxS
2012-03-18 19:50:41 ----D---- C:\WINDOWS\twain_32
2012-03-18 19:50:41 ----D---- C:\WINDOWS\Temp
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\wins
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\wbem
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\usmt
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\spool
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\ShellExt
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\Setup
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\scripting
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\ras
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\oobe
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\npp
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\mui
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\inetsrv
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\IME
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\icsxml
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\ias
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\export
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\en
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\drivers\etc
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\drivers\disdn
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\drivers
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\dhcp
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\config
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\3com_dmi
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\3076
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\2052
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\1054
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\1042
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\1041
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\1037
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\1033
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\1031
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\1028
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32\1025
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system32
2012-03-18 19:50:41 ----D---- C:\WINDOWS\system
2012-03-18 19:50:41 ----D---- C:\WINDOWS\security
2012-03-18 19:50:41 ----D---- C:\WINDOWS\Resources
2012-03-18 19:50:41 ----D---- C:\WINDOWS\repair
2012-03-18 19:50:41 ----D---- C:\WINDOWS\Provisioning
2012-03-18 19:50:41 ----D---- C:\WINDOWS\pchealth
2012-03-18 19:50:41 ----D---- C:\WINDOWS\PeerNet
2012-03-18 19:50:41 ----D---- C:\WINDOWS\NLDRV
2012-03-18 19:50:41 ----D---- C:\WINDOWS\Network Diagnostic
2012-03-18 19:50:41 ----D---- C:\WINDOWS\mui
2012-03-18 19:50:41 ----D---- C:\WINDOWS\msapps
2012-03-18 19:50:41 ----D---- C:\WINDOWS\msagent
2012-03-18 19:50:41 ----D---- C:\WINDOWS\Media
2012-03-18 19:50:41 ----D---- C:\WINDOWS\L2Schemas
2012-03-18 19:50:41 ----D---- C:\WINDOWS\java
2012-03-18 19:50:41 ----D---- C:\WINDOWS\ime
2012-03-18 19:50:41 ----D---- C:\WINDOWS\Help
2012-03-18 19:50:41 ----D---- C:\WINDOWS\ehome
2012-03-18 19:50:41 ----D---- C:\WINDOWS\Driver Cache
2012-03-18 19:50:41 ----D---- C:\WINDOWS\Debug
2012-03-18 19:50:41 ----D---- C:\WINDOWS\Cursors
2012-03-18 19:50:41 ----D---- C:\WINDOWS\Connection Wizard
2012-03-18 19:50:41 ----D---- C:\WINDOWS\Config
2012-03-18 19:50:41 ----D---- C:\WINDOWS\AppPatch
2012-03-18 19:50:41 ----D---- C:\WINDOWS\addins
2012-03-18 19:50:41 ----D---- C:\WINDOWS
2012-03-18 19:50:41 ----ASH---- C:\pagefile.sys
2012-03-18 19:49:58 ----N---- C:\WINDOWS\system32\spmsg.dll
2012-03-18 19:48:44 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2012-03-18 19:42:00 ----A---- C:\WINDOWS\system32\wups2.dll
2012-03-18 19:41:58 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2012-03-18 19:41:57 ----D---- C:\Documents and Settings\Lenka\Application Data\Avira
2012-03-18 19:40:05 ----D---- C:\Program Files\CCleaner
2012-03-18 19:36:09 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2012-03-18 19:36:06 ----A---- C:\WINDOWS\system32\drivers\avkmgr.sys
2012-03-18 19:36:06 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2012-03-18 19:36:06 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2012-03-18 19:36:05 ----D---- C:\Program Files\Avira
