Prosím o kontrolu

Zpráva

sorcer · #1 Příspěvek od **sorcer** » 09 čer 2014 14:02

Zdravím, u známého řešíme hlášení z firewallu, který je součástí Kaspersky Ant 2014, hlásí blokaci síťové komunikace u aplikace:
C:\Windows\System32\lcpmncqaje.exe

Jediné info, které jsem našel:

Výsledek: Zjištěno: not-a-virus:RiskTool.Win32.BitCoinMiner.lrc
Objekt: C:\WINDOWS\system32\lcpmncqaje.exe

A pak k tomu info z netu:

Malware Analysis of not-a-virus:RiskTool.Win32.BitCoinMiner.lrc
Created files:

%Temp%\Filter.exe
%Temp%\libcurl-4.dll - tento sem nalezl v C:\WINDOWS\system32
%Temp%\pthreadGC2.dll -tento sem nalezl v C:\WINDOWS\system32
%Temp%\zlib1.dll - tento sem nalezl v C:\WINDOWS\system32

Autostart registry keys:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\bb2fc51bfac98fc28aed227e01c235ad: “c:\sand-box\bb2fc51bfac98fc28aed227e01c235ad.exe”
Detected by UnHackMe:

FILTER.EXE
Default location: %TEMP%\FILTER.EXE

Dropper hash(md5): bb2fc51bfac98fc28aed227e01c235ad

Přikládám log z FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-06-2014 01
Ran by antcerm (administrator) on Seiko_2 on 09-06-2014 14:45:32
Running from C:\Documents and Settings\antcerm\Plocha
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe
() C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
() C:\Program Files\ASUS\Six Engine\SixEngine.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
(Golis (c)) C:\Program Files\System OKO\TEPLOMER.EXE
() C:\WINDOWS\system32\lcpmncqaje.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.KAV_CS_ADMIN_KIT\MSSQL\Binn\sqlservr.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Center\klnagent.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Center\vapm.exe
(Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\wmi32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16862720 2008-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Six Engine] => C:\Program Files\ASUS\Six Engine\SixEngine.exe [5964800 2008-06-03] ()
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5574456 2011-10-13] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [394744 2011-10-13] (Acronis)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [13570048 2008-07-26] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMcTray.dll [86016 2008-07-26] (NVIDIA Corporation)
HKLM\...\Run: [RAM_DEFRAG] => [X]
HKLM\...\Run: [SAOB Monitor] => C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2537096 2011-09-22] (Acronis)
HKLM\...\Run: [Služba Acronis Scheduler2] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [394744 2011-10-13] (Acronis)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [MSStp] => C:\WINDOWS\inf\msstp.vbe [1584 2014-03-05] ()
HKLM\...\Run: [mncqajeSrv] => C:\WINDOWS\system32\mncqaje.vbe [7670 2014-03-05] ()
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe [741360 2013-11-27] (Kaspersky Lab ZAO)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
HKU\S-1-5-21-1935655697-823518204-682003330-1003\...\MountPoints2: {46290a1a-cbf1-11de-b619-004f6301381d} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1935655697-823518204-682003330-1003\...\MountPoints2: {8e20ffab-b96b-11de-9af6-004f6301381d} - F:\setup.exe
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll
Startup: C:\Documents and Settings\antcerm\Nabídka Start\Programy\Po spuštění\TEPLOMER.lnk
ShortcutTarget: TEPLOMER.lnk -> C:\Program Files\System OKO\TEPLOMER.EXE (Golis (c))

==================== Internet (Whitelisted) ====================

ProxyServer: 192.168.117.17:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.live.com/login.srf?wa=wsi ... mai&snsc=1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 6923904687
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{FAD99E9A-548D-4765-BBE7-5B3897F9AF27}: [NameServer]192.168.1.1,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Documents and Settings\antcerm\Data aplikací\Mozilla\Firefox\Profiles\eaj0isdq.default
FF Homepage: chrome://newtabplus/content/newtab.html
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: New Tab Plus - C:\Documents and Settings\antcerm\Data aplikací\Mozilla\Firefox\Profiles\eaj0isdq.default\Extensions\weidunewtab@gmail.com [2014-05-02]
FF Extension: X-notifier - C:\Documents and Settings\antcerm\Data aplikací\Mozilla\Firefox\Profiles\eaj0isdq.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2013-12-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKCU\...\Firefox\Extensions: [{b9aa91db-385d-4c69-8a2f-96790aa9405b}] - c:\program files\copernic\desktopsearch4\firefoxconnector
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []

Chrome:
=======
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR HKCU\...\Chrome\Extension: [cnnbdaahphjgdgfhliignpepgnbnfomp] - c:\program files\copernic\desktopsearch4\ChromeConnector\ChromeConnector.crx []

