Infiltrace Protector.N virus

Zpráva

Kobrik · #1 Příspěvek od **Kobrik** » 14 zář 2010 21:02

Dobrý den,
Antivirový program Eset nod antivirus 4.2 mi hlásí infiltraci Protector.N virus v souboru C:\Windows\system32\drivers\cdrom.sys. komentář k nálezu...... Tato skutečnost byla zjištěna při pokusu o přístup k souboru aplikací: C:\Windows\system32\svchost.exe. Vir je uložen v karanténě, nicméně stále mi vyskakuje hlášení Nodu o infiltraci. PC je dosti zpomalené a při některých úkolech na chvíli zamrzá. Dále byly nalezeny další nakažené soubory Trojským koněm, které se jak doufám podařilo vyléčit, či odstranit. Zkoušel jsem aplikovat program Conbofix, ale po spuštění se sám vypne a smaže. Přejměnování na grinder.com nepomohlo a situace se opakuje. Můžete mi prosím pomoci s řešením problému? Předem mnohokrát děkuji. Přikládám Log programu RSIT.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Bronislav Žáček at 2010-08-14 21:34:05
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 114 GB (78%) free of 147 GB
Total RAM: 2047 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:34:20, on 14.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dgdersvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Citrix\ICA Client\PNAMAIN.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Bronislav Žáček\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bronislav Žáček\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bronislav Žáček\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bronislav Žáček\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bronislav Žáček\Dokumenty\Downloads\RSIT.exe
C:\WINDOWS\system32\HPBPRO.EXE
C:\Program Files\trend micro\Bronislav Žáček.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.1.112.9/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.112.175.67:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.1.1.171;172.22.4.31:8080;10.1.112.3;synot-sd;10.1.29.187;10.1.112.9;maxpower.gamemonitoring.cz;80.251.247.117;citrix-web;10.1.29.*;10.1.1.170;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Freecause Shopping BHO - {998A3C0C-8914-4D2A-AE36-BFA2E5AE6D5D} - C:\Program Files\Digsby Donates\ShoppingBHO.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Digsby Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [viwynni] C:\Documents and Settings\Bronislav Žáček\Data aplikací\Microsoft\buroutubi.exe
O4 - HKCU\..\Run: [wuaucldt] c:\documents and settings\bronislav Žáček\wuaucldt.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 703q0hc.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Online plug-in.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3831363431
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71C0ACB6-A81D-485C-A092-8C227CDC6015}: NameServer = 10.1.29.132,10.1.29.133
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\WINDOWS\system32\dgdersvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: PowerUtility TV Recording Reservation (ekeiidyko6koty) - Unknown owner - C:\WINDOWS\system32\weda.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe

--
End of file - 9856 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{5FBF80ED-672D-4256-B380-FD88BB024233}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{E7CA6F26-AD3A-4ECD-ACAD-7C779DAE33F7}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{FB2531FB-FAEE-437E-A52B-003A43ED731D}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{998A3C0C-8914-4D2A-AE36-BFA2E5AE6D5D}]
Digsby Donates - C:\Program Files\Digsby Donates\ShoppingBHO.dll [2010-07-11 638976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Digsby Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Digsby Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-25 16855552]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-10-11 1826816]
"ConnectionCenter"=C:\Program Files\Citrix\ICA Client\concentr.exe [2009-09-12 103768]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]
"TomcatStartup"=C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [2003-03-31 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2010-07-28 3365176]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-08-12 2215064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2010-08-20 323392]
"KiesTrayAgent"= []
"viwynni"=C:\Documents and Settings\Bronislav Žáček\Data aplikací\Microsoft\buroutubi.exe []
"wuaucldt"=c:\documents and settings\bronislav Žáček\wuaucldt.exe []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Online plug-in.lnk - C:\WINDOWS\Installer\{B8A2256E-6225-4D9E-B1C9-C26CA1E22FEB}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Bronislav Žáček\Nabídka Start\Programy\Po spuštění
703q0hc.exe
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-03-29 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ckpNotify]
C:\WINDOWS\system32\ckpNotify.dll [2006-04-09 24674]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application"
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\SJphone 1.65\SJphone.exe"="C:\Program Files\SJphone 1.65\SJphone.exe:*:Enabled:SJphone 1.65"
"E:\Chatování\Miranda IM\miranda32.exe"="E:\Chatování\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"E:\Miranda IM\miranda32.exe"="E:\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Documents and Settings\Tomáš Stojaník\Plocha\config.exe"="C:\Documents and Settings\Tomáš Stojaník\Plocha\config.exe:*:Enabled:Konfigurátor SGS Monitorů"
"C:\Documents and Settings\Bronislav Žáček\temp\TeamViewer\Version5\TeamViewer.exe"="C:\Documents and Settings\Bronislav Žáček\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer"
"C:\Documents and Settings\Bronislav Žáček\Data aplikací\Microsoft\Internet Explorer\Quick Launch\config.exe"="C:\Documents and Settings\Bronislav Žáček\Data aplikací\Microsoft\Internet Explorer\Quick Launch\config.exe:*:Enabled:Konfigurátor SGS Monitorů"
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw"
"C:\Documents and Settings\Martin Bilík\Plocha\config.exe"="C:\Documents and Settings\Martin Bilík\Plocha\config.exe:*:Enabled:Konfigurátor SGS Monitorů"
"E:\Softík FL\Miranda IM\miranda32.exe"="E:\Softík FL\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Documents and Settings\Miroslav Turčínek\Plocha\config.exe"="C:\Documents and Settings\Miroslav Turčínek\Plocha\config.exe:*:Enabled:Konfigurátor SGS Monitorů"
"C:\Documents and Settings\Bronislav Žáček\Plocha\config.exe"="C:\Documents and Settings\Bronislav Žáček\Plocha\config.exe:*:Enabled:Konfigurátor SGS Monitorů"
"G:\Miranda IM\miranda32.exe"="G:\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"E:\Chatování\Skype\Phone\Skype.exe"="E:\Chatování\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application"
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics"

======List of files/folders created in the last 2 months======

2010-09-13 16:30:45 ----D---- C:\Program Files\ESET
2010-09-13 16:30:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-09-13 11:02:10 ----SHD---- C:\$RECYCLE.BIN
2010-09-13 10:01:57 ----D---- C:\Program Files\CCleaner
2010-09-12 23:07:43 ----A---- C:\WINDOWS\system32\CF25374.exe
2010-09-12 22:22:18 ----A---- C:\WINDOWS\system32\CF16478.exe
2010-09-12 22:21:27 ----A---- C:\WINDOWS\system32\CF16312.exe
2010-09-12 21:59:37 ----A---- C:\WINDOWS\system32\CF12008.exe
2010-09-12 21:58:13 ----A---- C:\WINDOWS\system32\CF11747.exe
2010-09-12 21:57:31 ----A---- C:\WINDOWS\system32\CF11616.exe
2010-09-12 21:57:09 ----A---- C:\WINDOWS\system32\CF11485.exe
2010-09-12 20:55:20 ----D---- C:\WINDOWS\temp
2010-09-12 20:53:40 ----A---- C:\WINDOWS\system32\CF31867.exe
2010-09-12 20:52:00 ----A---- C:\WINDOWS\ntbtlog.txt
2010-09-12 20:45:55 ----A---- C:\WINDOWS\system32\CF30362.exe
2010-09-12 20:44:56 ----A---- C:\WINDOWS\system32\CF30169.exe
2010-09-12 20:44:16 ----A---- C:\WINDOWS\system32\CF30032.exe
2010-09-12 07:15:23 ----HDC---- C:\WINDOWS\ie8
2010-09-11 12:44:53 ----D---- C:\WINDOWS\ERDNT
2010-09-11 12:38:16 ----D---- C:\Qoobox
2010-09-05 02:57:14 ----D---- C:\Outlook záloha
2010-08-25 23:53:04 ----A---- C:\WINDOWS\system32\drivers\ssadmdfl.sys
2010-08-25 23:53:04 ----A---- C:\WINDOWS\system32\drivers\ssadcmnt.sys
2010-08-25 23:53:04 ----A---- C:\WINDOWS\system32\drivers\ssadcm.sys
2010-08-25 23:53:03 ----A---- C:\WINDOWS\system32\drivers\ssadmdm.sys
2010-08-25 23:53:01 ----A---- C:\WINDOWS\system32\drivers\ssadwhnt.sys
2010-08-25 23:53:01 ----A---- C:\WINDOWS\system32\drivers\ssadwh.sys
2010-08-25 23:53:01 ----A---- C:\WINDOWS\system32\drivers\ssadbus.sys
2010-08-25 23:51:43 ----A---- C:\WINDOWS\system32\FsUsbExService.Exe
2010-08-25 23:51:43 ----A---- C:\WINDOWS\system32\FsUsbExDisk.Sys
2010-08-25 23:51:43 ----A---- C:\WINDOWS\system32\FsUsbExDevice.Dll
2010-08-25 23:48:50 ----D---- C:\Documents and Settings\Bronislav Žáček\Data aplikací\Samsung
2010-08-25 23:48:27 ----D---- C:\Program Files\MarkAny
2010-08-25 23:48:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Samsung
2010-08-25 23:47:26 ----D---- C:\Program Files\Microsoft.NET
2010-08-25 23:44:27 ----N---- C:\WINDOWS\system32\SET353A.tmp
2010-08-25 23:44:26 ----N---- C:\WINDOWS\system32\SET3539.tmp
2010-08-25 23:44:26 ----N---- C:\WINDOWS\system32\SET3538.tmp
2010-08-25 23:44:26 ----D---- C:\3001944a79da2dc167
2010-08-25 23:42:24 ----SHD---- C:\Config.Msi
2010-08-25 23:40:29 ----D---- C:\9abd0e93463ab4957f491a
2010-08-25 23:09:59 ----D---- C:\Program Files\Samsung
2010-08-25 23:09:55 ----D---- C:\Program Files\Common Files\Samsung
2010-08-20 20:29:41 ----D---- C:\Program Files\DNA
2010-08-20 20:29:41 ----D---- C:\Documents and Settings\Bronislav Žáček\Data aplikací\DNA
2010-08-14 21:34:06 ----D---- C:\Program Files\trend micro
2010-08-14 21:34:05 ----D---- C:\rsit
2010-08-13 06:13:43 ----D---- C:\Program Files\Common Files\Java
2010-08-13 06:13:21 ----A---- C:\WINDOWS\system32\javaws.exe
2010-08-13 06:13:21 ----A---- C:\WINDOWS\system32\javaw.exe
2010-08-13 06:13:21 ----A---- C:\WINDOWS\system32\java.exe
2010-08-08 15:52:09 ----D---- C:\spoolerlogs
2010-08-04 22:04:34 ----A---- C:\WINDOWS\system32\ptpusb.dll
2010-08-04 22:04:33 ----A---- C:\WINDOWS\system32\ptpusd.dll
2010-08-04 22:04:32 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2010-08-04 11:50:36 ----A---- C:\WINDOWS\system32\drivers\eamon.sys
2010-08-03 13:28:36 ----A---- C:\WINDOWS\system32\drivers\epfwtdir.sys
2010-07-29 13:31:26 ----A---- C:\WINDOWS\system32\drivers\ehdrv.sys
2010-07-26 15:18:38 ----A---- C:\WINDOWS\system32\muzwmts.dll
2010-07-26 15:18:38 ----A---- C:\WINDOWS\system32\muzapp.exe
2010-07-26 15:18:38 ----A---- C:\WINDOWS\system32\muzapp.dll
2010-07-26 15:18:38 ----A---- C:\WINDOWS\system32\muzaf1.dll
2010-07-26 15:18:38 ----A---- C:\WINDOWS\system32\MTXSYNCICON.dll
2010-07-26 15:18:38 ----A---- C:\WINDOWS\system32\MTTELECHIP.dll
2010-07-26 15:18:38 ----A---- C:\WINDOWS\system32\MSLUR71.dll
2010-07-26 15:18:38 ----A---- C:\WINDOWS\system32\MSFLib.dll
2010-07-26 15:18:38 ----A---- C:\WINDOWS\system32\MSCLib.dll
2010-07-26 15:18:38 ----A---- C:\WINDOWS\system32\MK_Lyric.dll
2010-07-26 15:18:38 ----A---- C:\WINDOWS\system32\MaXMLProto.dll
2010-07-26 15:18:38 ----A---- C:\WINDOWS\system32\MASetupCleaner.exe
2010-07-26 15:18:38 ----A---- C:\WINDOWS\system32\MASetupCaller.dll
2010-07-26 15:18:38 ----A---- C:\WINDOWS\system32\MAMACExtract.dll
2010-07-26 15:18:38 ----A---- C:\WINDOWS\system32\MaJGUILib.dll
2010-07-26 15:18:38 ----A---- C:\WINDOWS\system32\MaDRM.dll
2010-07-26 15:18:38 ----A---- C:\WINDOWS\system32\MACXMLProto.dll
2010-07-26 15:18:38 ----A---- C:\WINDOWS\system32\issacapi_se-2.3.dll
2010-07-26 15:18:38 ----A---- C:\WINDOWS\system32\issacapi_pe-2.3.dll
2010-07-26 15:18:38 ----A---- C:\WINDOWS\system32\issacapi_bs-2.3.dll
2010-07-26 15:18:38 ----A---- C:\WINDOWS\system32\cis-2.4.dll
2010-07-26 15:17:06 ----A---- C:\WINDOWS\system32\drivers\dgderdrv.sys
2010-07-26 15:17:06 ----A---- C:\WINDOWS\system32\DIFxAPI.dll
2010-07-26 15:17:06 ----A---- C:\WINDOWS\system32\dgdersvc.exe
2010-07-26 15:17:06 ----A---- C:\WINDOWS\system32\dgderapi.dll
2010-07-17 18:03:36 ----D---- C:\Documents and Settings\Bronislav Žáček\Data aplikací\TrueCrypt
2010-07-17 18:00:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\TrueCrypt
2010-07-17 18:00:50 ----A---- C:\WINDOWS\system32\drivers\truecrypt.sys
2010-07-17 18:00:44 ----D---- C:\Program Files\TrueCrypt
2010-07-11 10:53:04 ----D---- C:\Documents and Settings\Bronislav Žáček\Data aplikací\Digsby
2010-07-11 10:53:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Digsby
2010-07-11 10:52:28 ----D---- C:\Program Files\Ask.com
2010-07-11 10:51:19 ----D---- C:\Documents and Settings\Bronislav Žáček\Data aplikací\FCSB000062215
2010-07-11 10:51:01 ----D---- C:\Program Files\Digsby Donates
2010-07-02 16:22:26 ----D---- C:\Documents and Settings\Bronislav Žáček\Data aplikací\gtk-2.0
2010-07-02 15:38:54 ----D---- C:\Program Files\GIMP-2.0
2010-07-01 06:09:21 ----D---- C:\Program Files\Common Files\Adobe
2010-07-01 06:09:21 ----D---- C:\Program Files\Adobe
2010-06-30 16:24:40 ----D---- C:\Documents and Settings\Bronislav Žáček\Data aplikací\Real
2010-06-24 16:17:50 ----D---- C:\Program Files\Microsoft Silverlight