2012-03-18 19:36:05 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2012-03-18 19:35:26 ----D---- C:\Documents and Settings\Lenka\Application Data\Macromedia
2012-03-18 19:35:26 ----D---- C:\Documents and Settings\Lenka\Application Data\Adobe
2012-03-18 19:34:48 ----A---- C:\WINDOWS\system32\wpa.bak
2012-03-18 19:27:21 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2012-03-18 19:27:20 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2012-03-18 19:27:18 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys
2012-03-18 19:27:16 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2012-03-18 19:27:15 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2012-03-18 19:27:13 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2012-03-18 19:27:10 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2012-03-18 19:26:38 ----A---- C:\WINDOWS\system32\igfxres.dll
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\igfxtray.exe
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\igfxsrvc.dll
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\igfxress.dll
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\igfxpph.dll
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\igfxhk.dll
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\igfxext.exe
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\igfxexps.dll
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\igfxeud.dll
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\igfxdo.dll
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\igfxdiag.exe
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\igfxdgps.dll
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\igfxdev.dll
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\igfxcfg.exe
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\ialmrnt5.dll
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\ialmrem.dll
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\ialmgicd.dll
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\ialmgdev.dll
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\ialmdnt5.dll
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\ialmdev5.dll
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\ialmdd5.dll
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\iAlmCoIn_v3691.dll
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\hkcmd.exe
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\hccutils.dll
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\drivers\wa301b.sys
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\drivers\wa301a.sys
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\drivers\vch.sys
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\drivers\ialmsbw.sys
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\drivers\ialmnt5.sys
2012-03-18 19:25:27 ----A---- C:\WINDOWS\system32\drivers\ialmkchw.sys
2012-03-18 19:25:26 ----D---- C:\WINDOWS\Drivers
2012-03-18 19:25:26 ----A---- C:\WINDOWS\system32\drivers\a314.sys
2012-03-18 19:25:26 ----A---- C:\WINDOWS\system32\drivers\a313.sys
2012-03-18 19:25:26 ----A---- C:\WINDOWS\system32\drivers\a311.sys
2012-03-18 19:25:26 ----A---- C:\WINDOWS\system32\drivers\a310.sys
2012-03-18 19:25:26 ----A---- C:\WINDOWS\system32\drivers\a309.sys
2012-03-18 19:25:26 ----A---- C:\WINDOWS\system32\drivers\a308.sys
2012-03-18 19:25:26 ----A---- C:\WINDOWS\system32\drivers\a307.sys
2012-03-18 19:25:26 ----A---- C:\WINDOWS\system32\drivers\a306.sys
2012-03-18 19:25:26 ----A---- C:\WINDOWS\system32\drivers\a305.sys
2012-03-18 19:25:26 ----A---- C:\WINDOWS\system32\drivers\a304.sys
2012-03-18 19:25:26 ----A---- C:\WINDOWS\system32\drivers\a303.sys
2012-03-18 19:25:26 ----A---- C:\WINDOWS\system32\drivers\a302.sys
2012-03-18 19:24:20 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2012-03-18 19:20:38 ----A---- C:\WINDOWS\system32\ksuser.dll
2012-03-18 19:20:38 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2012-03-18 19:20:37 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2012-03-18 19:20:36 ----A---- C:\WINDOWS\system32\drivers\smsens.sys
2012-03-18 19:20:36 ----A---- C:\WINDOWS\system32\drivers\aeaudio.sys
2012-03-18 19:20:35 ----HD---- C:\Program Files\InstallShield Installation Information
2012-03-18 19:20:35 ----D---- C:\Program Files\Analog Devices