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [804448 2011-10-13] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2012-12-28] (Acronis)
U2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe [741360 2013-11-27] (Kaspersky Lab ZAO)
S4 hasplms; C:\WINDOWS\system32\hasplms.exe [2558464 2008-03-19] (Aladdin Knowledge Systems Ltd.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-03-17] (Oracle Corporation)
R2 klactprx; C:\Program Files\Kaspersky Lab\Kaspersky Security Center\klactprx.exe [181016 2013-11-19] (Kaspersky Lab ZAO)
R2 kladminserver; C:\Program Files\Kaspersky Lab\Kaspersky Security Center\klserver.exe [95520 2013-11-19] (Kaspersky Lab ZAO)
R2 klnagent; C:\Program Files\Kaspersky Lab\Kaspersky Security Center\klnagent.exe [132600 2013-11-19] (Kaspersky Lab ZAO)
R2 klwebsrv; C:\Program Files\Kaspersky Lab\Kaspersky Security Center\klcsweb.exe [199368 2013-11-19] (Kaspersky Lab ZAO)
R3 ksnproxy; C:\Program Files\Kaspersky Lab\Kaspersky Security Center\ksnproxy.exe [148568 2013-11-19] (Kaspersky Lab ZAO)
R2 MSSQL$KASPERSKY; C:\Program Files\Microsoft SQL Server\MSSQL10_50.KASPERSKY\MSSQL\Binn\sqlservr.exe [43129288 2012-06-29] (Microsoft Corporation)
R2 MSSQL$KAV_CS_ADMIN_KIT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.KAV_CS_ADMIN_KIT\MSSQL\Binn\sqlservr.exe [43129288 2012-06-29] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Správce výběru OS; C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2156952 2010-07-07] ()
S4 SQLAgent$KASPERSKY; C:\Program Files\Microsoft SQL Server\MSSQL10_50.KASPERSKY\MSSQL\Binn\SQLAGENT.EXE [379848 2012-06-29] (Microsoft Corporation)
S4 SQLAgent$KAV_CS_ADMIN_KIT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.KAV_CS_ADMIN_KIT\MSSQL\Binn\SQLAGENT.EXE [379848 2012-06-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aksfridge; C:\WINDOWS\System32\DRIVERS\aksfridge.sys [350720 2008-03-18] (Aladdin Knowledge Systems Ltd.)
S3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [238976 2007-07-05] (Aladdin Knowledge Systems Ltd.)
S3 akshhl; C:\WINDOWS\System32\DRIVERS\akshhl.sys [46336 2007-07-23] (Aladdin Knowledge Systems Ltd.)
S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [14976 2007-07-05] (Aladdin Knowledge Systems Ltd.)
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [586240 2008-02-11] (Aladdin Knowledge Systems Ltd.)
R2 Haspnt; C:\WINDOWS\system32\drivers\Haspnt.sys [47616 2009-05-21] (Aladdin Knowledge Systems) [File not signed]
R0 KL1; C:\WINDOWS\System32\DRIVERS\kl1.sys [135776 2013-09-05] (Kaspersky Lab ZAO)
R1 KLFLTDEV; C:\WINDOWS\System32\DRIVERS\klfltdev.sys [26208 2013-07-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [621664 2014-05-23] (Kaspersky Lab ZAO)
R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [34648 2012-11-23] (Kaspersky Lab ZAO)
R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [43864 2012-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [144224 2013-07-01] (Kaspersky Lab ZAO)
R3 L1e; C:\WINDOWS\System32\DRIVERS\l1e51x86.sys [36864 2008-02-03] (Atheros Communications, Inc.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R0 mv61xx; C:\WINDOWS\System32\DRIVERS\mv61xx.sys [150568 2008-06-10] (Marvell Semiconductor, Inc.)
S4 RsFx0153; C:\WINDOWS\System32\DRIVERS\RsFx0153.sys [249288 2012-06-29] (Microsoft Corporation)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [113608 2013-04-15] (Power Software Ltd)
S3 Ser2pl; C:\WINDOWS\System32\DRIVERS\ser2pl.sys [43136 2003-11-30] (Prolific Technology Inc.) [File not signed]
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [32288 2009-05-20] (Acronis) [File not signed]
S3 FWL; \??\C:\Program files\Software602\602LAN SUITE\fwl.sys [X]
S4 IntelIde; No ImagePath
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [78432 2014-05-23] (Kaspersky Lab ZAO)
S3 MSICDSetup; \??\D:\CDriver.sys [X]
S3 nmwcd; system32\drivers\ccdcmb.sys [X]
S3 nmwcdc; system32\drivers\ccdcmbo.sys [X]
S3 nmwcdnsu; system32\drivers\nmwcdnsu.sys [X]