======List of files/folders modified in the last 2 months======

2010-09-14 18:32:19 ----A---- C:\WINDOWS\wincmd.ini
2010-09-14 18:15:52 ----SD---- C:\WINDOWS\Tasks
2010-09-14 06:51:30 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-13 16:31:20 ----SHD---- C:\WINDOWS\Installer
2010-09-13 16:31:13 ----HD---- C:\WINDOWS\inf
2010-09-13 16:31:13 ----D---- C:\WINDOWS\system32\drivers
2010-09-13 16:25:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-13 16:18:49 ----SHD---- C:\WINDOWS\CSC
2010-09-13 16:10:38 ----D---- C:\WINDOWS\system32
2010-09-13 09:33:35 ----SD---- C:\Documents and Settings\Bronislav Žáček\Data aplikací\Microsoft
2010-09-12 22:35:14 ----D---- C:\WINDOWS\Help
2010-09-12 07:42:56 ----D---- C:\NVIDIA
2010-09-12 07:31:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-09-12 07:19:37 ----D---- C:\WINDOWS\system32\cs-cz
2010-09-12 07:19:37 ----D---- C:\Program Files\Internet Explorer
2010-09-12 07:18:18 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-12 07:18:15 ----A---- C:\WINDOWS\imsins.BAK
2010-09-12 07:17:38 ----D---- C:\WINDOWS\ie8updates
2010-09-12 07:16:45 ----D---- C:\WINDOWS\WBEM
2010-09-12 07:16:37 ----D---- C:\WINDOWS\Media
2010-09-12 07:15:07 ----A---- C:\WINDOWS\system32\MRT.exe
2010-09-10 19:33:44 ----SHD---- C:\RECYCLER
2010-08-30 01:53:05 ----D---- C:\Documents and Settings\Bronislav Žáček\Data aplikací\vlc
2010-08-26 02:07:43 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-26 02:07:27 ----RSD---- C:\WINDOWS\assembly
2010-08-25 23:53:31 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-25 23:53:06 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-08-25 23:50:06 ----D---- C:\Program Files\PC Connectivity Solution
2010-08-25 23:47:45 ----D---- C:\WINDOWS\WinSxS
2010-08-25 23:47:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-08-25 23:45:30 ----D---- C:\WINDOWS\system32\XPSViewer
2010-08-25 23:45:28 ----D---- C:\WINDOWS\system32\en-us
2010-08-25 23:45:23 ----RSD---- C:\WINDOWS\Fonts
2010-08-25 23:43:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-25 23:09:55 ----D---- C:\Program Files\Common Files
2010-08-14 21:34:16 ----D---- C:\WINDOWS\Prefetch
2010-08-14 21:34:06 ----RD---- C:\Program Files
2010-08-14 21:32:51 ----D---- C:\WINDOWS
2010-08-14 19:25:15 ----D---- C:\Program Files\Mozilla Firefox
2010-08-14 19:05:30 ----D---- C:\Documents and Settings\Bronislav Žáček\Data aplikací\OpenOffice.org2
2010-08-14 19:02:36 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-14 19:02:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-13 06:13:18 ----D---- C:\Program Files\Java
2010-08-06 06:04:19 ----D---- C:\Program Files\SJphone 1.65
2010-07-30 18:01:33 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-22 18:04:41 ----D---- C:\Documents and Settings
2010-07-22 18:03:34 ----A---- C:\WINDOWS\OEWABLog.txt
2010-07-18 21:03:31 ----D---- C:\Documents and Settings\Bronislav Žáček\Data aplikací\DAEMON Tools Lite
2010-07-17 05:00:04 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-07-05 01:36:41 ----D---- C:\WINDOWS\system
2010-07-01 06:09:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-06-24 17:57:24 ----A---- C:\WINDOWS\system32\ieframe.dll
2010-06-24 16:17:59 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-06-24 14:27:28 ----A---- C:\WINDOWS\system32\wininet.dll
2010-06-24 14:27:28 ----A---- C:\WINDOWS\system32\urlmon.dll
2010-06-24 14:27:27 ----N---- C:\WINDOWS\system32\occache.dll
2010-06-24 14:27:27 ----N---- C:\WINDOWS\system32\mstime.dll
2010-06-24 14:27:26 ----A---- C:\WINDOWS\system32\mshtml.dll
2010-06-24 14:27:24 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2010-06-24 14:27:24 ----A---- C:\WINDOWS\system32\msfeeds.dll
2010-06-24 14:27:24 ----A---- C:\WINDOWS\system32\jsproxy.dll
2010-06-24 14:27:24 ----A---- C:\WINDOWS\system32\iertutil.dll
2010-06-24 14:27:23 ----N---- C:\WINDOWS\system32\iepeers.dll
2010-06-24 14:27:22 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2010-06-23 14:08:09 ----N---- C:\WINDOWS\system32\ie4uinit.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 ctxusbm;Citrix USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-08-03 95896]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2010-07-17 223440]
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2010-03-25 123856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2010-03-25 41680]
R2 CP_OMDRV;Check Point Office Mode Module; C:\WINDOWS\System32\drivers\omdrv.sys [2006-04-09 36400]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient; C:\WINDOWS\system32\DRIVERS\vnasc.sys [2006-04-09 109072]
R2 vnccom;vnccom; C:\WINDOWS\System32\Drivers\vnccom.SYS [2004-06-26 6016]
R2 VPN-1;VPN-1 Module; C:\WINDOWS\System32\drivers\vpn.sys [2006-04-09 671472]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2008-11-12 37376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-03-29 2873856]
R3 dgderdrv;dgderdrv; C:\WINDOWS\System32\drivers\dgderdrv.sys [2010-07-26 18136]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 FW1;SecuRemote Miniport; C:\WINDOWS\system32\DRIVERS\fw.sys [2006-04-09 2234320]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-29 84992]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-01 4620288]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [2010-03-25 110608]
R3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
S0 cerc6;cerc6; C:\WINDOWS\system32\drivers\cerc6.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\TOMSTO~1\LOCALS~1\Temp\catchme.sys []
S3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\ssadbus.sys [2010-06-21 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys [2010-06-21 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\WINDOWS\system32\DRIVERS\ssadmdm.sys [2010-06-21 121576]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2010-03-25 99728]
S3 VBoxUSB;VirtualBox USB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [2010-03-25 31824]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-05-12 691696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-03-29 536576]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 dgdersvc;Device Error Recovery Service; C:\WINDOWS\system32\dgdersvc.exe [2010-07-26 95568]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2010-07-26 217088]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 SR_Service;Check Point SecuRemote Service; C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe [2006-04-09 110691]
R2 SR_WatchDog;Check Point SecuRemote WatchDog; C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe [2006-04-09 36964]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-03-28 593920]
S2 ekeiidyko6koty;PowerUtility TV Recording Reservation; C:\WINDOWS\system32\weda.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-08-12 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-08-01 65536]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **motji** » 14 zář 2010 21:05

Dobrý večer

Píšete že combofix se sám vypne a smaže? nehlásí něco o napadení pravděpodobně virutem?

#3 Příspěvek od **motji** » 14 zář 2010 21:14

Prošla jsem log, virut by to mohl být

, tak to raději prověříme. nechci Vás strašit, ale pokud je to virut, tak je to tak na formát

Pokud se dostanete do nouzového režimu (po restartu mačkejte f8), pracujte v něm.