2012-03-18 19:20:35 ----A---- C:\WINDOWS\system32\wdmioctl.dll
2012-03-18 19:20:35 ----A---- C:\WINDOWS\system32\SynthCore11Resources.dll
2012-03-18 19:20:35 ----A---- C:\WINDOWS\system32\Syncor11.dll
2012-03-18 19:20:35 ----A---- C:\WINDOWS\system32\SMMedia.dll
2012-03-18 19:20:35 ----A---- C:\WINDOWS\system32\S11thk32.dll
2012-03-18 19:20:35 ----A---- C:\WINDOWS\system32\DSndUp.exe
2012-03-18 19:20:35 ----A---- C:\WINDOWS\system32\drivers\smwdm.sys
2012-03-18 19:20:35 ----A---- C:\WINDOWS\system32\CleanUp.exe
2012-03-18 19:20:35 ----A---- C:\WINDOWS\system32\a3d.dll
2012-03-18 19:20:35 ----A---- C:\WINDOWS\SynthCoreA.Dll
2012-03-18 19:20:35 ----A---- C:\WINDOWS\SynCor.exe
2012-03-18 19:20:34 ----A---- C:\WINDOWS\system32\msssc.dll
2012-03-18 19:20:29 ----D---- C:\Program Files\Common Files\InstallShield
2012-03-18 19:19:23 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-03-18 19:19:23 ----A---- C:\WINDOWS\system32\drivers\b57xp32.sys
2012-03-18 19:19:22 ----D---- C:\Program Files\Broadcom
2012-03-18 19:18:53 ----D---- C:\SWSetup
2012-03-18 19:16:23 ----D---- C:\Documents and Settings\Lenka\Application Data\Identities
2012-03-18 19:16:21 ----HD---- C:\Program Files\Uninstall Information
2012-03-18 19:16:15 ----SD---- C:\Documents and Settings\Lenka\Application Data\Microsoft
2012-03-18 19:16:15 ----ASH---- C:\Documents and Settings\Lenka\Application Data\desktop.ini
2012-03-18 19:15:12 ----D---- C:\WINDOWS\SoftwareDistribution
2012-03-18 19:15:11 ----D---- C:\WINDOWS\Prefetch
2012-03-18 19:15:10 ----SD---- C:\WINDOWS\system32\Microsoft
2012-03-18 19:15:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-18 19:13:02 ----AS---- C:\WINDOWS\bootstat.dat
2012-03-18 19:10:35 ----D---- C:\WINDOWS\system32\xircom
2012-03-18 19:10:35 ----D---- C:\Program Files\xerox
2012-03-18 19:10:35 ----D---- C:\Program Files\microsoft frontpage
2012-03-18 19:10:14 ----RASH---- C:\MSDOS.SYS
2012-03-18 19:10:14 ----RASH---- C:\IO.SYS
2012-03-18 19:10:14 ----A---- C:\WINDOWS\control.ini
2012-03-18 19:10:14 ----A---- C:\CONFIG.SYS
2012-03-18 19:10:14 ----A---- C:\AUTOEXEC.BAT
2012-03-18 19:09:59 ----A---- C:\WINDOWS\OEWABLog.txt
2012-03-18 19:09:54 ----A---- C:\WINDOWS\system32\mapi32.dll
2012-03-18 19:09:01 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-03-18 19:09:01 ----RD---- C:\WINDOWS\Offline Web Pages
2012-03-18 19:08:50 ----HD---- C:\Program Files\WindowsUpdate
2012-03-18 19:08:32 ----D---- C:\WINDOWS\system32\DirectX
2012-03-18 19:08:28 ----A---- C:\WINDOWS\system32\atrace.dll
2012-03-18 19:08:25 ----A---- C:\WINDOWS\system32\desktop.ini
2012-03-18 19:08:25 ----A---- C:\WINDOWS\desktop.ini
2012-03-18 19:08:20 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2012-03-18 19:08:19 ----A---- C:\WINDOWS\system32\acctres.dll
2012-03-18 19:08:18 ----D---- C:\Program Files\Common Files\Services
2012-03-18 19:08:16 ----SD---- C:\WINDOWS\Tasks
2012-03-18 19:08:16 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2012-03-18 19:08:15 ----D---- C:\Program Files\Common Files\MSSoap
2012-03-18 19:08:12 ----D---- C:\WINDOWS\srchasst
2012-03-18 19:08:11 ----D---- C:\WINDOWS\system32\Macromed
2012-03-18 19:08:09 ----A---- C:\WINDOWS\system32\wuweb.dll
2012-03-18 19:08:09 ----A---- C:\WINDOWS\system32\wucltui.dll
2012-03-18 19:08:09 ----A---- C:\WINDOWS\system32\wuauserv.dll
2012-03-18 19:08:09 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2012-03-18 19:08:09 ----A---- C:\WINDOWS\system32\wuaueng.dll
2012-03-18 19:08:08 ----A---- C:\WINDOWS\system32\wups.dll
2012-03-18 19:08:08 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2012-03-18 19:08:08 ----A---- C:\WINDOWS\system32\wuauclt.exe
2012-03-18 19:08:08 ----A---- C:\WINDOWS\system32\wuapi.dll
2012-03-18 19:08:08 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2012-03-18 19:08:08 ----A---- C:\WINDOWS\system32\qmgr.dll
2012-03-18 19:08:08 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2012-03-18 19:08:08 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2012-03-18 19:08:08 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2012-03-18 19:08:05 ----D---- C:\Program Files\Movie Maker
2012-03-18 19:07:51 ----A---- C:\WINDOWS\system32\safrslv.dll
2012-03-18 19:07:51 ----A---- C:\WINDOWS\system32\safrdm.dll