S3 nmwcdnsuc; system32\drivers\nmwcdnsuc.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [X]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-09 14:45 - 2014-06-09 14:46 - 00014776 _____ () C:\Documents and Settings\antcerm\Plocha\FRST.txt
2014-06-09 14:45 - 2014-06-09 14:45 - 00029696 _____ () C:\Documents and Settings\antcerm\Local Settings\Data aplikací\MSGBOX.EXE
2014-06-09 14:45 - 2014-06-09 14:45 - 00000000 ____D () C:\FRST
2014-06-09 14:31 - 2014-06-09 14:31 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\antcerm\Plocha\FRSTLauncher.exe
2014-06-09 14:28 - 2014-06-09 14:29 - 01072128 _____ (Farbar) C:\Documents and Settings\antcerm\Plocha\FRST.exe
2014-06-07 02:00 - 2014-06-09 02:00 - 00000000 ____D () C:\Documents and Settings\antcerm\Plocha\SC Backup
2014-06-06 16:54 - 2014-02-11 12:30 - 07033240 _____ (TeamViewer GmbH) C:\Documents and Settings\antcerm\Plocha\TeamViewer_Setup.exe
2014-06-06 16:30 - 2014-06-06 19:45 - 3922624512 ____R () C:\Documents and Settings\antcerm\Plocha\DRP_14.6.iso
2014-06-06 16:29 - 2014-06-09 14:15 - 00000000 ____D () C:\Documents and Settings\antcerm\Data aplikací\uTorrent
2014-06-06 16:29 - 2014-06-06 16:29 - 00000821 _____ () C:\Documents and Settings\antcerm\Nabídka Start\µTorrent.lnk
2014-06-06 15:56 - 2014-06-06 15:56 - 00000203 _____ () C:\Documents and Settings\All Users\Dokumenty\Update problem.bat
2014-06-06 14:48 - 2014-06-06 14:49 - 00000000 ____D () C:\Documents and Settings\All Users\Dokumenty\KAS
2014-06-05 13:48 - 2014-06-05 13:48 - 00002001 _____ () C:\Documents and Settings\antcerm\Plocha\Kaspersky Security Center.lnk
2014-06-04 15:27 - 2014-06-05 14:05 - 00000182 _____ () C:\Documents and Settings\All Users\Dokumenty\registr - listy.txt
2014-06-03 03:00 - 2014-06-03 03:00 - 00297786 _____ () C:\WINDOWS\msxml4-KB2758694-enu.LOG
2014-06-02 17:14 - 2014-06-09 02:01 - 00000000 ____D () C:\Documents and Settings\KlScSvc\Local Settings\Temp
2014-06-02 17:14 - 2014-06-09 02:00 - 00000178 ___SH () C:\Documents and Settings\KlScSvc\ntuser.ini
2014-06-02 17:14 - 2014-06-09 02:00 - 00000178 ___SH () C:\Documents and Settings\KL-AK-94EAB09EF1B841\ntuser.ini
2014-06-02 17:14 - 2014-06-05 14:52 - 00000000 ____D () C:\Documents and Settings\KL-AK-94EAB09EF1B841\Local Settings\Temp
2014-06-02 17:14 - 2014-06-02 17:14 - 00000000 ____D () C:\Documents and Settings\KlScSvc
2014-06-02 17:14 - 2014-06-02 17:14 - 00000000 ____D () C:\Documents and Settings\KL-AK-94EAB09EF1B841
2014-06-02 17:14 - 2013-09-18 03:02 - 00000000 ___HD () C:\Documents and Settings\KlScSvc\Local Settings\Data aplikací
2014-06-02 17:14 - 2013-09-18 03:02 - 00000000 ___HD () C:\Documents and Settings\KL-AK-94EAB09EF1B841\Local Settings\Data aplikací
2014-06-02 17:14 - 2013-09-18 03:02 - 00000000 ____D () C:\Documents and Settings\KlScSvc\Local Settings\Data aplikací\Microsoft Help
2014-06-02 17:14 - 2013-09-18 03:02 - 00000000 ____D () C:\Documents and Settings\KL-AK-94EAB09EF1B841\Local Settings\Data aplikací\Microsoft Help
2014-06-02 17:14 - 2009-03-11 16:33 - 00000000 __RHD () C:\Documents and Settings\KlScSvc\Data aplikací
2014-06-02 17:14 - 2009-03-11 16:33 - 00000000 __RHD () C:\Documents and Settings\KL-AK-94EAB09EF1B841\Data aplikací
2014-06-02 17:14 - 2009-03-11 16:33 - 00000000 ___RD () C:\Documents and Settings\KlScSvc\Nabídka Start\Programy\Po spuštění
2014-06-02 17:14 - 2009-03-11 16:33 - 00000000 ___RD () C:\Documents and Settings\KlScSvc\Nabídka Start
2014-06-02 17:14 - 2009-03-11 16:33 - 00000000 ___RD () C:\Documents and Settings\KL-AK-94EAB09EF1B841\Nabídka Start\Programy\Po spuštění
2014-06-02 17:14 - 2009-03-11 16:33 - 00000000 ___RD () C:\Documents and Settings\KL-AK-94EAB09EF1B841\Nabídka Start
2014-06-02 17:14 - 2009-03-11 16:33 - 00000000 ___HD () C:\Documents and Settings\KlScSvc\Okolní tiskárny
2014-06-02 17:14 - 2009-03-11 16:33 - 00000000 ___HD () C:\Documents and Settings\KlScSvc\Okolní síť
2014-06-02 17:14 - 2009-03-11 16:33 - 00000000 ___HD () C:\Documents and Settings\KL-AK-94EAB09EF1B841\Okolní tiskárny
2014-06-02 17:14 - 2009-03-11 16:33 - 00000000 ___HD () C:\Documents and Settings\KL-AK-94EAB09EF1B841\Okolní síť
2014-06-02 17:14 - 2009-03-11 16:33 - 00000000 ____D () C:\Documents and Settings\KlScSvc\Plocha