Dejte soubor otestovat na http://www.virustotal.com
C:\Documents and Settings\Bronislav Žáček\Nabídka Start\Programy\Po spuštění\703q0hc.exe
c:\windows\system32\lsass.exe
c:\windows\system32\spoolsv.exe
c:\windows\system32\svchost.exe
c:\windows\system32\winlogon.exe
c:\windows\explorer.exe
c:\windows\system32\services.exe

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
Spusťte Otl,
-všechno odoznačte - nebo dejte na none.
- nastavte file created a file modified... na File age.
- do bílého pole zkopirujte tento skript:

Kód: Vybrat vše

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
ndis.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
cdrom.sys
nvgts.sys
iastorv.sys
ViPrt.sys
/md5stop
c:\windows\*.* /JN
c:\windows\*.* /HL
c:\windows\*.* /RP

-klikněte na run scan
-objeví se log, zkopírujte ho zde

Kobrik · #4 Příspěvek od **Kobrik** » 14 zář 2010 21:18

Nene, nevypíše vůbec nic, pouze to celé z nenadání spadne a Combofix se smaže. Pokud tedy nemyslíte, že to má zahlásit NOD, tak ten to taky nehlásí. Vyzkouším viz. výše. Formátu se bojím také

#5 Příspěvek od **motji** » 14 zář 2010 21:19

Tak combofix něco blokuje. ale on se většinou maže, když ho ohrožuje nějaký fileinfector

. Proveďte výše uvedené, minimálně do 11 hodin tu teď budu

Kobrik · #6 Příspěvek od **Kobrik** » 14 zář 2010 22:13

C:\Documents and Settings\Bronislav Žáček\Nabídka Start\Programy\Po spuštění\703q0hc.exe

Antivirus
Version
Last Update
Result
AhnLab-V3
2010.09.15.00
2010.09.14
Win-Trojan/Refroso.38400.AC
AntiVir
8.2.4.52
2010.09.14
TR/Refroso.bxag
Antiy-AVL
2.0.3.7
2010.09.14
-
Authentium
5.2.0.5
2010.09.14
W32/Troj_Obfusc.N.gen!Eldorado
Avast
4.8.1351.0
2010.09.14
Win32:Malware-gen
Avast5
5.0.594.0
2010.09.14
Win32:Malware-gen
AVG
9.0.0.851
2010.09.14
Dropper.Generic2.AVSZ
BitDefender
7.2
2010.09.14
Trojan.Generic.KDV.35657
CAT-QuickHeal
11.00
2010.09.14
-
ClamAV
0.96.2.0-git
2010.09.14
-
Comodo
6076
2010.09.14
-
DrWeb
5.0.2.03300
2010.09.14
Trojan.DownLoader1.14860
Emsisoft
5.0.0.37
2010.09.14
Virus.Win32.Injector!IK
eSafe
7.0.17.0
2010.09.14
-
eTrust-Vet
36.1.7854
2010.09.14
Win32/Refroso.CC
F-Prot
4.6.1.107
2010.09.14
W32/Troj_Obfusc.N.gen!Eldorado
F-Secure
9.0.15370.0
2010.09.14
Trojan.Generic.KDV.35657
Fortinet
4.1.143.0
2010.09.13
W32/Injector.IA!tr
GData
21
2010.09.14
Trojan.Generic.KDV.35657
Ikarus
T3.1.1.88.0
2010.09.14
Virus.Win32.Injector
Jiangmin
13.0.900
2010.09.14
Trojan/Refroso.kpb
K7AntiVirus
9.63.2512
2010.09.14
Riskware
Kaspersky
7.0.0.125
2010.09.14
Trojan.Win32.Refroso.bxag
McAfee
5.400.0.1158
2010.09.14
Generic.dx!ttj
McAfee-GW-Edition
2010.1B
2010.09.14
Generic.dx!ttj
Microsoft
1.6103
2010.09.14
VirTool:Win32/Injector.gen!AD
NOD32
5451
2010.09.14
a variant of Win32/Injector.CYI
Norman
6.06.06
2010.09.14
W32/Suspicious_Gen2.CHENA
nProtect
2010-09-14.01
2010.09.14
Trojan/W32.Refroso.38400.G
Panda
10.0.2.7
2010.09.14
Trj/CI.A
PCTools
7.0.3.5
2010.09.14
Trojan.Lethic
Prevx
3.0
2010.09.14
High Risk Cloaked Malware
Rising
22.65.01.04
2010.09.14
Trojan.Win32.Generic.5230E572
Sophos
4.57.0
2010.09.14
Mal/Generic-L
Sunbelt
6876
2010.09.14
Trojan.Win32.Generic!BT
SUPERAntiSpyware
4.40.0.1006
2010.09.14
-
Symantec
20101.1.1.7
2010.09.14
Packed.Generic.252
TheHacker
6.7.0.0.017
2010.09.14
Trojan/Refroso.bwxr
TrendMicro
9.120.0.1004
2010.09.14
TROJ_INJECT.SMC
TrendMicro-HouseCall
9.120.0.1004
2010.09.14
TROJ_INJECT.SMC
VBA32
3.12.14.0
2010.09.14
BScope.Backdoor.SdBot.ofw
ViRobot
2010.8.25.4006
2010.09.14
-
VirusBuster
12.65.6.0
2010.09.14
-

c:\windows\system32\lsass.exe - bez infiltrace
c:\windows\system32\spoolsv.exe - bez infiltrace
c:\windows\system32\svchost.exe - bez infiltrace
c:\windows\system32\winlogon.exe - bez infiltrace
c:\windows\explorer.exe - bez infiltrace
c:\windows\system32\services.exe - bez infiltrace

OTL bude za chvíli

Kobrik · #7 Příspěvek od **Kobrik** » 14 zář 2010 22:21

Nevím, jestli jsem ten OTL nastavil správně. Log se mi sem totiž nevejde. Obsahuje jednou tolik znaků, než je povoleno.

Kobrik · #8 Příspěvek od **Kobrik** » 14 zář 2010 22:37

Tak teď už by to snad mělo být OK:

OTL logfile created on: 14.8.2010 23:35:00 - Run 2
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Bronislav Žáček\Dokumenty\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143,14 Gb Total Space | 111,17 Gb Free Space | 77,66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 110,03 Gb Total Space | 1,76 Gb Free Space | 1,60% Space Free | Partition Type: NTFS
Drive T: | 7,99 Gb Total Space | 1,02 Gb Free Space | 12,71% Space Free | Partition Type: NTFS
Drive Z: | 143,14 Gb Total Space | 111,17 Gb Free Space | 77,66% Space Free | Partition Type: NTFS

Computer Name: ICT-F02B2B01D19
Current User Name: Bronislav Žáček
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Files/Folders - Created Within 30 Days ==========