2012-03-18 19:07:51 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2012-03-18 19:07:51 ----A---- C:\WINDOWS\system32\racpldlg.dll
2012-03-18 19:07:48 ----A---- C:\WINDOWS\system32\fltMc.exe
2012-03-18 19:07:48 ----A---- C:\WINDOWS\system32\fltlib.dll
2012-03-18 19:07:47 ----D---- C:\WINDOWS\system32\Restore
2012-03-18 19:07:47 ----A---- C:\WINDOWS\system32\srsvc.dll
2012-03-18 19:07:47 ----A---- C:\WINDOWS\system32\srrstr.dll
2012-03-18 19:07:47 ----A---- C:\WINDOWS\system32\srclient.dll
2012-03-18 19:07:47 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2012-03-18 19:07:47 ----A---- C:\WINDOWS\system32\drivers\fltMgr.sys
2012-03-18 19:07:46 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2012-03-18 19:07:46 ----A---- C:\WINDOWS\system32\msconf.dll
2012-03-18 19:07:46 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2012-03-18 19:07:46 ----A---- C:\WINDOWS\system32\mnmdd.dll
2012-03-18 19:07:46 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2012-03-18 19:07:46 ----A---- C:\WINDOWS\system32\ils.dll
2012-03-18 19:07:44 ----D---- C:\Program Files\NetMeeting
2012-03-18 19:07:44 ----A---- C:\WINDOWS\system32\msoert2.dll
2012-03-18 19:07:44 ----A---- C:\WINDOWS\system32\msoeacct.dll
2012-03-18 19:07:43 ----A---- C:\WINDOWS\system32\inetres.dll
2012-03-18 19:07:42 ----A---- C:\WINDOWS\system32\inetcomm.dll
2012-03-18 19:07:41 ----D---- C:\Program Files\Outlook Express
2012-03-18 19:07:41 ----A---- C:\WINDOWS\system32\schedsvc.dll
2012-03-18 19:07:41 ----A---- C:\WINDOWS\system32\mstinit.exe
2012-03-18 19:07:41 ----A---- C:\WINDOWS\system32\mstask.dll
2012-03-18 19:07:40 ----A---- C:\WINDOWS\system32\isign32.dll
2012-03-18 19:07:40 ----A---- C:\WINDOWS\system32\inetcfg.dll
2012-03-18 19:07:40 ----A---- C:\WINDOWS\system32\icwphbk.dll
2012-03-18 19:07:40 ----A---- C:\WINDOWS\system32\icwdial.dll
2012-03-18 19:07:35 ----D---- C:\Program Files\Common Files\System
2012-03-18 19:07:32 ----D---- C:\Program Files\Internet Explorer
2012-03-18 19:07:04 ----A---- C:\WINDOWS\system32\emptyregdb.dat
2012-03-18 19:06:55 ----D---- C:\Program Files\ComPlus Applications
2012-03-18 19:06:53 ----A---- C:\WINDOWS\vbaddin.ini
2012-03-18 19:06:53 ----A---- C:\WINDOWS\vb.ini
2012-03-18 19:06:48 ----D---- C:\WINDOWS\Registration
2012-03-18 19:06:41 ----D---- C:\Program Files\Online Services
2012-03-18 19:06:40 ----D---- C:\Program Files\Windows Media Player
2012-03-18 19:06:33 ----D---- C:\Program Files\Messenger
2012-03-18 19:06:29 ----D---- C:\Program Files\MSN Gaming Zone
2012-03-18 19:06:29 ----A---- C:\WINDOWS\system32\write.exe
2012-03-18 19:06:22 ----A---- C:\WINDOWS\system32\sndvol32.exe
2012-03-18 19:06:22 ----A---- C:\WINDOWS\system32\hticons.dll
2012-03-18 19:06:22 ----A---- C:\WINDOWS\system32\avwav.dll
2012-03-18 19:06:22 ----A---- C:\WINDOWS\system32\avmeter.dll
2012-03-18 19:06:21 ----A---- C:\WINDOWS\system32\winchat.exe
2012-03-18 19:06:21 ----A---- C:\WINDOWS\system32\avtapi.dll
2012-03-18 19:06:16 ----A---- C:\WINDOWS\system32\charmap.exe
2012-03-18 19:06:16 ----A---- C:\WINDOWS\system32\getuname.dll
2012-03-18 19:06:16 ----A---- C:\WINDOWS\system32\calc.exe
2012-03-18 19:06:15 ----A---- C:\WINDOWS\system32\winmine.exe
2012-03-18 19:06:15 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2012-03-18 19:06:15 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2012-03-18 19:06:15 ----A---- C:\WINDOWS\system32\tslabels.ini
2012-03-18 19:06:15 ----A---- C:\WINDOWS\system32\tskill.exe
2012-03-18 19:06:15 ----A---- C:\WINDOWS\system32\sol.exe
2012-03-18 19:06:15 ----A---- C:\WINDOWS\system32\reset.exe
2012-03-18 19:06:15 ----A---- C:\WINDOWS\system32\mshearts.exe
2012-03-18 19:06:15 ----A---- C:\WINDOWS\system32\freecell.exe
2012-03-18 19:06:14 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2012-03-18 19:06:14 ----A---- C:\WINDOWS\system32\tscon.exe
2012-03-18 19:06:14 ----A---- C:\WINDOWS\system32\shadow.exe
2012-03-18 19:06:14 ----A---- C:\WINDOWS\system32\rwinsta.exe
2012-03-18 19:06:14 ----A---- C:\WINDOWS\system32\regini.exe
2012-03-18 19:06:14 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2012-03-18 19:06:14 ----A---- C:\WINDOWS\system32\qwinsta.exe
2012-03-18 19:06:14 ----A---- C:\WINDOWS\system32\qappsrv.exe
2012-03-18 19:06:14 ----A---- C:\WINDOWS\system32\msg.exe