2014-06-02 17:14 - 2009-03-11 16:33 - 00000000 ____D () C:\Documents and Settings\KlScSvc\Oblíbené položky
2014-06-02 17:14 - 2009-03-11 16:33 - 00000000 ____D () C:\Documents and Settings\KlScSvc\Dokumenty
2014-06-02 17:14 - 2009-03-11 16:33 - 00000000 ____D () C:\Documents and Settings\KL-AK-94EAB09EF1B841\Plocha
2014-06-02 17:14 - 2009-03-11 16:33 - 00000000 ____D () C:\Documents and Settings\KL-AK-94EAB09EF1B841\Oblíbené položky
2014-06-02 17:14 - 2009-03-11 16:33 - 00000000 ____D () C:\Documents and Settings\KL-AK-94EAB09EF1B841\Dokumenty
2014-06-02 17:14 - 2009-03-11 08:53 - 00001599 _____ () C:\Documents and Settings\KlScSvc\Nabídka Start\Programy\Vzdálená pomoc.lnk
2014-06-02 17:14 - 2009-03-11 08:53 - 00001599 _____ () C:\Documents and Settings\KL-AK-94EAB09EF1B841\Nabídka Start\Programy\Vzdálená pomoc.lnk
2014-06-02 17:14 - 2009-03-11 08:53 - 00000792 _____ () C:\Documents and Settings\KlScSvc\Nabídka Start\Programy\Windows Media Player.lnk
2014-06-02 17:14 - 2009-03-11 08:53 - 00000792 _____ () C:\Documents and Settings\KL-AK-94EAB09EF1B841\Nabídka Start\Programy\Windows Media Player.lnk
2014-06-02 17:14 - 2009-03-11 08:53 - 00000000 ___RD () C:\Documents and Settings\KlScSvc\Nabídka Start\Programy\Příslušenství
2014-06-02 17:14 - 2009-03-11 08:53 - 00000000 ___RD () C:\Documents and Settings\KlScSvc\Nabídka Start\Programy
2014-06-02 17:14 - 2009-03-11 08:53 - 00000000 ___RD () C:\Documents and Settings\KL-AK-94EAB09EF1B841\Nabídka Start\Programy\Příslušenství
2014-06-02 17:14 - 2009-03-11 08:53 - 00000000 ___RD () C:\Documents and Settings\KL-AK-94EAB09EF1B841\Nabídka Start\Programy
2014-06-02 17:14 - 2009-03-11 08:50 - 00000000 ___HD () C:\Documents and Settings\KlScSvc\Šablony
2014-06-02 17:14 - 2009-03-11 08:50 - 00000000 ___HD () C:\Documents and Settings\KL-AK-94EAB09EF1B841\Šablony
2014-06-02 17:12 - 2014-06-02 17:12 - 00000000 ____D () C:\Program Files\Common Files\Cisco Systems
2014-06-02 17:12 - 2014-06-02 17:12 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Kaspersky Security Center
2014-06-02 17:11 - 2014-06-02 17:11 - 00304516 _____ () C:\WINDOWS\msxml4-KB973685-enu.LOG
2014-06-02 17:10 - 2012-06-29 01:22 - 00082888 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf-MSSQL$KAV_CS_ADMIN_KIT-sqlctr10.52.4000.0.dll
2014-06-02 17:10 - 2012-06-29 01:22 - 00057288 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf-MSSQL10_50.KAV_CS_ADMIN_KIT-sqlagtctr.dll
2014-06-02 17:05 - 2012-06-29 01:22 - 00082888 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf-MSSQL$KASPERSKY-sqlctr10.52.4000.0.dll
2014-06-02 17:05 - 2012-06-29 01:22 - 00057288 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf-MSSQL10_50.KASPERSKY-sqlagtctr.dll
2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\WINDOWS\system32\RsFx
2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Microsoft SQL Server 2008
2014-06-02 16:58 - 2014-06-02 17:04 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Microsoft SQL Server 2008 R2
2014-06-02 16:44 - 2014-06-02 16:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-06-02 16:43 - 2014-06-02 16:53 - 00014377 _____ () C:\WINDOWS\KB942288-v3.log
2014-06-02 16:36 - 2014-06-02 16:36 - 00000000 ____D () C:\ksc 10.1
2014-06-02 16:36 - 2014-06-02 16:36 - 00000000 ____D () C:\Documents and Settings\antcerm\Plocha\KSC 10.1
2014-06-02 16:15 - 2014-06-02 16:35 - 815695488 _____ (Kaspersky Lab) C:\Documents and Settings\antcerm\Plocha\ksc10.1.249.0cs.exe
2014-06-02 15:21 - 2014-06-03 16:17 - 00000000 ____D () C:\Documents and Settings\All Users\Dokumenty\zálohy Outlook
2014-05-29 15:01 - 2014-05-29 15:07 - 00000104 _____ () C:\Documents and Settings\antcerm\Plocha\DYMO.txt
2014-05-29 15:01 - 2014-05-29 15:01 - 00000000 ____D () C:\Documents and Settings\antcerm\Plocha\Můňa
2014-05-29 09:13 - 2014-05-29 10:26 - 00033280 ___SH () C:\Documents and Settings\All Users\Dokumenty\Thumbs.db
2014-05-28 15:36 - 2014-06-05 14:56 - 00000434 _____ () C:\Documents and Settings\antcerm\Plocha\Kaspersky + Office.txt