[2010.09.13 16:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.09.13 16:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2010.09.13 11:02:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.09.13 10:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.09.12 23:07:43 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF25374.exe
[2010.09.12 22:22:18 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF16478.exe
[2010.09.12 22:21:27 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF16312.exe
[2010.09.12 21:59:37 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF12008.exe
[2010.09.12 21:58:13 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF11747.exe
[2010.09.12 21:57:31 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF11616.exe
[2010.09.12 21:57:09 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF11485.exe
[2010.09.12 20:55:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.09.12 20:53:40 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31867.exe
[2010.09.12 20:45:55 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF30362.exe
[2010.09.12 20:44:56 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF30169.exe
[2010.09.12 20:44:16 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF30032.exe
[2010.09.12 07:15:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.09.12 07:11:51 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010.09.11 12:44:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.09.11 07:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
[2010.09.05 02:57:14 | 000,000,000 | ---D | C] -- C:\Outlook záloha
[2010.08.26 02:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bronislav Žáček\Dokumenty\SelfMV
[2010.08.26 01:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bronislav Žáček\Local Settings\Data aplikací\assembly
[2010.08.26 01:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bronislav Žáček\Local Settings\Data aplikací\Deployment
[2010.08.25 23:53:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bronislav Žáček\Dokumenty\Samsung
[2010.08.25 23:53:04 | 000,012,776 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadmdfl.sys
[2010.08.25 23:53:04 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadcmnt.sys
[2010.08.25 23:53:04 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadcm.sys
[2010.08.25 23:53:03 | 000,121,576 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadmdm.sys
[2010.08.25 23:53:01 | 000,096,488 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadbus.sys
[2010.08.25 23:53:01 | 000,010,216 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadwhnt.sys
[2010.08.25 23:53:01 | 000,010,216 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadwh.sys
[2010.08.25 23:51:43 | 000,217,088 | ---- | C] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe
[2010.08.25 23:48:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bronislav Žáček\Data aplikací\Samsung
[2010.08.25 23:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2010.08.25 23:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Samsung
[2010.08.25 23:47:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.08.25 23:44:26 | 000,000,000 | ---D | C] -- C:\3001944a79da2dc167
[2010.08.25 23:42:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.08.25 23:40:29 | 000,000,000 | ---D | C] -- C:\9abd0e93463ab4957f491a
[2010.08.25 23:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010.08.25 23:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Samsung
[2010.08.20 20:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bronislav Žáček\Local Settings\Data aplikací\DNA
[2010.08.20 20:29:41 | 000,000,000 | ---D | C] -- C:\Program Files\DNA
[2010.08.20 20:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bronislav Žáček\Data aplikací\DNA
[2010.08.16 19:56:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bronislav Žáček\Local Settings\Data aplikací\ESET
[2010.08.14 21:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.08.13 06:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.08.08 15:52:09 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010.08.04 22:04:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2010.08.04 22:04:33 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2010.08.04 22:04:32 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010.08.04 11:50:36 | 000,140,752 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2010.08.03 13:28:36 | 000,095,896 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2010.07.29 13:31:26 | 000,115,008 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2010.07.26 21:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bronislav Žáček\Dokumenty\Downloads
[2010.07.26 21:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bronislav Žáček\Local Settings\Data aplikací\Temp
[2010.07.26 15:18:38 | 000,569,344 | ---- | C] ((c) MusicCity) -- C:\WINDOWS\System32\muzdecode.ax
[2010.07.26 15:18:38 | 000,491,520 | ---- | C] (Musiccity Co.Ltd.) -- C:\WINDOWS\System32\muzapp.dll
[2010.07.26 15:18:38 | 000,352,256 | ---- | C] (Sample Corporation) -- C:\WINDOWS\System32\MSLUR71.dll
[2010.07.26 15:18:38 | 000,258,048 | ---- | C] ((c) PeeringPortal) -- C:\WINDOWS\System32\muzoggsp.ax
[2010.07.26 15:18:38 | 000,245,760 | ---- | C] (Teruten Inc.) -- C:\WINDOWS\System32\MSCLib.dll
[2010.07.26 15:18:38 | 000,243,576 | ---- | C] ((주)마크애니) -- C:\WINDOWS\System32\MASetupCaller.dll
[2010.07.26 15:18:38 | 000,200,704 | ---- | C] ( (c) MusicCity) -- C:\WINDOWS\System32\muzwmts.dll
[2010.07.26 15:18:38 | 000,172,032 | ---- | C] (Musiccity Co.Ltd.) -- C:\WINDOWS\System32\muzapp.exe
[2010.07.26 15:18:38 | 000,155,648 | ---- | C] (Teruten Inc.) -- C:\WINDOWS\System32\MSFLib.dll
[2010.07.26 15:18:38 | 000,135,168 | ---- | C] (Musiccity Co.Ltd.) -- C:\WINDOWS\System32\muzaf1.dll
[2010.07.26 15:18:38 | 000,131,072 | ---- | C] ((c) MusicCity) -- C:\WINDOWS\System32\muzmpgsp.ax
[2010.07.26 15:18:38 | 000,122,880 | ---- | C] ((c) MUSICCITY) -- C:\WINDOWS\System32\muzeffect.ax
[2010.07.26 15:18:38 | 000,118,784 | ---- | C] ((주)마크애니) -- C:\WINDOWS\System32\MaDRM.dll
[2010.07.26 15:18:38 | 000,110,592 | ---- | C] ((c) MusicCity) -- C:\WINDOWS\System32\muzmp4sp.ax
[2010.07.26 15:18:38 | 000,057,344 | ---- | C] (Marktek) -- C:\WINDOWS\System32\MK_Lyric.dll
[2010.07.26 15:18:38 | 000,057,344 | ---- | C] (Marktek Inc.) -- C:\WINDOWS\System32\MTXSYNCICON.dll
[2010.07.26 15:18:38 | 000,049,152 | ---- | C] ((주) 마크애니) -- C:\WINDOWS\System32\MaJGUILib.dll
[2010.07.26 15:18:38 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\WINDOWS\System32\MaXMLProto.dll
[2010.07.26 15:18:38 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\WINDOWS\System32\MACXMLProto.dll
[2010.07.26 15:18:38 | 000,040,960 | ---- | C] (마크애니연구소) -- C:\WINDOWS\System32\MAMACExtract.dll
[2010.07.26 15:18:38 | 000,040,960 | ---- | C] (Telechips Inc.,) -- C:\WINDOWS\System32\MTTELECHIP.dll
[2010.07.26 15:18:38 | 000,024,576 | ---- | C] ((주)마크애니) -- C:\WINDOWS\System32\MASetupCleaner.exe
[2010.07.26 15:17:06 | 000,726,352 | ---- | C] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgderapi.dll
[2010.07.26 15:17:06 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DIFxAPI.dll
[2010.07.26 15:17:06 | 000,095,568 | ---- | C] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgdersvc.exe
[2010.07.26 15:17:06 | 000,018,136 | ---- | C] (Devguru Co., Ltd) -- C:\WINDOWS\System32\drivers\dgderdrv.sys
[2010.07.17 18:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bronislav Žáček\Data aplikací\TrueCrypt
[2010.07.17 18:00:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\TrueCrypt
[2010.07.17 18:00:50 | 000,223,440 | ---- | C] (TrueCrypt Foundation) -- C:\WINDOWS\System32\drivers\truecrypt.sys
[2010.07.17 18:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.09.14 18:33:00 | 000,000,466 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5FBF80ED-672D-4256-B380-FD88BB024233}.job
[2010.09.14 18:32:19 | 000,003,365 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.09.14 18:18:40 | 000,000,486 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E7CA6F26-AD3A-4ECD-ACAD-7C779DAE33F7}.job
[2010.09.14 14:07:40 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Stará Ves - Anenská Huť.xls
[2010.09.13 22:40:02 | 000,000,480 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FB2531FB-FAEE-437E-A52B-003A43ED731D}.job
[2010.09.12 23:07:38 | 000,390,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF25374.exe
[2010.09.12 22:22:14 | 000,390,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF16478.exe
[2010.09.12 22:21:23 | 000,390,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF16312.exe
[2010.09.12 21:59:24 | 000,390,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF12008.exe
[2010.09.12 21:58:04 | 000,390,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF11747.exe
[2010.09.12 21:57:25 | 000,390,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF11616.exe
[2010.09.12 21:56:44 | 000,390,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF11485.exe
[2010.09.12 20:53:32 | 000,390,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31867.exe
[2010.09.12 20:45:51 | 000,390,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF30362.exe
[2010.09.12 20:44:52 | 000,390,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF30169.exe
[2010.09.12 20:44:10 | 000,390,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF30032.exe
[2010.09.12 07:18:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.09.12 07:15:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\MRT.exe
[2010.09.11 07:23:58 | 001,810,432 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Game Monitoring - zásady správné funkce.doc
[2010.09.11 07:13:31 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\Bronislav Žáček\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.11 01:24:05 | 000,421,376 | ---- | M] () -- C:\Documents and Settings\Bronislav Žáček\Plocha\Výpočet.xls
[2010.09.10 22:23:35 | 000,001,724 | -H-- | M] () -- C:\Documents and Settings\Bronislav Žáček\Dokumenty\Default.rdp
[2010.09.10 21:39:59 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\Bronislav Žáček\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010.09.10 01:52:26 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Volaní Brno 2010.xls
[2010.09.09 21:30:20 | 000,016,756 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\MP-SMS-Doplnění.xlsx
[2010.09.04 01:11:07 | 000,114,608 | ---- | M] () -- C:\Documents and Settings\Bronislav Žáček\Plocha\Výpočet1.xlsx
[2010.09.02 23:23:39 | 000,008,211 | ---- | M] () -- C:\Documents and Settings\Bronislav Žáček\.recently-used.xbel
[2010.08.26 02:42:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010.08.26 01:43:01 | 000,089,096 | ---- | M] () -- C:\Documents and Settings\Bronislav Žáček\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.08.26 01:39:37 | 000,359,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.25 23:51:33 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Bronislav Žáček\Data aplikací\$_hpcst$.hpc
[2010.08.25 23:43:37 | 000,453,084 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.08.25 23:43:37 | 000,435,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.08.25 23:43:37 | 000,087,394 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.08.25 23:43:37 | 000,068,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.08.25 23:43:36 | 001,017,442 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.08.25 23:13:19 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2010.08.25 19:23:31 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2010.08.15 01:37:30 | 002,776,064 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Volání.xls
[2010.08.14 23:33:39 | 000,098,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\cdrom.sys
[2010.08.14 23:33:39 | 000,098,240 | ---- | M] () -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010.08.14 22:21:35 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.14 22:20:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.14 22:20:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.08.14 22:19:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.14 22:19:54 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Bronislav Žáček\NTUSER.DAT
[2010.08.14 22:19:54 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Bronislav Žáček\ntuser.ini
[2010.08.14 22:16:29 | 000,387,559 | ---- | M] () -- C:\Documents and Settings\Bronislav Žáček\Plocha\Karanténa 1.JPG
[2010.08.14 22:15:55 | 000,365,414 | ---- | M] () -- C:\Documents and Settings\Bronislav Žáček\Plocha\Karanténa 2.JPG
[2010.08.14 22:01:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010.08.14 21:31:33 | 000,407,040 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Volání Ostrava 2010.xls
[2010.08.14 19:05:01 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Online plug-in.lnk
[2010.08.14 19:02:29 | 004,319,834 | -H-- | M] () -- C:\Documents and Settings\Bronislav Žáček\Local Settings\Data aplikací\IconCache.db
[2010.08.12 15:28:27 | 000,096,768 | ---- | M] () -- C:\Documents and Settings\Bronislav Žáček\Plocha\Mandatáři UH_srpen 10.xls
[2010.08.06 06:04:20 | 000,002,427 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\SJphone 1.65.lnk
[2010.08.04 11:50:36 | 000,140,752 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2010.08.03 13:28:36 | 000,095,896 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2010.07.29 13:31:26 | 000,115,008 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2010.07.28 02:26:11 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\Bronislav Žáček\Plocha\Google Chrome.lnk
[2010.07.28 02:26:11 | 000,001,485 | ---- | M] () -- C:\Documents and Settings\Bronislav Žáček\Plocha\Připojení ke vzdálené ploše.lnk
[2010.07.28 02:26:11 | 000,001,440 | ---- | M] () -- C:\Documents and Settings\Bronislav Žáček\Plocha\Poslední dokumenty.lnk
[2010.07.28 02:26:11 | 000,001,214 | ---- | M] () -- C:\Documents and Settings\Bronislav Žáček\Plocha\Digsby.lnk
[2010.07.28 02:26:11 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Bronislav Žáček\Plocha\TrueCrypt.lnk
[2010.07.28 02:26:11 | 000,000,201 | ---- | M] () -- C:\Documents and Settings\Bronislav Žáček\Plocha\Jednotka CD-ROM.lnk
[2010.07.26 15:18:38 | 000,974,848 | ---- | M] () -- C:\WINDOWS\System32\cis-2.4.dll
[2010.07.26 15:18:38 | 000,569,344 | ---- | M] ((c) MusicCity) -- C:\WINDOWS\System32\muzdecode.ax
[2010.07.26 15:18:38 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\WINDOWS\System32\muzapp.dll
[2010.07.26 15:18:38 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\WINDOWS\System32\MSLUR71.dll
[2010.07.26 15:18:38 | 000,258,048 | ---- | M] ((c) PeeringPortal) -- C:\WINDOWS\System32\muzoggsp.ax
[2010.07.26 15:18:38 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\WINDOWS\System32\MSCLib.dll
[2010.07.26 15:18:38 | 000,243,576 | ---- | M] ((주)마크애니) -- C:\WINDOWS\System32\MASetupCaller.dll
[2010.07.26 15:18:38 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\WINDOWS\System32\muzwmts.dll
[2010.07.26 15:18:38 | 000,172,032 | ---- | M] (Musiccity Co.Ltd.) -- C:\WINDOWS\System32\muzapp.exe
[2010.07.26 15:18:38 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\WINDOWS\System32\MSFLib.dll
[2010.07.26 15:18:38 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\WINDOWS\System32\muzaf1.dll
[2010.07.26 15:18:38 | 000,131,072 | ---- | M] ((c) MusicCity) -- C:\WINDOWS\System32\muzmpgsp.ax
[2010.07.26 15:18:38 | 000,122,880 | ---- | M] ((c) MUSICCITY) -- C:\WINDOWS\System32\muzeffect.ax
[2010.07.26 15:18:38 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\WINDOWS\System32\MaDRM.dll
[2010.07.26 15:18:38 | 000,110,592 | ---- | M] ((c) MusicCity) -- C:\WINDOWS\System32\muzmp4sp.ax
[2010.07.26 15:18:38 | 000,081,920 | ---- | M] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2010.07.26 15:18:38 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2010.07.26 15:18:38 | 000,057,344 | ---- | M] (Marktek) -- C:\WINDOWS\System32\MK_Lyric.dll
[2010.07.26 15:18:38 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\WINDOWS\System32\MTXSYNCICON.dll
[2010.07.26 15:18:38 | 000,057,344 | ---- | M] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2010.07.26 15:18:38 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\WINDOWS\System32\MaJGUILib.dll
[2010.07.26 15:18:38 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\WINDOWS\System32\MaXMLProto.dll
[2010.07.26 15:18:38 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\WINDOWS\System32\MACXMLProto.dll
[2010.07.26 15:18:38 | 000,040,960 | ---- | M] (마크애니연구소) -- C:\WINDOWS\System32\MAMACExtract.dll
[2010.07.26 15:18:38 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\WINDOWS\System32\MTTELECHIP.dll
[2010.07.26 15:18:38 | 000,024,576 | ---- | M] ((주)마크애니) -- C:\WINDOWS\System32\MASetupCleaner.exe
[2010.07.26 15:17:06 | 000,726,352 | ---- | M] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgderapi.dll
[2010.07.26 15:17:06 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DIFxAPI.dll
[2010.07.26 15:17:06 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgdersvc.exe
[2010.07.26 15:17:06 | 000,018,136 | ---- | M] (Devguru Co., Ltd) -- C:\WINDOWS\System32\drivers\dgderdrv.sys
[2010.07.26 15:15:26 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe
[2010.07.26 15:15:26 | 000,110,592 | ---- | M] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.07.26 15:15:26 | 000,036,640 | ---- | M] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.07.19 12:26:51 | 000,000,871 | ---- | M] () -- C:\Documents and Settings\Bronislav Žáček\Plocha\Rulety 10.1.112.5.vnc
[2010.07.17 18:03:24 | 000,074,728 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.07.17 18:00:50 | 000,223,440 | ---- | M] (TrueCrypt Foundation) -- C:\WINDOWS\System32\drivers\truecrypt.sys
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.09.14 18:15:52 | 000,000,486 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E7CA6F26-AD3A-4ECD-ACAD-7C779DAE33F7}.job
[2010.09.13 16:25:40 | 000,098,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010.09.13 09:14:44 | 000,000,466 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5FBF80ED-672D-4256-B380-FD88BB024233}.job
[2010.09.12 21:55:40 | 000,000,480 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FB2531FB-FAEE-437E-A52B-003A43ED731D}.job
[2010.09.11 07:23:57 | 001,810,432 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Game Monitoring - zásady správné funkce.doc
[2010.09.10 19:34:18 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\Bronislav Žáček\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010.09.10 01:52:26 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Volaní Brno 2010.xls
[2010.09.10 01:51:13 | 000,407,040 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Volání Ostrava 2010.xls
[2010.09.09 19:08:42 | 000,016,756 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\MP-SMS-Doplnění.xlsx
[2010.09.03 01:48:23 | 000,114,608 | ---- | C] () -- C:\Documents and Settings\Bronislav Žáček\Plocha\Výpočet1.xlsx
[2010.09.02 23:23:39 | 000,008,211 | ---- | C] () -- C:\Documents and Settings\Bronislav Žáček\.recently-used.xbel
[2010.08.26 02:42:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010.08.26 01:38:53 | 000,954,296 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2010.08.25 23:51:43 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.08.25 23:51:43 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.08.25 23:51:33 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Bronislav Žáček\Data aplikací\$_hpcst$.hpc
[2010.08.25 23:09:05 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp
[2010.08.17 02:13:42 | 000,421,376 | ---- | C] () -- C:\Documents and Settings\Bronislav Žáček\Plocha\Výpočet.xls
[2010.08.14 22:16:29 | 000,387,559 | ---- | C] () -- C:\Documents and Settings\Bronislav Žáček\Plocha\Karanténa 1.JPG
[2010.08.14 22:15:55 | 000,365,414 | ---- | C] () -- C:\Documents and Settings\Bronislav Žáček\Plocha\Karanténa 2.JPG
[2010.08.12 15:28:26 | 000,096,768 | ---- | C] () -- C:\Documents and Settings\Bronislav Žáček\Plocha\Mandatáři UH_srpen 10.xls
[2010.07.26 21:15:49 | 000,002,331 | ---- | C] () -- C:\Documents and Settings\Bronislav Žáček\Plocha\Google Chrome.lnk
[2010.07.26 15:18:38 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2010.07.26 15:18:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2010.07.26 15:18:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2010.07.26 15:18:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2010.07.22 18:04:26 | 000,002,427 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\SJphone 1.65.lnk
[2010.07.19 12:30:06 | 000,000,871 | ---- | C] () -- C:\Documents and Settings\Bronislav Žáček\Plocha\Rulety 10.1.112.5.vnc
[2010.07.17 18:03:24 | 000,074,728 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.07.17 18:00:52 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\Bronislav Žáček\Plocha\TrueCrypt.lnk
[2010.07.16 18:18:14 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Bronislav Žáček\Plocha\Navision 5 SK.lnk
[2010.05.22 18:07:25 | 000,017,984 | ---- | C] () -- C:\WINDOWS\hplj1010.ini
[2010.05.21 21:25:06 | 000,000,391 | ---- | C] () -- C:\WINDOWS\hpw1000k.ini
[2010.05.21 21:24:20 | 000,007,053 | ---- | C] () -- C:\WINDOWS\hpbj1000.ini
[2010.05.08 08:43:18 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Bronislav Žáček\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.29 14:56:07 | 000,000,139 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.04.29 10:35:48 | 000,106,593 | ---- | C] () -- C:\WINDOWS\System32\fwnetcfg.dll
[2010.04.29 10:35:42 | 000,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2010.04.28 12:08:48 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010.04.28 10:35:15 | 000,003,365 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2010.04.28 10:34:21 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.04.28 10:34:21 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.04.28 10:34:20 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.04.28 10:34:19 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010.04.28 10:34:19 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.04.28 10:34:18 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.04.28 10:34:18 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.05.26 22:22:14 | 000,015,552 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:22:10 | 000,021,464 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:22:04 | 000,014,910 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.04.14 14:00:00 | 000,098,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\cdrom.sys
[2001.07.31 12:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd)
"PC Suite Tray" = "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray -- [2009.11.11 10:57:36 | 001,451,520 | ---- | M] (Nokia)
"BitTorrent DNA" = "C:\Program Files\DNA\btdna.exe" -- [2010.08.20 20:29:41 | 000,323,392 | ---- | M] (BitTorrent, Inc.)
"KiesTrayAgent" =
"viwynni" = C:\Documents and Settings\Bronislav Žáček\Data aplikací\Microsoft\buroutubi.exe -- File not found
"wuaucldt" = c:\documents and settings\bronislav Žáček\wuaucldt.exe -- File not found

< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< MD5 for: AGP440.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: CDROM.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\I386\sp3.cab:cdrom.sys
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2010.08.14 23:33:39 | 000,098,240 | ---- | M] () MD5=AC6B8CD1D71EF2DE7F09965BFD5E5DEA -- C:\WINDOWS\system32\dllcache\cdrom.sys
[2010.08.14 23:33:39 | 000,098,240 | ---- | M] () MD5=AC6B8CD1D71EF2DE7F09965BFD5E5DEA -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008.07.21 07:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\I386\IASTOR.SYS
[2008.07.21 07:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\Dell\Intel\IaStor.sys

< MD5 for: NDIS.SYS >
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVGTS.SYS >
[2008.01.21 20:15:22 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=A0B3F3A5049931657164F0FFCF0B208E -- C:\I386\NVGTS.SYS
[2008.01.21 20:15:22 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=A0B3F3A5049931657164F0FFCF0B208E -- C:\WINDOWS\Dell\NVidia\nvgts.sys

< MD5 for: SCECLI.DLL >
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< c:\windows\*.* /JN >
[2010.08.14 22:20:40 | 000,000,000 | ---- | M] () -- c:\WINDOWS\0.log
[2005.05.03 18:43:28 | 000,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\Alcmtr.exe
[2006.05.04 16:26:36 | 002,808,832 | ---- | M] (RealTek Semicoductor Corp.) -- c:\WINDOWS\alcwzrd.exe
[2008.08.08 07:04:10 | 000,000,545 | ---- | M] () -- c:\windows\ARJ.PIF
[2008.01.21 21:48:20 | 000,012,477 | ---- | M] () -- c:\WINDOWS\atiogl.xml
[2010.04.28 14:27:44 | 000,000,000 | ---- | M] () -- c:\WINDOWS\ativpsrm.bin
[2008.07.30 21:09:54 | 000,000,038 | ---- | M] () -- c:\WINDOWS\avisplitter.ini
[2010.08.14 22:20:33 | 000,002,048 | --S- | M] () -- c:\WINDOWS\bootstat.dat
[2008.04.14 14:00:00 | 000,082,944 | ---- | M] () -- c:\WINDOWS\clock.avi
[2010.04.28 09:48:47 | 000,000,200 | ---- | M] () -- c:\WINDOWS\cmsetacl.log
[2010.09.12 07:18:51 | 000,201,160 | ---- | M] () -- c:\WINDOWS\comsetup.log
[2010.04.28 09:53:38 | 000,000,000 | ---- | M] () -- c:\WINDOWS\control.ini
[2008.04.14 14:00:00 | 000,000,002 | ---- | M] () -- c:\WINDOWS\desktop.ini
[2010.04.28 14:58:44 | 000,019,862 | ---- | M] () -- c:\WINDOWS\DPINST.LOG
[2010.04.28 09:50:11 | 000,000,130 | ---- | M] () -- c:\WINDOWS\DtcInstall.log
[2006.04.09 20:59:04 | 000,004,133 | ---- | M] () -- c:\WINDOWS\entrust.ini
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\explorer.exe
[2008.04.14 14:00:00 | 000,000,080 | ---- | M] () -- c:\windows\explorer.scf
[2010.09.12 07:18:51 | 000,561,825 | ---- | M] () -- c:\WINDOWS\FaxSetup.log
[2008.04.14 14:00:00 | 000,010,752 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\hh.exe
[2010.04.28 12:11:16 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\HideWin.exe
[2010.05.21 21:26:37 | 000,014,380 | ---- | M] () -- c:\WINDOWS\hpbj1000.bu1
[2010.05.21 21:26:37 | 001,540,413 | ---- | M] () -- c:\WINDOWS\hpbj1000.hi1
[2010.05.21 22:02:59 | 000,089,129 | ---- | M] () -- c:\WINDOWS\hpbj1000.his
[2010.05.21 22:02:59 | 000,007,053 | ---- | M] () -- c:\WINDOWS\hpbj1000.ini
[2010.05.22 18:10:33 | 000,261,271 | ---- | M] () -- c:\WINDOWS\hplj1010.his
[2010.05.22 18:10:33 | 000,017,984 | ---- | M] () -- c:\WINDOWS\hplj1010.ini
[2005.03.10 06:25:52 | 000,000,391 | ---- | M] () -- c:\WINDOWS\hpw1000k.ini
[2010.09.12 07:16:56 | 000,121,513 | ---- | M] () -- c:\WINDOWS\ie8.log
[2010.09.12 07:08:14 | 000,037,232 | ---- | M] () -- c:\WINDOWS\ie8Uninst.log
[2010.09.12 07:18:55 | 000,272,033 | ---- | M] () -- c:\WINDOWS\ie8_main.log
[2010.09.12 07:18:51 | 000,644,162 | ---- | M] () -- c:\WINDOWS\iis6.log
[2010.09.12 07:18:15 | 000,001,374 | ---- | M] () -- c:\WINDOWS\imsins.BAK
[2010.09.12 07:18:51 | 000,001,374 | ---- | M] () -- c:\WINDOWS\imsins.log
[2010.09.12 07:18:51 | 000,057,112 | ---- | M] () -- c:\WINDOWS\KB2183461-IE8.log
[2010.04.28 14:10:28 | 000,000,665 | ---- | M] () -- c:\WINDOWS\KB888111.log
[2010.05.14 12:08:26 | 000,010,034 | ---- | M] () -- c:\WINDOWS\KB892130.log
[2010.05.14 12:08:44 | 000,006,845 | ---- | M] () -- c:\WINDOWS\KB898461.log
[2010.04.29 15:09:15 | 000,004,217 | ---- | M] () -- c:\WINDOWS\KB915800-v4.log
[2010.05.14 12:50:57 | 000,021,233 | ---- | M] () -- c:\WINDOWS\KB923561.log
[2010.05.14 12:49:37 | 000,017,280 | ---- | M] () -- c:\WINDOWS\KB929399.log
[2010.05.14 12:49:24 | 000,016,400 | ---- | M] () -- c:\WINDOWS\KB939683.log
[2010.04.29 15:09:48 | 000,024,823 | ---- | M] () -- c:\WINDOWS\KB940157.log
[2010.05.21 22:03:58 | 000,009,682 | ---- | M] () -- c:\WINDOWS\KB940157Uninst.log
[2010.05.14 12:48:40 | 000,014,878 | ---- | M] () -- c:\WINDOWS\KB941569.log
[2010.05.14 12:49:42 | 000,016,071 | ---- | M] () -- c:\WINDOWS\KB946648.log
[2010.05.14 12:48:46 | 000,011,285 | ---- | M] () -- c:\WINDOWS\KB950760.log
[2010.05.14 12:48:51 | 000,011,828 | ---- | M] () -- c:\WINDOWS\KB950762.log
[2010.05.14 12:49:55 | 000,023,368 | ---- | M] () -- c:\WINDOWS\KB950974.log
[2010.05.14 12:48:56 | 000,012,068 | ---- | M] () -- c:\WINDOWS\KB951376-v2.log
[2010.05.14 12:49:11 | 000,022,430 | ---- | M] () -- c:\WINDOWS\KB951748.log
[2010.05.14 12:49:03 | 000,018,823 | ---- | M] () -- c:\WINDOWS\KB951978.log
[2010.05.14 12:51:27 | 000,034,194 | ---- | M] () -- c:\WINDOWS\KB952004.log
[2010.05.21 21:42:13 | 000,009,648 | ---- | M] () -- c:\WINDOWS\KB952011.log
[2010.05.14 12:56:34 | 000,038,313 | ---- | M] () -- c:\WINDOWS\KB952069.log
[2010.05.14 12:50:01 | 000,016,715 | ---- | M] () -- c:\WINDOWS\KB952287.log
[2010.05.14 12:49:47 | 000,022,856 | ---- | M] () -- c:\WINDOWS\KB952954.log
[2010.05.14 12:50:05 | 000,012,924 | ---- | M] () -- c:\WINDOWS\KB954154.log
[2010.05.14 12:53:14 | 000,029,817 | ---- | M] () -- c:\WINDOWS\KB954155.log
[2010.05.14 12:50:23 | 000,025,468 | ---- | M] () -- c:\WINDOWS\KB954459.log
[2010.05.14 12:50:17 | 000,018,583 | ---- | M] () -- c:\WINDOWS\KB955069.log
[2010.05.14 12:56:58 | 000,037,789 | ---- | M] () -- c:\WINDOWS\KB955759.log
[2010.05.14 12:51:15 | 000,027,922 | ---- | M] () -- c:\WINDOWS\KB956572.log
[2010.05.14 12:52:27 | 000,030,174 | ---- | M] () -- c:\WINDOWS\KB956744.log
[2010.05.14 12:50:28 | 000,025,960 | ---- | M] () -- c:\WINDOWS\KB956802.log
[2010.05.14 12:50:34 | 000,019,524 | ---- | M] () -- c:\WINDOWS\KB956803.log
[2010.05.14 12:52:59 | 000,030,305 | ---- | M] () -- c:\WINDOWS\KB956844.log
[2010.05.14 12:50:11 | 000,018,072 | ---- | M] () -- c:\WINDOWS\KB958644.log
[2010.05.14 12:53:39 | 000,029,786 | ---- | M] () -- c:\WINDOWS\KB958869.log
[2010.05.14 12:51:40 | 000,034,739 | ---- | M] () -- c:\WINDOWS\KB959426.log
[2010.05.14 12:50:40 | 000,025,582 | ---- | M] () -- c:\WINDOWS\KB960225.log
[2010.05.14 12:51:33 | 000,033,704 | ---- | M] () -- c:\WINDOWS\KB960803.log
[2010.05.14 12:52:42 | 000,037,535 | ---- | M] () -- c:\WINDOWS\KB960859.log
[2010.05.14 12:51:45 | 000,034,781 | ---- | M] () -- c:\WINDOWS\KB961501.log
[2010.05.14 12:52:07 | 000,031,373 | ---- | M] () -- c:\WINDOWS\KB963093.log
[2010.05.14 12:50:47 | 000,026,286 | ---- | M] () -- c:\WINDOWS\KB967715.log
[2010.05.14 12:53:54 | 000,044,416 | ---- | M] () -- c:\WINDOWS\KB968389.log
[2010.05.14 12:53:09 | 000,030,003 | ---- | M] () -- c:\WINDOWS\KB968816.log
[2010.05.14 12:53:45 | 000,040,579 | ---- | M] () -- c:\WINDOWS\KB969059.log
[2010.05.14 12:56:19 | 000,042,866 | ---- | M] () -- c:\WINDOWS\KB969947.log
[2010.05.14 12:51:51 | 000,035,464 | ---- | M] () -- c:\WINDOWS\KB970238.log
[2010.05.14 12:57:58 | 000,038,613 | ---- | M] () -- c:\WINDOWS\KB971468.log
[2010.05.14 12:52:53 | 000,037,823 | ---- | M] () -- c:\WINDOWS\KB971657.log
[2010.05.14 12:53:04 | 000,031,470 | ---- | M] () -- c:\WINDOWS\KB971961-IE8.log
[2010.05.14 12:57:13 | 000,037,725 | ---- | M] () -- c:\WINDOWS\KB972270.log
[2010.05.14 12:52:33 | 000,037,638 | ---- | M] () -- c:\WINDOWS\KB973507.log
[2010.05.14 12:52:13 | 000,028,819 | ---- | M] () -- c:\WINDOWS\KB973540.log
[2010.05.14 12:56:28 | 000,036,353 | ---- | M] () -- c:\WINDOWS\KB973687.log
[2010.05.14 12:52:48 | 000,037,452 | ---- | M] () -- c:\WINDOWS\KB973815.log
[2010.05.14 12:52:21 | 000,029,785 | ---- | M] () -- c:\WINDOWS\KB973869.log
[2010.05.14 12:57:06 | 000,037,720 | ---- | M] () -- c:\WINDOWS\KB973904.log
[2010.05.14 12:53:34 | 000,039,761 | ---- | M] () -- c:\WINDOWS\KB974112.log
[2010.05.14 12:56:40 | 000,044,204 | ---- | M] () -- c:\WINDOWS\KB974318.log
[2010.05.14 12:56:49 | 000,044,600 | ---- | M] () -- c:\WINDOWS\KB974392.log
[2010.05.14 12:53:27 | 000,040,064 | ---- | M] () -- c:\WINDOWS\KB974571.log
[2010.05.14 12:53:20 | 000,039,492 | ---- | M] () -- c:\WINDOWS\KB975025.log
[2010.05.14 12:54:00 | 000,043,252 | ---- | M] () -- c:\WINDOWS\KB975467.log
[2010.05.14 12:57:35 | 000,048,114 | ---- | M] () -- c:\WINDOWS\KB975560.log