2012-03-18 19:06:14 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2012-03-18 19:06:14 ----A---- C:\WINDOWS\system32\logoff.exe
2012-03-18 19:06:14 ----A---- C:\WINDOWS\system32\cdmodem.dll
2012-03-18 19:06:09 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2012-03-18 19:05:59 ----D---- C:\Program Files\MSN
2012-03-18 19:05:58 ----A---- C:\WINDOWS\system32\sndrec32.exe
2012-03-18 19:05:58 ----A---- C:\WINDOWS\system32\mplay32.exe
2012-03-18 19:05:58 ----A---- C:\WINDOWS\system32\hypertrm.dll
2012-03-18 19:05:58 ----A---- C:\WINDOWS\system32\accwiz.exe
2012-03-18 19:05:57 ----D---- C:\Program Files\Windows NT
2012-03-18 19:05:57 ----A---- C:\WINDOWS\system32\spider.exe
2012-03-18 19:05:57 ----A---- C:\WINDOWS\system32\mspaint.exe
2012-03-18 19:05:57 ----A---- C:\WINDOWS\system32\clipbrd.exe
2012-03-18 19:05:56 ----D---- C:\WINDOWS\system32\en-US
2012-03-18 19:05:56 ----A---- C:\WINDOWS\system32\tsgqec.dll
2012-03-18 19:05:56 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2012-03-18 19:05:56 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2012-03-18 19:05:56 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2012-03-18 19:05:56 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2012-03-18 19:05:56 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2012-03-18 19:05:56 ----A---- C:\WINDOWS\system32\aaclient.dll
2012-03-18 19:05:55 ----A---- C:\WINDOWS\system32\remotepg.dll
2012-03-18 19:05:55 ----A---- C:\WINDOWS\system32\rdshost.exe
2012-03-18 19:05:55 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2012-03-18 19:05:55 ----A---- C:\WINDOWS\system32\mstscax.dll
2012-03-18 19:05:55 ----A---- C:\WINDOWS\system32\mstsc.exe
2012-03-18 19:05:54 ----D---- C:\WINDOWS\system32\MsDtc
2012-03-18 19:05:54 ----A---- C:\WINDOWS\system32\termsrv.dll
2012-03-18 19:05:54 ----A---- C:\WINDOWS\system32\sessmgr.exe
2012-03-18 19:05:54 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2012-03-18 19:05:54 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2012-03-18 19:05:54 ----A---- C:\WINDOWS\system32\rdpclip.exe
2012-03-18 19:05:54 ----A---- C:\WINDOWS\system32\rdchost.dll
2012-03-18 19:05:54 ----A---- C:\WINDOWS\system32\qprocess.exe
2012-03-18 19:05:54 ----A---- C:\WINDOWS\system32\mtxoci.dll
2012-03-18 19:05:54 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2012-03-18 19:05:54 ----A---- C:\WINDOWS\system32\icaapi.dll
2012-03-18 19:05:54 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2012-03-18 19:05:53 ----A---- C:\WINDOWS\system32\xolehlp.dll
2012-03-18 19:05:53 ----A---- C:\WINDOWS\system32\msdtctm.dll
2012-03-18 19:05:53 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2012-03-18 19:05:53 ----A---- C:\WINDOWS\system32\msdtclog.dll
2012-03-18 19:05:53 ----A---- C:\WINDOWS\system32\msdtc.exe
2012-03-18 19:05:52 ----D---- C:\WINDOWS\system32\Com
2012-03-18 19:05:52 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2012-03-18 19:05:52 ----A---- C:\WINDOWS\system32\mtxex.dll
2012-03-18 19:05:52 ----A---- C:\WINDOWS\system32\mtxdm.dll
2012-03-18 19:05:52 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2012-03-18 19:05:52 ----A---- C:\WINDOWS\system32\comrepl.dll
2012-03-18 19:05:52 ----A---- C:\WINDOWS\system32\comaddin.dll
2012-03-18 19:05:52 ----A---- C:\WINDOWS\system32\colbact.dll
2012-03-18 19:05:51 ----A---- C:\WINDOWS\system32\stclient.dll
2012-03-18 19:05:51 ----A---- C:\WINDOWS\system32\clbcatex.dll
2012-03-18 19:05:51 ----A---- C:\WINDOWS\system32\catsrvut.dll
2012-03-18 19:05:51 ----A---- C:\WINDOWS\system32\catsrvps.dll
2012-03-18 19:05:51 ----A---- C:\WINDOWS\system32\catsrv.dll
2012-03-18 19:05:50 ----A---- C:\WINDOWS\system32\comuid.dll
2012-03-18 19:05:50 ----A---- C:\WINDOWS\system32\comsvcs.dll
2012-03-18 19:05:50 ----A---- C:\WINDOWS\system32\comsnap.dll
2012-03-18 19:05:50 ----A---- C:\WINDOWS\system32\clbcatq.dll
2012-03-18 19:05:44 ----A---- C:\WINDOWS\system32\servdeps.dll
2012-03-18 19:05:44 ----A---- C:\WINDOWS\system32\mmfutil.dll
2012-03-18 19:05:43 ----A---- C:\WINDOWS\system32\licwmi.dll
2012-03-18 19:05:43 ----A---- C:\WINDOWS\system32\cmprops.dll
2012-03-18 19:05:41 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2012-03-18 19:05:41 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys

======List of files/folders modified in the last 1 month======

2012-03-18 20:02:48 ----A---- C:\WINDOWS\system.ini
2012-03-18 19:10:14 ----A---- C:\WINDOWS\win.ini
2012-03-18 19:09:42 ----ASH---- C:\WINDOWS\fonts\desktop.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-01-31 137416]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2011-09-16 36000]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2012-01-31 74640]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-08 120830]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-08 98842]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-11-29 163328]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-10-08 93979]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2003-03-31 12160]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-27 578304]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2012-01-31 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

-----------------EOF-----------------

#18 Příspěvek od **vyosek** » 19 bře 2012 10:03

Log jiz vypada cisty

rey_619 · #19 Příspěvek od **rey_619** » 19 bře 2012 20:34

lenze RSIT som spustal bez pripojeneho flash disku. mam ho zapojit a dat sem novy log, alebo rsit skenuje iba systemovy disk

#20 Příspěvek od **vyosek** » 20 bře 2012 00:47

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
Spustte a kliknete na Deletion
Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

rey_619 · #21 Příspěvek od **rey_619** » 20 bře 2012 15:23

############################## | UsbFix 7.059 | [Deletion]

User: Lenka (Administrator) # LENKA-89367725A [ ]
Updated 16/09/2011 by El Desaparecido
Started at 14:59:08 | 20/03/2012
Website: http://eldesaparecido.com
Submit your sample: http://eldesaparecido.com/support.php
Contact: contact@eldesaparecido.com

CPU: Intel(R) Pentium(R) 4 CPU 2.80GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 6.0.2900.5512

Windows Firewall: Enabled
Antivirus: Avira Desktop 12.1.0.18 [(!) Disabled | Updated]
RAM -> 759 Mb
C:\ (%systemdrive%) -> Fixed drive # 10 Gb (3 Mb free - 30%) [] # NTFS
D:\ -> Fixed drive # 27 Gb (10 Mb free - 36%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 965 Mb (958 Mb free - 99%) [OPENSAT] # NTFS
G:\ -> Removable drive # 15 Gb (13 Mb free - 87%) [INTENSO] # FAT32
H:\ -> Fixed drive # 466 Gb (211 Mb free - 45%) [] # NTFS

################## | Files # Infected Folders |

Deleted ! C:\Recycler\S-1-5-21-436374069-583907252-1177238915-1003
Deleted ! D:\Recycler\S-1-5-21-436374069-583907252-1177238915-1003
Deleted ! D:\Recycler\S-1-5-21-583907252-1993962763-839522115-1003
Deleted ! H:\Recycler\S-1-5-21-1417001333-2147085195-1177238915-1003
Deleted ! H:\Recycler\S-1-5-21-436374069-583907252-1177238915-1003
Deleted ! H:\Recycler\S-1-5-21-583907252-1085031214-1606980848-1003
Deleted ! H:\Recycler\S-1-5-21-583907252-1993962763-839522115-1003
Deleted ! H:\Recycler\S-1-5-21-823518204-1336601894-725345543-1004