2014-05-27 13:16 - 2014-05-27 13:27 - 00000000 ____D () C:\Documents and Settings\All Users\Dokumenty\Powerkey - registr
2014-05-26 14:10 - 2014-05-26 14:10 - 00000000 ____D () C:\Documents and Settings\antcerm\Plocha\Mamka
2014-05-23 09:47 - 2014-05-23 09:47 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Kaspersky Endpoint Security 10 for Windows
2014-05-23 09:32 - 2014-05-23 09:32 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2014-05-23 08:54 - 2014-06-09 14:07 - 03342336 _____ () C:\WINDOWS\system32\config\Kaspersk.evt
2014-05-23 08:53 - 2014-06-09 14:46 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2014-05-23 08:53 - 2014-06-02 17:12 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2014-05-23 08:52 - 2014-05-23 08:52 - 00621664 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2014-05-23 08:52 - 2014-05-23 08:52 - 00078432 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys
2014-05-23 08:42 - 2014-05-23 08:42 - 00000003 _____ () C:\Documents and Settings\antcerm\stut
2014-05-23 08:40 - 2014-06-02 16:55 - 00000789 _____ () C:\Documents and Settings\antcerm\rgut
2014-05-23 08:39 - 2014-05-23 08:42 - 00000000 ____D () C:\Documents and Settings\antcerm\Local Settings\Data aplikací\Avg2013
2014-05-23 08:37 - 2014-05-23 08:37 - 00000270 _____ () C:\Documents and Settings\antcerm\Plocha\Změna názvu PC.txt
2014-05-22 13:56 - 2014-05-29 10:28 - 00000210 _____ () C:\Documents and Settings\All Users\Dokumenty\programy paní Kolářová.txt
2014-05-21 22:26 - 2014-05-21 22:38 - 570570144 _____ (Microsoft Corporation) C:\Documents and Settings\antcerm\Plocha\MS Office 2010 Czech 32bit.exe
2014-05-20 15:16 - 2014-05-20 15:23 - 00000000 ____D () C:\Program Files\Bootable USB Windows ( XP Vista Win 7) Maker 2011
2014-05-20 15:16 - 2014-05-20 15:16 - 00000000 ____D () C:\WINDOWS\system32\bitstreams
2014-05-20 15:16 - 2014-03-05 23:19 - 00007670 ____S () C:\WINDOWS\system32\mncqaje.vbe
2014-05-20 15:16 - 2013-12-10 01:30 - 10236928 ____S () C:\WINDOWS\system32\acumncqaje.exe
2014-05-20 15:16 - 2013-10-26 21:30 - 01704448 ____S (The OpenSSL Project, http://www.openssl.org/) C:\WINDOWS\system32\libeay32.dll
2014-05-20 15:16 - 2013-10-26 21:30 - 00972814 ____S () C:\WINDOWS\system32\dcgmncqaje.exe
2014-05-20 15:16 - 2013-10-26 21:30 - 00538126 ____S () C:\WINDOWS\system32\libcurl-4.dll
2014-05-20 15:16 - 2013-10-26 21:30 - 00364544 ____S (The OpenSSL Project, http://www.openssl.org/) C:\WINDOWS\system32\ssleay32.dll
2014-05-20 15:16 - 2013-10-26 21:30 - 00192512 ____S () C:\WINDOWS\system32\libidn-11.dll
2014-05-20 15:16 - 2013-10-26 21:30 - 00171008 ____S (The libssh2 library, http://www.libssh2.org/) C:\WINDOWS\system32\libssh2.dll
2014-05-20 15:16 - 2013-10-26 21:30 - 00133632 ____S () C:\WINDOWS\system32\librtmp.dll
2014-05-20 15:16 - 2013-10-26 21:30 - 00044727 ____S () C:\WINDOWS\system32\diablo130302.cl
2014-05-20 15:16 - 2013-10-26 21:30 - 00043810 ____S () C:\WINDOWS\system32\poclbm130302.cl
2014-05-20 15:16 - 2013-10-26 21:30 - 00030802 ____S () C:\WINDOWS\system32\diakgcn121016.cl
2014-05-20 15:16 - 2013-10-26 21:30 - 00023825 ____S () C:\WINDOWS\system32\scrypt130511.cl
2014-05-20 15:16 - 2013-10-26 21:30 - 00013062 ____S () C:\WINDOWS\system32\phatk121016.cl
2014-05-20 15:16 - 2013-07-18 17:06 - 00187904 ____S () C:\WINDOWS\system32\lcpmncqaje.exe
2014-05-20 15:16 - 2013-06-12 16:15 - 00119888 ____S (Open Source Software community LGPL) C:\WINDOWS\system32\pthreadGC2.dll
2014-05-20 15:16 - 2013-06-12 16:15 - 00100864 ____S () C:\WINDOWS\system32\zlib1.dll
2014-05-20 15:16 - 2012-09-26 00:46 - 00472424 ____S (NVIDIA Corporation) C:\WINDOWS\system32\cudart32_50_35.dll
2014-05-20 15:16 - 2012-05-27 02:36 - 00055808 ____S (Open Source Software community LGPL) C:\WINDOWS\system32\pthreadVC2.dll
2014-05-19 15:19 - 2014-05-19 15:27 - 00000000 ____D () C:\Documents and Settings\antcerm\Plocha\Záloha notebook ERIKA
2014-05-15 15:34 - 2014-06-06 16:02 - 00000000 ____D () C:\Documents and Settings\antcerm\Plocha\ISO's
2014-05-15 08:15 - 2014-05-15 08:15 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 08:12 - 2014-05-15 08:17 - 00000000 ____D () C:\Documents and Settings\antcerm\Plocha\KA Select - licence+klíče