[2010.05.14 12:58:29 | 000,038,225 | ---- | M] () -- c:\WINDOWS\KB975561.log
[2010.05.14 12:57:20 | 000,046,183 | ---- | M] () -- c:\WINDOWS\KB975713.log
[2010.05.14 12:59:51 | 000,041,495 | ---- | M] () -- c:\WINDOWS\KB976002-v5.log
[2010.05.14 12:58:14 | 000,039,490 | ---- | M] () -- c:\WINDOWS\KB976662-IE8.log
[2010.05.14 12:59:10 | 000,053,746 | ---- | M] () -- c:\WINDOWS\KB977816.log
[2010.05.14 12:57:51 | 000,048,507 | ---- | M] () -- c:\WINDOWS\KB977914.log
[2010.05.14 12:57:27 | 000,046,364 | ---- | M] () -- c:\WINDOWS\KB978037.log
[2010.05.14 12:57:42 | 000,038,157 | ---- | M] () -- c:\WINDOWS\KB978262.log
[2010.05.14 12:59:31 | 000,053,976 | ---- | M] () -- c:\WINDOWS\KB978338.log
[2010.05.14 13:01:29 | 000,054,876 | ---- | M] () -- c:\WINDOWS\KB978542.log
[2010.05.14 12:59:48 | 000,053,609 | ---- | M] () -- c:\WINDOWS\KB978601.log
[2010.05.14 12:58:07 | 000,046,750 | ---- | M] () -- c:\WINDOWS\KB978706.log
[2010.05.14 12:58:20 | 000,035,352 | ---- | M] () -- c:\WINDOWS\KB979306.log
[2010.05.14 12:59:23 | 000,059,604 | ---- | M] () -- c:\WINDOWS\KB979309.log
[2010.05.14 12:59:40 | 000,045,892 | ---- | M] () -- c:\WINDOWS\KB979683.log
[2010.05.14 12:58:58 | 000,048,017 | ---- | M] () -- c:\WINDOWS\KB980182-IE8.log
[2010.05.14 12:59:04 | 000,044,714 | ---- | M] () -- c:\WINDOWS\KB980232.log
[2010.05.14 12:59:17 | 000,045,095 | ---- | M] () -- c:\WINDOWS\KB981332-IE8.log
[2010.09.12 07:18:07 | 000,065,363 | ---- | M] () -- c:\WINDOWS\KB982381-IE8.log
[2010.09.12 07:18:15 | 000,048,459 | ---- | M] () -- c:\WINDOWS\KB982664-IE8.log
[2010.04.28 12:08:48 | 000,001,769 | ---- | M] () -- c:\WINDOWS\Language_trs.ini
[2008.08.08 07:04:10 | 000,000,545 | ---- | M] () -- c:\windows\LHA.PIF
[2010.09.12 07:18:51 | 000,039,323 | ---- | M] () -- c:\WINDOWS\MedCtrOC.log
[2007.06.28 16:44:14 | 002,165,760 | ---- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\MicCal.exe
[2008.04.14 14:00:00 | 000,001,272 | ---- | M] () -- c:\WINDOWS\Modrá krajka 16.bmp
[2010.05.08 08:20:03 | 000,006,206 | ---- | M] () -- c:\WINDOWS\MSCompPackV1.log
[2008.04.14 14:00:00 | 000,001,405 | ---- | M] () -- c:\WINDOWS\msdfmap.ini
[2010.09.12 07:18:51 | 000,028,372 | ---- | M] () -- c:\WINDOWS\msgsocm.log
[2010.09.12 07:18:51 | 000,182,590 | ---- | M] () -- c:\WINDOWS\msmqinst.log
[2008.04.14 14:00:00 | 000,065,978 | ---- | M] () -- c:\WINDOWS\Mýdlové bubliny.bmp
[2008.04.14 14:00:00 | 000,017,336 | ---- | M] () -- c:\WINDOWS\Na rybách.bmp
[2010.05.22 18:11:14 | 000,045,056 | ---- | M] (Northern Codeworks) -- c:\WINDOWS\NCUNINST.EXE
[2010.09.12 07:18:51 | 000,099,177 | ---- | M] () -- c:\WINDOWS\netfxocm.log
[2008.08.08 07:04:10 | 000,000,545 | ---- | M] () -- c:\windows\NOCLOSE.PIF
[2008.04.14 14:00:00 | 000,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\NOTEPAD.EXE
[2010.04.28 10:34:35 | 000,000,000 | ---- | M] () -- c:\WINDOWS\nsreg.dat
[2010.05.08 07:56:28 | 000,000,304 | ---- | M] () -- c:\WINDOWS\nsw.log
[2010.08.14 22:21:40 | 000,639,820 | ---- | M] () -- c:\WINDOWS\ntbtlog.txt
[2010.09.12 07:18:51 | 000,119,891 | ---- | M] () -- c:\WINDOWS\ntdtcsetup.log
[2010.09.12 07:18:51 | 000,277,856 | ---- | M] () -- c:\WINDOWS\ocgen.log
[2010.09.12 07:18:51 | 000,035,239 | ---- | M] () -- c:\WINDOWS\ocmsn.log
[2010.04.29 14:56:07 | 000,000,139 | ---- | M] () -- c:\WINDOWS\ODBC.INI
[2010.04.28 09:53:25 | 000,004,249 | ---- | M] () -- c:\WINDOWS\ODBCINST.INI
[2010.07.22 18:03:34 | 000,002,558 | ---- | M] () -- c:\WINDOWS\OEWABLog.txt
[2008.04.14 14:00:00 | 000,065,832 | ---- | M] () -- c:\WINDOWS\Omítka Santa Fe.bmp
[2008.08.08 07:04:10 | 000,000,545 | ---- | M] () -- c:\windows\PKUNZIP.PIF
[2008.08.08 07:04:10 | 000,000,545 | ---- | M] () -- c:\windows\PKZIP.PIF
[2008.04.14 14:00:00 | 000,065,954 | ---- | M] () -- c:\WINDOWS\Prérijní vítr.bmp
[2008.08.08 07:04:10 | 000,000,545 | ---- | M] () -- c:\windows\RAR.PIF
[2008.04.14 14:00:00 | 000,147,968 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\regedit.exe
[2010.04.28 09:56:16 | 000,008,192 | ---- | M] () -- c:\WINDOWS\REGLOCS.OLD
[2010.04.28 11:41:02 | 000,001,328 | ---- | M] () -- c:\WINDOWS\regopt.log
[2008.04.14 14:00:00 | 000,017,362 | ---- | M] () -- c:\WINDOWS\Rododendron.bmp
[2007.10.25 11:57:56 | 016,855,552 | ---- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\RTHDCPL.exe
[2007.03.23 19:19:10 | 009,715,200 | ---- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\RTLCPL.exe
[2007.07.26 17:09:20 | 000,520,192 | ---- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\RtlExUpd.dll
[2007.07.26 18:06:22 | 001,191,936 | ---- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\RtlUpd.exe
[2010.08.14 22:19:59 | 000,032,602 | ---- | M] () -- c:\WINDOWS\SchedLgU.Txt
[2005.03.10 06:25:52 | 000,102,400 | ---- | M] () -- c:\WINDOWS\scrub2k.exe
[2010.04.28 09:50:49 | 000,001,022 | ---- | M] () -- c:\WINDOWS\sessmgr.setup.log
[2010.08.26 02:42:59 | 000,197,027 | ---- | M] () -- c:\WINDOWS\setupact.log
[2010.08.14 19:05:23 | 000,790,496 | ---- | M] () -- c:\WINDOWS\setupapi.log
[2010.04.28 11:39:58 | 000,000,000 | ---- | M] () -- c:\WINDOWS\setuperr.log
[2010.04.28 14:24:47 | 000,833,654 | ---- | M] () -- c:\WINDOWS\setuplog.txt
[2007.10.11 11:04:04 | 001,826,816 | ---- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\SkyTel.exe
[2006.07.21 16:14:36 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\SoundMan.exe
[2010.09.12 07:22:49 | 000,057,255 | ---- | M] () -- c:\WINDOWS\spupdsvc.log
[2010.04.28 11:43:20 | 000,000,000 | ---- | M] () -- c:\WINDOWS\Sti_Trace.log
[2010.04.28 11:41:01 | 000,000,231 | ---- | M] () -- c:\WINDOWS\system.ini
[2010.09.12 07:18:51 | 000,028,973 | ---- | M] () -- c:\WINDOWS\tabletoc.log
[2008.04.14 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\TASKMAN.EXE
[2008.04.14 14:00:00 | 000,016,730 | ---- | M] () -- c:\WINDOWS\Textura peří.bmp
[2010.09.12 07:18:51 | 000,261,891 | ---- | M] () -- c:\WINDOWS\tsoc.log
[2008.04.14 14:00:00 | 000,094,784 | ---- | M] (Twain Working Group) -- c:\WINDOWS\twain.dll
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Twain Working Group) -- c:\WINDOWS\twain_32.dll
[2008.04.14 14:00:00 | 000,049,680 | ---- | M] (Twain Working Group) -- c:\WINDOWS\twunk_16.exe
[2008.04.14 14:00:00 | 000,025,600 | ---- | M] (Twain Working Group) -- c:\WINDOWS\twunk_32.exe
[2008.08.08 07:04:10 | 000,000,545 | ---- | M] () -- c:\windows\UC.PIF
[2010.09.12 07:18:34 | 000,116,842 | ---- | M] () -- c:\WINDOWS\updspapi.log
[2010.04.28 09:50:17 | 000,000,036 | ---- | M] () -- c:\WINDOWS\vb.ini
[2010.04.28 09:50:17 | 000,000,037 | ---- | M] () -- c:\WINDOWS\vbaddin.ini
[2008.04.14 14:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\vmmreg32.dll
[2010.05.17 06:04:56 | 000,009,971 | ---- | M] () -- c:\WINDOWS\WgaNotify.log
[2010.08.14 22:19:56 | 000,000,216 | ---- | M] () -- c:\WINDOWS\wiadebug.log
[2010.08.14 19:03:29 | 000,000,049 | ---- | M] () -- c:\WINDOWS\wiaservc.log
[2010.05.08 08:19:46 | 000,000,582 | ---- | M] () -- c:\WINDOWS\win.ini
[2010.09.14 18:32:19 | 000,003,365 | ---- | M] () -- c:\WINDOWS\wincmd.ini
[2010.04.28 09:52:33 | 000,000,749 | RH-- | M] () -- c:\WINDOWS\WindowsShell.Manifest
[2010.08.14 22:20:04 | 001,643,194 | ---- | M] () -- c:\WINDOWS\WindowsUpdate.log
[2008.04.14 14:00:00 | 000,256,419 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\winhelp.exe
[2008.04.14 14:00:00 | 000,283,648 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\winhlp32.exe
[2008.04.14 14:00:00 | 000,048,680 | -HS- | M] () -- c:\WINDOWS\winnt.bmp
[2008.04.14 14:00:00 | 000,048,680 | -HS- | M] () -- c:\WINDOWS\winnt256.bmp
[2010.05.08 08:19:18 | 000,027,103 | ---- | M] () -- c:\WINDOWS\WMFDist11.log
[2010.05.08 08:19:51 | 000,021,486 | ---- | M] () -- c:\WINDOWS\wmp11.log
[2008.04.14 14:00:00 | 000,036,582 | ---- | M] () -- c:\WINDOWS\wmprfCSY.prx
[2010.09.13 15:36:04 | 000,054,493 | ---- | M] () -- c:\WINDOWS\wmsetup.log
[2010.05.08 08:20:10 | 000,004,812 | ---- | M] () -- c:\WINDOWS\wmsetup10.log
[2010.05.08 08:19:15 | 000,316,640 | ---- | M] () -- c:\WINDOWS\WMSysPr9.prx
[2010.05.08 08:18:47 | 000,012,074 | ---- | M] () -- c:\WINDOWS\Wudf01000Inst.log
[2008.04.14 14:00:00 | 000,009,522 | ---- | M] () -- c:\WINDOWS\Zapotec.bmp
[2008.04.14 14:00:00 | 000,026,582 | ---- | M] () -- c:\WINDOWS\Zelený kámen.bmp
[2008.04.14 14:00:00 | 000,017,062 | ---- | M] () -- c:\WINDOWS\Zrnko kávy.bmp
[2008.04.14 14:00:00 | 000,000,707 | ---- | M] () -- c:\windows\_default.pif
[2008.04.14 14:00:00 | 000,026,680 | ---- | M] () -- c:\WINDOWS\Řeka Sumida.bmp
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< c:\windows\*.* /HL >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< c:\windows\*.* /RP >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< End of report >