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Adobe Reader Speed Launcher

################## | Mountpoints2 |

################## | Listing |

[18/03/2012 - 19:10:14 | N | 0] C:\AUTOEXEC.BAT
[18/03/2012 - 19:04:56 | N | 211] C:\boot.ini
[18/03/2012 - 19:10:14 | N | 0] C:\CONFIG.SYS
[18/03/2012 - 19:16:15 | D ] C:\Documents and Settings
[18/03/2012 - 19:10:14 | N | 0] C:\IO.SYS
[18/03/2012 - 19:10:14 | N | 0] C:\MSDOS.SYS
[13/04/2008 - 21:13:04 | N | 47564] C:\NTDETECT.COM
[13/04/2008 - 23:01:44 | N | 250048] C:\ntldr
[20/03/2012 - 14:46:09 | ASH | 1195376640] C:\pagefile.sys
[19/03/2012 - 20:11:35 | D ] C:\Program Files
[20/03/2012 - 15:00:38 | SHD ] C:\RECYCLER
[18/03/2012 - 20:08:31 | D ] C:\rsit
[18/03/2012 - 19:24:17 | D ] C:\SWSetup
[18/03/2012 - 19:15:14 | SHD ] C:\System Volume Information
[19/03/2012 - 00:44:56 | D ] C:\totalcmd
[20/03/2012 - 15:00:38 | D ] C:\UsbFix
[20/03/2012 - 15:03:29 | A | 1746] C:\UsbFix.txt
[20/03/2012 - 14:46:51 | D ] C:\WINDOWS
[28/03/2011 - 09:03:57 | D ] D:\11495
[14/02/2012 - 16:13:52 | D ] D:\11495n
[13/03/2012 - 23:51:34 | D ] D:\Ace_Translator_v6.5
[16/02/2012 - 19:57:30 | D ] D:\android
[13/03/2012 - 20:56:31 | N | 436652] D:\cc_20120313_205548 (zaloha registrov ccleaner).reg
[13/03/2012 - 20:57:43 | N | 2142] D:\cc_20120313_205739.reg
[13/03/2012 - 20:58:19 | N | 264] D:\cc_20120313_205816.reg
[19/03/2012 - 01:09:06 | D ] D:\Config.Msi
[13/03/2012 - 23:51:14 | D ] D:\diplomovka
[15/11/2011 - 16:02:51 | D ] D:\Downloads
[19/03/2012 - 20:31:00 | D ] D:\DP
[07/04/2011 - 16:22:20 | D ] D:\DP final
[12/02/2012 - 21:11:40 | N | 929203] D:\DSC_0022.jpg
[12/02/2012 - 22:14:00 | N | 102750] D:\DSC_0023.jpg
[12/02/2012 - 22:21:56 | N | 170206] D:\DSC_0025.jpg
[12/02/2012 - 22:22:42 | N | 207155] D:\DSC_0026.jpg
[13/02/2012 - 16:52:40 | N | 779956] D:\DSC_0027.jpg
[13/03/2012 - 16:27:49 | N | 77113623] D:\Encyclopedia of Dairy Sciences decrypt.pdf
[05/03/2012 - 23:19:41 | D ] D:\foto
[19/11/2009 - 10:49:08 | D ] D:\GP-robota
[07/11/2010 - 22:30:49 | D ] D:\Groma7
[18/03/2012 - 19:25:15 | D ] D:\HP drivers
[21/12/2011 - 01:23:59 | D ] D:\Hry
[08/11/2010 - 22:09:23 | D ] D:\HUDBA
[13/03/2012 - 09:14:12 | D ] D:\hudba moja z plochy
[15/10/2011 - 16:23:51 | D ] D:\Incomplete
[03/11/2011 - 19:45:24 | D ] D:\Lenka-plocha
[15/10/2011 - 16:23:39 | D ] D:\LimeWire
[13/03/2012 - 22:11:13 | D ] D:\mozilla
[10/11/2009 - 09:46:23 | D ] D:\mp3 usb
[21/01/2009 - 16:10:51 | D ] D:\msdownld.tmp
[06/10/2007 - 15:30:15 | RHD ] D:\MSOCache
[11/12/2008 - 19:13:22 | D ] D:\My Pictures
[13/03/2011 - 12:56:33 | D ] D:\Orovnica-slavnosti
[25/08/2011 - 20:52:56 | N | 27188] D:\prax.docx
[19/03/2012 - 01:33:35 | D ] D:\Program Files
[07/11/2010 - 22:29:28 | D ] D:\programy
[20/03/2012 - 15:00:38 | SHD ] D:\RECYCLER
[18/03/2012 - 19:16:27 | SHD ] D:\System Volume Information
[12/03/2012 - 21:26:11 | D ] D:\TRANSLAT
[26/01/2012 - 02:14:58 | D ] D:\VIDEO
[02/11/2011 - 12:22:35 | D ] D:\z mp3
[09/11/2010 - 21:57:28 | D ] D:\z prehravaca
[09/11/2010 - 17:20:50 | D ] D:\Škola
[18/03/2012 - 20:48:22 | D ] G:\programy
[19/03/2012 - 22:05:02 | D ] G:\DP
[19/03/2012 - 22:05:22 | D ] G:\Pochutiny a nápoje
[30/12/2011 - 14:09:08 | D ] H:\dva a pol chlapa
[13/03/2012 - 19:10:35 | N | 58242560] H:\ess_nt32_sky.msi
[14/02/2012 - 15:50:52 | D ] H:\G600
[12/02/2012 - 18:34:45 | D ] H:\Hry
[03/03/2012 - 18:49:14 | D ] H:\Hudba
[14/02/2012 - 15:46:03 | D ] H:\i8910
[18/02/2012 - 21:59:13 | D ] H:\Intenso
[30/12/2011 - 16:28:04 | D ] H:\msdownld.tmp
[25/02/2012 - 15:00:29 | D ] H:\neda sa odstranit
[03/03/2012 - 15:43:35 | D ] H:\Nový priečinok
[18/03/2012 - 21:12:58 | D ] H:\PC Translator 2010 SK-EN
[20/02/2012 - 19:22:11 | D ] H:\psp
[20/03/2012 - 15:00:38 | SHD ] H:\RECYCLER
[18/03/2012 - 21:11:36 | SHD ] H:\System Volume Information
[18/03/2012 - 21:12:42 | D ] H:\TuneUp Utilities 2011
[18/03/2012 - 21:13:37 | D ] H:\VIDEO

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
D:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
F:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
G:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
H:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_LENKA-89367725A.zip
http://eldesaparecido.com/support.php
Thank you for your contribution.