2014-05-14 13:24 - 2014-05-14 13:24 - 00000000 ____D () C:\Documents and Settings\antcerm\Data aplikací\HP
2014-05-14 13:23 - 2014-05-14 13:25 - 00000000 ____D () C:\hp_CLJ_1600_Full_Solution
2014-05-12 14:54 - 2014-05-12 14:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-06-09 14:47 - 2013-12-19 08:37 - 00001034 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-823518204-682003330-1005UA.job
2014-06-09 14:47 - 2009-03-11 09:43 - 00000000 ____D () C:\Documents and Settings\antcerm\Local Settings\Temp
2014-06-09 14:46 - 2014-06-09 14:45 - 00014776 _____ () C:\Documents and Settings\antcerm\Plocha\FRST.txt
2014-06-09 14:46 - 2014-05-23 08:53 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2014-06-09 14:45 - 2014-06-09 14:45 - 00029696 _____ () C:\Documents and Settings\antcerm\Local Settings\Data aplikací\MSGBOX.EXE
2014-06-09 14:45 - 2014-06-09 14:45 - 00000000 ____D () C:\FRST
2014-06-09 14:45 - 2009-03-11 09:43 - 00000000 ___HD () C:\Documents and Settings\antcerm\Local Settings\Data aplikací
2014-06-09 14:45 - 2009-03-11 09:43 - 00000000 ____D () C:\Documents and Settings\antcerm\Plocha
2014-06-09 14:31 - 2014-06-09 14:31 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\antcerm\Plocha\FRSTLauncher.exe
2014-06-09 14:29 - 2014-06-09 14:28 - 01072128 _____ (Farbar) C:\Documents and Settings\antcerm\Plocha\FRST.exe
2014-06-09 14:28 - 2012-05-02 14:09 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-09 14:15 - 2014-06-06 16:29 - 00000000 ____D () C:\Documents and Settings\antcerm\Data aplikací\uTorrent
2014-06-09 14:07 - 2014-05-23 08:54 - 03342336 _____ () C:\WINDOWS\system32\config\Kaspersk.evt
2014-06-09 10:55 - 2009-03-11 08:52 - 01843396 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-09 09:28 - 2009-03-11 09:00 - 00032312 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-09 07:47 - 2013-12-19 08:37 - 00000982 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-823518204-682003330-1005Core.job
2014-06-09 02:01 - 2014-06-02 17:14 - 00000000 ____D () C:\Documents and Settings\KlScSvc\Local Settings\Temp
2014-06-09 02:00 - 2014-06-07 02:00 - 00000000 ____D () C:\Documents and Settings\antcerm\Plocha\SC Backup
2014-06-09 02:00 - 2014-06-02 17:14 - 00000178 ___SH () C:\Documents and Settings\KlScSvc\ntuser.ini
2014-06-09 02:00 - 2014-06-02 17:14 - 00000178 ___SH () C:\Documents and Settings\KL-AK-94EAB09EF1B841\ntuser.ini
2014-06-08 21:00 - 2013-12-19 11:50 - 00069624 _____ () C:\Documents and Settings\antcerm\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2014-06-08 15:00 - 2014-03-12 09:00 - 00000220 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-06-07 00:10 - 2009-11-07 14:11 - 00000568 _____ () C:\WINDOWS\Tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job
2014-06-06 19:45 - 2014-06-06 16:30 - 3922624512 ____R () C:\Documents and Settings\antcerm\Plocha\DRP_14.6.iso
2014-06-06 16:29 - 2014-06-06 16:29 - 00000821 _____ () C:\Documents and Settings\antcerm\Nabídka Start\µTorrent.lnk
2014-06-06 16:29 - 2013-09-20 14:23 - 00000000 ____D () C:\Documents and Settings\antcerm\Plocha\Programy
2014-06-06 16:29 - 2009-03-11 09:43 - 00000000 __RHD () C:\Documents and Settings\antcerm\Data aplikací
2014-06-06 16:29 - 2009-03-11 09:43 - 00000000 ___RD () C:\Documents and Settings\antcerm\Nabídka Start
2014-06-06 16:02 - 2014-05-15 15:34 - 00000000 ____D () C:\Documents and Settings\antcerm\Plocha\ISO's
2014-06-06 15:57 - 2013-10-10 10:29 - 00000436 _____ () C:\Documents and Settings\antcerm\Plocha\Sdílené dokumenty.lnk
2014-06-06 15:56 - 2014-06-06 15:56 - 00000203 _____ () C:\Documents and Settings\All Users\Dokumenty\Update problem.bat
2014-06-06 15:56 - 2009-03-11 16:33 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty
2014-06-06 15:42 - 2013-09-24 12:30 - 00003857 _____ () C:\WINDOWS\WINCMD.INI
2014-06-06 14:49 - 2014-06-06 14:48 - 00000000 ____D () C:\Documents and Settings\All Users\Dokumenty\KAS