#9 Příspěvek od **motji** » 14 zář 2010 23:12

Vydržte 10 minut, napíšu skript na mazání

#10 Příspěvek od **motji** » 14 zář 2010 23:27

Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\Documents and Settings\Bronislav Žáček\Nabídka Start\Programy\Po spuštění\
703q0hc.exe

:commands
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]

-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

Dnes už končím

Kobrik · #11 Příspěvek od **Kobrik** » 14 zář 2010 23:48

Tady přikládám Log z OTL

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
C:\WINDOWS\system32\SET3538.tmp moved successfully.
C:\WINDOWS\system32\SET3539.tmp moved successfully.
C:\WINDOWS\system32\SET353A.tmp moved successfully.
C:\WINDOWS\system32\SET3FF.tmp moved successfully.
C:\WINDOWS\system32\SET403.tmp moved successfully.
C:\WINDOWS\system32\SET40B.tmp moved successfully.
C:\WINDOWS\system32\dllcache\SET354B.tmp moved successfully.
C:\WINDOWS\system32\dllcache\SET354C.tmp moved successfully.
C:\WINDOWS\system32\dllcache\SET354D.tmp moved successfully.
C:\WINDOWS\system32\dllcache\SET354E.tmp moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\SET3530.tmp moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1444.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP178.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3601.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3628.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPFCA.tmp folder moved successfully.
C:\WINDOWS\CSC\csc1.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\temp\HTT28A.tmp moved successfully.
C:\WINDOWS\temp\yiuifwr209FFECE.tmp moved successfully.
C:\Documents and Settings\Bronislav Žáček\Nabídka Start\Programy\Po spuštění folder moved successfully.
File\Folder 703q0hc.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: admin
->Temp folder emptied: 3667921 bytes
->Temporary Internet Files folder emptied: 961867 bytes
->Java cache emptied: 12468279 bytes
->FireFox cache emptied: 46187943 bytes
->Flash cache emptied: 434 bytes

User: All Users

User: Bronislav Žáček
->Temp folder emptied: 3055559 bytes
->Temporary Internet Files folder emptied: 13904087 bytes
->Java cache emptied: 221534 bytes
->FireFox cache emptied: 91720084 bytes
->Google Chrome cache emptied: 365047945 bytes
->Flash cache emptied: 22934 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes

#12 Příspěvek od **motji** » 14 zář 2010 23:50

Fajn, přes noc spusťte Avptool

Kobrik · #13 Příspěvek od **Kobrik** » 15 zář 2010 01:00

Tak Kaspersky už mi dojel, sice to bylo o dost dřív, než jsem čekal........ Přikládám Log.

Autoscan: completed 2 minutes ago (events: 80, objects: 286638, time: 00:27:55)
15.9.2010 1:27:21 Task started
15.9.2010 1:50:50 Detected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP132\A0062156.sys
15.9.2010 1:50:50 Detected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP133\A0062165.sys
15.9.2010 1:50:51 Disinfected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP132\A0062156.sys
15.9.2010 1:50:51 Disinfected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP132\A0062156.sys
15.9.2010 1:50:52 Detected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP133\A0062166.sys
15.9.2010 1:50:52 Disinfected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP133\A0062165.sys
15.9.2010 1:50:52 Disinfected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP133\A0062165.sys
15.9.2010 1:50:53 Detected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP133\A0062208.sys
15.9.2010 1:50:53 Disinfected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP133\A0062166.sys
15.9.2010 1:50:53 Disinfected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP133\A0062166.sys
15.9.2010 1:50:53 Detected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP133\A0062209.sys
15.9.2010 1:50:53 Disinfected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP133\A0062208.sys
15.9.2010 1:50:53 Disinfected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP133\A0062208.sys
15.9.2010 1:50:54 Disinfected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP133\A0062209.sys
15.9.2010 1:50:54 Disinfected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP133\A0062209.sys
15.9.2010 1:50:59 Detected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP133\A0062514.sys
15.9.2010 1:50:59 Disinfected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP133\A0062514.sys
15.9.2010 1:50:59 Disinfected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP133\A0062514.sys
15.9.2010 1:51:00 Detected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP133\A0062515.sys
15.9.2010 1:51:00 Disinfected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP133\A0062515.sys
15.9.2010 1:51:00 Disinfected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP133\A0062515.sys
15.9.2010 1:51:19 Detected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063023.sys
15.9.2010 1:51:19 Detected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063024.sys
15.9.2010 1:51:19 Disinfected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063023.sys
15.9.2010 1:51:19 Disinfected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063023.sys
15.9.2010 1:51:19 Detected: Trojan.Win32.Refroso.bxag C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063031.exe
15.9.2010 1:51:20 Disinfected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063024.sys
15.9.2010 1:51:20 Disinfected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063024.sys
15.9.2010 1:51:21 Detected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063112.sys
15.9.2010 1:51:21 Disinfected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063112.sys
15.9.2010 1:51:21 Disinfected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063112.sys
15.9.2010 1:51:21 Detected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063113.sys
15.9.2010 1:51:22 Disinfected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063113.sys
15.9.2010 1:51:22 Disinfected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063113.sys
15.9.2010 1:51:25 Deleted: Trojan.Win32.Refroso.bxag C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063031.exe
15.9.2010 1:51:33 Detected: Trojan.Win32.Refroso.bxaa C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063463.exe
15.9.2010 1:51:33 Detected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063461.sys
15.9.2010 1:51:33 Detected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063462.sys
15.9.2010 1:51:34 Disinfected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063461.sys
15.9.2010 1:51:34 Disinfected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063461.sys
15.9.2010 1:51:34 Detected: Trojan.Win32.Refroso.bwzv C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063464.exe
15.9.2010 1:51:34 Deleted: Trojan.Win32.Refroso.bxaa C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063463.exe
15.9.2010 1:51:35 Detected: Trojan.Win32.Refroso.bwyl C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063465.exe
15.9.2010 1:51:35 Disinfected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063462.sys
15.9.2010 1:51:35 Disinfected: Virus.Win32.Protector.h C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063462.sys
15.9.2010 1:51:35 Detected: Trojan.Win32.Refroso.bwys C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063466.exe
15.9.2010 1:51:35 Deleted: Trojan.Win32.Refroso.bwyl C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063465.exe
15.9.2010 1:51:35 Detected: Trojan.Win32.Refroso.bwxr C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063467.exe
15.9.2010 1:51:35 Deleted: Trojan.Win32.Refroso.bwzv C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063464.exe
15.9.2010 1:51:36 Detected: Trojan.Win32.Refroso.bwyl C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063468.exe
15.9.2010 1:51:36 Deleted: Trojan.Win32.Refroso.bwxr C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063467.exe
15.9.2010 1:51:36 Detected: Trojan.Win32.Refroso.bwzv C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063469.exe
15.9.2010 1:51:36 Deleted: Trojan.Win32.Refroso.bwys C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063466.exe
15.9.2010 1:51:36 Detected: Trojan.Win32.Refroso.bwys C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063470.exe
15.9.2010 1:51:36 Deleted: Trojan.Win32.Refroso.bwzv C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063469.exe
15.9.2010 1:51:37 Detected: Trojan.Win32.Refroso.bwxr C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063471.exe
15.9.2010 1:51:38 Deleted: Trojan.Win32.Refroso.bwyl C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063468.exe
15.9.2010 1:51:38 Detected: Trojan.Win32.Refroso.bwys C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063472.exe
15.9.2010 1:51:39 Deleted: Trojan.Win32.Refroso.bwys C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063470.exe
15.9.2010 1:51:39 Detected: Trojan.Win32.Refroso.bwys C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063473.exe
15.9.2010 1:51:39 Deleted: Trojan.Win32.Refroso.bwxr C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063471.exe
15.9.2010 1:51:39 Detected: Trojan.Win32.Refroso.bwxr C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063474.exe
15.9.2010 1:51:40 Deleted: Trojan.Win32.Refroso.bwys C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063472.exe
15.9.2010 1:51:40 Detected: Trojan.Win32.Refroso.bwyl C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063475.exe
15.9.2010 1:51:40 Deleted: Trojan.Win32.Refroso.bwys C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063473.exe
15.9.2010 1:51:40 Detected: Trojan.Win32.Refroso.bwzv C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063476.exe
15.9.2010 1:51:40 Deleted: Trojan.Win32.Refroso.bwyl C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063475.exe
15.9.2010 1:51:40 Detected: Trojan.Win32.Refroso.bwzt C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063477.exe
15.9.2010 1:51:41 Deleted: Trojan.Win32.Refroso.bwxr C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063474.exe
15.9.2010 1:51:41 Detected: Trojan.Win32.Refroso.bwxr C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063478.exe
15.9.2010 1:51:41 Deleted: Trojan.Win32.Refroso.bwzt C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063477.exe
15.9.2010 1:51:41 Detected: Trojan.Win32.Refroso.bxaa C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063479.exe
15.9.2010 1:51:42 Deleted: Trojan.Win32.Refroso.bwzv C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063476.exe
15.9.2010 1:51:43 Deleted: Trojan.Win32.Refroso.bxaa C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063479.exe
15.9.2010 1:51:44 Deleted: Trojan.Win32.Refroso.bwxr C:\System Volume Information\_restore{A56042C4-E584-41CC-AF2D-7B4A26BF743A}\RP134\A0063478.exe
15.9.2010 1:54:36 Detected: Virus.Win32.Protector.h C:\WINDOWS\system32\dllcache\cdrom.sys
15.9.2010 1:54:37 Disinfected: Virus.Win32.Protector.h C:\WINDOWS\system32\dllcache\cdrom.sys
15.9.2010 1:54:37 Disinfected: Virus.Win32.Protector.h C:\WINDOWS\system32\dllcache\cdrom.sys
15.9.2010 1:55:16 Task completed