################## | E.O.F |

#22 Příspěvek od **vyosek** » 20 bře 2012 17:50

Znovu spusťte Usbfix a zvolte možnost Uninstall.

A melo by to byt OK

rey_619 · #23 Příspěvek od **rey_619** » 20 bře 2012 20:16

schvalne som nainstaloval Eset a pri pripojenom flash disku stale hlasi ten virus, bez usb nehlasi. formatovanie nepomoze, takze mam ten flash disk zahodit alebo je este nejaka sanca odstranit ten virus?

#24 Příspěvek od **vyosek** » 20 bře 2012 20:47

Dejte mi prosim screen toho hlaseni

rey_619 · #25 Příspěvek od **rey_619** » 20 bře 2012 21:00

Uploaded with ImageShack.us

#26 Příspěvek od **vyosek** » 20 bře 2012 21:14

Stahnete aswMBR http://public.avast.com/%7Egmerek/aswMBR.exe a ulozte jej na plochu.

Utilitu spustte a prikazte ji, at skenuje - klik na Scan
Kliknutim na Save log ulozte log aswMBR na plochu
Obsah logu aswMBR mi sem vlozte

rey_619 · #27 Příspěvek od **rey_619** » 20 bře 2012 21:30

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-20 21:24:17
-----------------------------
21:24:17.890 OS Version: Windows 5.1.2600 Service Pack 3
21:24:17.890 Number of processors: 1 586 0x209
21:24:17.890 ComputerName: LENKA-89367725A UserName: Lenka
21:24:18.468 Initialize success
21:25:07.093 AVAST engine defs: 12032000
21:25:18.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:25:18.031 Disk 0 Vendor: ST340014A 3.06 Size: 38166MB BusType: 3
21:25:18.031 Disk 0 MBR read successfully
21:25:18.031 Disk 0 MBR scan
21:25:18.093 Disk 0 Windows XP default MBR code
21:25:18.109 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 10003 MB offset 63
21:25:18.109 Disk 0 Partition - 00 0F Extended LBA 28158 MB offset 20487600
21:25:18.125 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 28158 MB offset 20487663
21:25:18.125 Disk 0 scanning sectors +78155280
21:25:18.218 Disk 0 scanning C:\WINDOWS\system32\drivers
21:25:29.468 Service scanning
21:25:50.109 Modules scanning
21:25:59.531 Disk 0 trace - called modules:
21:25:59.937 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
21:25:59.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fcbab8]
21:25:59.937 3 CLASSPNP.SYS[f7716fd7] -> nt!IofCallDriver -> \Device\00000054[0x82f90f18]
21:25:59.937 5 ACPI.sys[f768d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f8f940]
21:26:00.093 AVAST engine scan C:\WINDOWS
21:26:02.781 AVAST engine scan C:\WINDOWS\system32
21:28:29.640 AVAST engine scan C:\WINDOWS\system32\drivers
21:28:45.796 AVAST engine scan C:\Documents and Settings\Lenka
21:29:30.015 AVAST engine scan C:\Documents and Settings\All Users
21:29:43.734 Scan finished successfully
21:30:23.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Lenka\Desktop\MBR.dat"
21:30:23.859 The log file has been saved successfully to "C:\Documents and Settings\Lenka\Desktop\aswMBR.txt"

#28 Příspěvek od **vyosek** » 20 bře 2012 21:35

Nasledujici soubory otestujte na VirusTotalu https://www.virustotal.com/cs/

C:\Documents and Settings\Lenka\Desktop\MBR.dat
Kliknete na Choose file
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Kliknete na Scan It
Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
Vysledek analyzy sem vlozte (jako odkaz)

rey_619 · #29 Příspěvek od **rey_619** » 20 bře 2012 22:02

https://www.virustotal.com/file/fa70e89 ... 332277155/

#30 Příspěvek od **vyosek** » 20 bře 2012 22:20

On ten kram bude jinde nez na systemovem

Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe

Ulozte nejlepe na plochu
Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Scan
Po chvilce se objevi na plose soubory Dump_Hdd0_DR0.mbr, Dump_Hdd1_DR1.mbr apod
vsechny ty dumpy zabalte do raru a uploadnete treba na LP http://leteckaposta.cz/

VIRY.CZ

TSR.BOOT virus

Re: TSR.BOOT virus

Re: TSR.BOOT virus

Re: TSR.BOOT virus

Re: TSR.BOOT virus

Re: TSR.BOOT virus

Re: TSR.BOOT virus

Re: TSR.BOOT virus

Re: TSR.BOOT virus

Re: TSR.BOOT virus

Re: TSR.BOOT virus

Re: TSR.BOOT virus

Re: TSR.BOOT virus

Re: TSR.BOOT virus

Re: TSR.BOOT virus

Re: TSR.BOOT virus