2014-06-06 14:31 - 2009-03-11 16:33 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-06-06 14:31 - 2009-03-11 16:33 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-06-05 14:56 - 2014-05-28 15:36 - 00000434 _____ () C:\Documents and Settings\antcerm\Plocha\Kaspersky + Office.txt
2014-06-05 14:52 - 2014-06-02 17:14 - 00000000 ____D () C:\Documents and Settings\KL-AK-94EAB09EF1B841\Local Settings\Temp
2014-06-05 14:05 - 2014-06-04 15:27 - 00000182 _____ () C:\Documents and Settings\All Users\Dokumenty\registr - listy.txt
2014-06-05 13:53 - 2013-12-20 10:15 - 00206014 _____ () C:\WINDOWS\setupapi.log
2014-06-05 13:48 - 2014-06-05 13:48 - 00002001 _____ () C:\Documents and Settings\antcerm\Plocha\Kaspersky Security Center.lnk
2014-06-03 16:17 - 2014-06-02 15:21 - 00000000 ____D () C:\Documents and Settings\All Users\Dokumenty\zálohy Outlook
2014-06-03 09:34 - 2013-12-30 21:53 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-06-03 03:00 - 2014-06-03 03:00 - 00297786 _____ () C:\WINDOWS\msxml4-KB2758694-enu.LOG
2014-06-02 17:28 - 2009-11-06 09:06 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-06-02 17:14 - 2014-06-02 17:14 - 00000000 ____D () C:\Documents and Settings\KlScSvc
2014-06-02 17:14 - 2014-06-02 17:14 - 00000000 ____D () C:\Documents and Settings\KL-AK-94EAB09EF1B841
2014-06-02 17:12 - 2014-06-02 17:12 - 00000000 ____D () C:\Program Files\Common Files\Cisco Systems
2014-06-02 17:12 - 2014-06-02 17:12 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Kaspersky Security Center
2014-06-02 17:12 - 2014-05-23 08:53 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2014-06-02 17:11 - 2014-06-02 17:11 - 00304516 _____ () C:\WINDOWS\msxml4-KB973685-enu.LOG
2014-06-02 17:11 - 2010-02-13 11:23 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-06-02 17:10 - 2013-11-12 10:47 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-06-02 17:10 - 2009-03-11 16:33 - 01562738 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-02 17:07 - 2014-04-09 12:26 - 00000000 ____D () C:\Documents and Settings\antcerm\Local Settings\Data aplikací\Microsoft_Corporation
2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\WINDOWS\system32\RsFx
2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Microsoft SQL Server 2008
2014-06-02 17:04 - 2014-06-02 16:58 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Microsoft SQL Server 2008 R2
2014-06-02 17:04 - 2013-08-27 17:35 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-06-02 17:04 - 2009-03-11 16:33 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-06-02 17:03 - 2009-03-11 16:24 - 00000000 ____D () C:\WINDOWS\system32\1033
2014-06-02 16:55 - 2014-05-23 08:40 - 00000789 _____ () C:\Documents and Settings\antcerm\rgut
2014-06-02 16:54 - 2014-03-12 09:00 - 00000226 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-06-02 16:54 - 2009-03-11 16:36 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-06-02 16:54 - 2009-03-11 16:36 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-06-02 16:54 - 2009-03-11 16:24 - 00000000 ____D () C:\WINDOWS\system32\ias
2014-06-02 16:54 - 2009-03-11 09:00 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-02 16:54 - 2008-04-14 14:00 - 00012598 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-02 16:53 - 2014-06-02 16:43 - 00014377 _____ () C:\WINDOWS\KB942288-v3.log
2014-06-02 16:53 - 2009-03-11 09:43 - 00000272 ___SH () C:\Documents and Settings\antcerm\ntuser.ini
2014-06-02 16:44 - 2014-06-02 16:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-06-02 16:44 - 2014-01-16 04:01 - 00085208 _____ () C:\WINDOWS\iis6.log
2014-06-02 16:44 - 2014-01-16 04:01 - 00080480 _____ () C:\WINDOWS\FaxSetup.log
2014-06-02 16:44 - 2014-01-16 04:01 - 00038428 _____ () C:\WINDOWS\ocgen.log
2014-06-02 16:44 - 2014-01-16 04:01 - 00036673 _____ () C:\WINDOWS\tsoc.log
2014-06-02 16:44 - 2014-01-16 04:01 - 00026478 _____ () C:\WINDOWS\comsetup.log
2014-06-02 16:44 - 2014-01-16 04:01 - 00024578 _____ () C:\WINDOWS\msmqinst.log
2014-06-02 16:44 - 2014-01-16 04:01 - 00016049 _____ () C:\WINDOWS\ntdtcsetup.log
2014-06-02 16:44 - 2014-01-16 04:01 - 00014079 _____ () C:\WINDOWS\netfxocm.log