#14 Příspěvek od **motji** » 15 zář 2010 09:03

Ještě pořád bude napadený cdrom.sys. Ale na viruta to nevypadá, dobrá zpráva

. Akorát že rootkit se asi bude bránit odhalení.

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

***********

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

****************************

Běžte do nouzového režimu s prací v síti.

*********************

Stahněte Rkill z jednoho z odkazů, pokud by ho vir blokoval, zkuste stahnout jiný

Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif

-spusťte ho a nechejte pracovat. Sám se ukončí.

-

Ted nerestartujte počítač!

************************

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- přejmenujte ho na cobra.com

-souhlaste s instalací konzole pro zotavení

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

Kobrik · #15 Příspěvek od **Kobrik** » 15 zář 2010 18:46

Dobrý večer, takže přikládám log. ComboFixu. Jediné, co nefungovalo, tak byl příkaz ComboFix /Unistal. Systém nemohl žádnou instalaci ComboFixu nalézt. Jinak vše probíhalo bez potíží.

ComboFix 10-09-14.05 - Bronislav Žáček 15.09.2010 19:35:57.4.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1752 [GMT 2:00]
Spuštěný z: c:\documents and settings\Bronislav Žáček\Plocha\cobra.com

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\admin\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\Bronislav Žáček\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\Martin Bilík\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\Tomáš Stojaník\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\muzapp.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-15 do 2010-09-15 )))))))))))))))))))))))))))))))
.

2010-09-15 17:33 . 2010-09-15 17:33 -------- d--h--w- c:\windows\PIF
2010-09-15 17:12 . 2010-09-15 17:12 -------- d-----w- c:\windows\LastGood
2010-09-13 14:25 . 2010-09-14 23:54 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-09-13 08:01 . 2010-09-13 08:02 -------- d-----w- c:\program files\CCleaner
2010-09-12 05:23 . 2010-09-12 05:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-12 05:15 . 2010-09-12 05:16 -------- dc-h--w- c:\windows\ie8
2010-09-12 05:12 . 2010-06-18 11:39 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-09-12 05:11 . 2010-06-24 12:27 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-05 00:57 . 2010-09-05 05:09 -------- d-----w- C:\Outlook záloha
2010-08-25 21:53 . 2010-06-21 03:26 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2010-08-25 21:53 . 2010-06-21 03:26 10344 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2010-08-25 21:53 . 2010-06-21 03:26 10344 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2010-08-25 21:53 . 2010-06-21 03:26 121576 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2010-08-25 21:53 . 2010-06-21 03:26 96488 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2010-08-25 21:53 . 2010-06-21 03:26 10216 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2010-08-25 21:53 . 2010-06-21 03:26 10216 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2010-08-25 21:51 . 2010-07-26 13:15 36640 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2010-08-25 21:51 . 2010-07-26 13:15 217088 ----a-w- c:\windows\system32\FsUsbExService.Exe
2010-08-25 21:51 . 2010-07-26 13:15 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2010-08-25 21:48 . 2010-08-25 21:48 -------- d-----w- c:\program files\MarkAny
2010-08-25 21:47 . 2010-08-25 21:47 -------- d-----w- c:\program files\Microsoft.NET
2010-08-25 21:44 . 2010-08-25 21:45 -------- d-----w- C:\3001944a79da2dc167
2010-08-25 21:40 . 2010-08-25 21:47 -------- d-----w- C:\9abd0e93463ab4957f491a
2010-08-25 21:09 . 2010-08-25 21:52 -------- d-----w- c:\program files\Samsung
2010-08-25 21:09 . 2010-08-25 21:48 -------- d-----w- c:\program files\Common Files\Samsung
2010-08-20 18:29 . 2010-09-15 16:45 -------- d-----w- c:\program files\DNA

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 16:52 . 2010-08-14 19:34 -------- d-----w- c:\program files\trend micro
2010-08-26 00:42 . 2010-08-26 00:42 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-08-25 21:53 . 2010-04-28 08:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-25 21:50 . 2010-04-28 12:58 -------- d-----w- c:\program files\PC Connectivity Solution
2010-08-25 21:43 . 2008-04-14 12:00 87394 ----a-w- c:\windows\system32\perfc005.dat
2010-08-25 21:43 . 2008-04-14 12:00 453084 ----a-w- c:\windows\system32\perfh005.dat
2010-08-14 23:14 . 2008-04-14 12:00 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-08-13 04:13 . 2010-08-13 04:13 -------- d-----w- c:\program files\Common Files\Java
2010-08-13 04:13 . 2010-04-28 08:33 -------- d-----w- c:\program files\Java
2010-08-06 04:04 . 2010-05-08 06:18 -------- d-----w- c:\program files\SJphone 1.65
2010-07-26 13:17 . 2010-07-26 13:17 95568 ----a-w- c:\windows\system32\dgdersvc.exe
2010-07-26 13:17 . 2010-07-26 13:17 726352 ----a-w- c:\windows\system32\dgderapi.dll
2010-07-26 13:17 . 2010-07-26 13:17 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2010-07-26 13:17 . 2010-07-26 13:17 18136 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2010-07-17 16:03 . 2010-07-17 16:03 74728 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-17 16:00 . 2010-07-17 16:00 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-07-17 03:00 . 2010-04-28 10:22 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-24 12:27 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-09-12 21:05 . 2009-09-12 21:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-12 21:06 . 2009-09-12 21:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-12 21:06 . 2009-09-12 21:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-12 21:06 . 2009-09-12 21:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-12 21:06 . 2009-09-12 21:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-12 21:07 . 2009-09-12 21:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-12 21:06 . 2009-09-12 21:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-12 21:06 . 2009-09-12 21:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-08-14 11:33 . 2009-08-14 11:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-12 21:06 . 2009-09-12 21:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{998A3C0C-8914-4D2A-AE36-BFA2E5AE6D5D}]
2010-07-11 08:51 638976 ----a-w- c:\program files\Digsby Donates\ShoppingBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 15:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-08-20 323392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2010-07-28 3365176]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Martin Bilˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-9-11 393216]

c:\documents and settings\Miroslav Turźˇnek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-9-11 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Online plug-in.lnk - c:\windows\Installer\{B8A2256E-6225-4D9E-B1C9-C26CA1E22FEB}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2010-4-29 73728]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2006-04-09 18:59 24674 ----a-w- c:\windows\system32\ckpNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\SJphone 1.65\\SJphone.exe"=
"c:\\Documents and Settings\\Tomáš Stojaník\\Plocha\\config.exe"=
"c:\\Documents and Settings\\Bronislav Žáček\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Documents and Settings\\Bronislav Žáček\\Data aplikací\\Microsoft\\Internet Explorer\\Quick Launch\\config.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Documents and Settings\\Martin Bilík\\Plocha\\config.exe"=
"c:\\Documents and Settings\\Miroslav Turčínek\\Plocha\\config.exe"=
"c:\\Documents and Settings\\Bronislav Žáček\\Plocha\\config.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [29.4.2010 10:35 109072]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [28.4.2010 10:24 37376]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [29.4.2010 10:35 2234320]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [25.3.2010 20:06 110608]
S0 cerc6;cerc6; [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [8.9.2009 18:13 65584]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [9.5.2010 7:29 123856]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [9.5.2010 7:28 41680]
S2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [29.4.2010 10:35 36400]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [26.7.2010 15:17 95568]
S2 ekeiidyko6koty;PowerUtility TV Recording Reservation;c:\windows\system32\weda.exe --> c:\windows\system32\weda.exe [?]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [25.8.2010 23:51 217088]
S2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [29.4.2010 12:03 6016]
S2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [29.4.2010 10:35 671472]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [26.7.2010 15:17 18136]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [25.8.2010 23:51 36640]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [25.8.2010 23:53 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [25.8.2010 23:53 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [25.8.2010 23:53 121576]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [9.5.2010 7:29 99728]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [9.5.2010 10:16 31824]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.5.2010 19:08 691696]
.
Obsah adresáře 'Naplánované úlohy'

2010-09-15 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 15:29]

2010-09-15 c:\windows\Tasks\User_Feed_Synchronization-{5FBF80ED-672D-4256-B380-FD88BB024233}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

2010-09-15 c:\windows\Tasks\User_Feed_Synchronization-{E7CA6F26-AD3A-4ECD-ACAD-7C779DAE33F7}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

2010-09-15 c:\windows\Tasks\User_Feed_Synchronization-{FB2531FB-FAEE-437E-A52B-003A43ED731D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://10.1.112.9/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyServer = 217.112.175.67:3128
uInternet Settings,ProxyOverride = 10.1.1.171;172.22.4.31:8080;10.1.112.3;synot-sd;10.1.29.187;10.1.112.9;maxpower.gamemonitoring.cz;80.251.247.117;citrix-web;10.1.29.*;10.1.1.170;<local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {71C0ACB6-A81D-485C-A092-8C227CDC6015} = 10.1.29.132,10.1.29.133
FF - ProfilePath - c:\documents and settings\Bronislav Žáček\Data aplikací\Mozilla\Firefox\Profiles\eo7xwbsa.default\
FF - prefs.js: browser.startup.homepage - hxxp://10.1.29.134/CAisd/pdmweb.exe
FF - prefs.js: network.proxy.http - 10.1.59.100
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-KiesTrayAgent - (no file)
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-15 19:39
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(992)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\ICA Client\pnsson.dll
.
Celkový čas: 2010-09-15 19:41:29
ComboFix-quarantined-files.txt 2010-09-15 17:41

Před spuštěním: Volných bajtů: 120 867 479 552
Po spuštění: Volných bajtů: 120 901 922 816

- - End Of File - - F4714F6633DF225A76D1884EBBD7E2F3

VIRY.CZ

Infiltrace Protector.N virus

Infiltrace Protector.N virus

Re: Infiltrace Protector.N virus

Re: Infiltrace Protector.N virus

Re: Infiltrace Protector.N virus

Re: Infiltrace Protector.N virus

Re: Infiltrace Protector.N virus

Re: Infiltrace Protector.N virus

Re: Infiltrace Protector.N virus

Re: Infiltrace Protector.N virus

Re: Infiltrace Protector.N virus

Re: Infiltrace Protector.N virus

Re: Infiltrace Protector.N virus

Re: Infiltrace Protector.N virus

Re: Infiltrace Protector.N virus

Re: Infiltrace Protector.N virus