2014-06-02 16:44 - 2014-01-16 04:01 - 00005525 _____ () C:\WINDOWS\MedCtrOC.log
2014-06-02 16:44 - 2014-01-16 04:01 - 00005018 _____ () C:\WINDOWS\ocmsn.log
2014-06-02 16:44 - 2014-01-16 04:01 - 00004043 _____ () C:\WINDOWS\tabletoc.log
2014-06-02 16:44 - 2014-01-16 04:01 - 00004017 _____ () C:\WINDOWS\msgsocm.log
2014-06-02 16:44 - 2014-01-16 04:01 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-06-02 16:44 - 2009-03-11 16:24 - 00000000 ____D () C:\WINDOWS\system32\mui
2014-06-02 16:44 - 2009-03-11 09:43 - 00000000 ____D () C:\Documents and Settings\antcerm
2014-06-02 16:36 - 2014-06-02 16:36 - 00000000 ____D () C:\ksc 10.1
2014-06-02 16:36 - 2014-06-02 16:36 - 00000000 ____D () C:\Documents and Settings\antcerm\Plocha\KSC 10.1
2014-06-02 16:35 - 2014-06-02 16:15 - 815695488 _____ (Kaspersky Lab) C:\Documents and Settings\antcerm\Plocha\ksc10.1.249.0cs.exe
2014-05-29 15:07 - 2014-05-29 15:01 - 00000104 _____ () C:\Documents and Settings\antcerm\Plocha\DYMO.txt
2014-05-29 15:01 - 2014-05-29 15:01 - 00000000 ____D () C:\Documents and Settings\antcerm\Plocha\Můňa
2014-05-29 10:28 - 2014-05-22 13:56 - 00000210 _____ () C:\Documents and Settings\All Users\Dokumenty\programy paní Kolářová.txt
2014-05-29 10:26 - 2014-05-29 09:13 - 00033280 ___SH () C:\Documents and Settings\All Users\Dokumenty\Thumbs.db
2014-05-27 13:27 - 2014-05-27 13:16 - 00000000 ____D () C:\Documents and Settings\All Users\Dokumenty\Powerkey - registr
2014-05-26 15:02 - 2009-03-11 09:43 - 00000000 ___HD () C:\Documents and Settings\antcerm\Okolní síť
2014-05-26 14:10 - 2014-05-26 14:10 - 00000000 ____D () C:\Documents and Settings\antcerm\Plocha\Mamka
2014-05-23 18:01 - 2014-02-26 10:15 - 00002433 _____ () C:\Documents and Settings\All Users\Plocha\Skype.lnk
2014-05-23 18:01 - 2014-02-26 10:15 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Skype
2014-05-23 18:01 - 2014-02-26 10:15 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Skype
2014-05-23 09:47 - 2014-05-23 09:47 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Kaspersky Endpoint Security 10 for Windows
2014-05-23 09:32 - 2014-05-23 09:32 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2014-05-23 08:53 - 2009-03-11 16:31 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-05-23 08:52 - 2014-05-23 08:52 - 00621664 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2014-05-23 08:52 - 2014-05-23 08:52 - 00078432 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys
2014-05-23 08:42 - 2014-05-23 08:42 - 00000003 _____ () C:\Documents and Settings\antcerm\stut
2014-05-23 08:42 - 2014-05-23 08:39 - 00000000 ____D () C:\Documents and Settings\antcerm\Local Settings\Data aplikací\Avg2013
2014-05-23 08:42 - 2012-03-28 06:41 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\MFAData
2014-05-23 08:42 - 2009-05-20 07:50 - 00000000 ____D () C:\Program Files\AVG
2014-05-23 08:40 - 2012-05-02 14:09 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-23 08:40 - 2011-05-23 06:51 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-05-23 08:39 - 2013-12-17 11:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-23 08:37 - 2014-05-23 08:37 - 00000270 _____ () C:\Documents and Settings\antcerm\Plocha\Změna názvu PC.txt
2014-05-22 16:22 - 2014-03-22 15:28 - 00000000 ____D () C:\Documents and Settings\All Users\Dokumenty\Programy
2014-05-22 16:19 - 2014-04-09 11:57 - 00000000 ____D () C:\Documents and Settings\All Users\Dokumenty\UPGRADE OS + OFFICE
2014-05-21 22:38 - 2014-05-21 22:26 - 570570144 _____ (Microsoft Corporation) C:\Documents and Settings\antcerm\Plocha\MS Office 2010 Czech 32bit.exe
2014-05-20 15:23 - 2014-05-20 15:16 - 00000000 ____D () C:\Program Files\Bootable USB Windows ( XP Vista Win 7) Maker 2011
2014-05-20 15:23 - 2009-03-11 09:43 - 00000000 ___RD () C:\Documents and Settings\antcerm\Nabídka Start\Programy
2014-05-20 15:16 - 2014-05-20 15:16 - 00000000 ____D () C:\WINDOWS\system32\bitstreams
2014-05-19 15:27 - 2014-05-19 15:19 - 00000000 ____D () C:\Documents and Settings\antcerm\Plocha\Záloha notebook ERIKA
2014-05-15 08:17 - 2014-05-15 08:12 - 00000000 ____D () C:\Documents and Settings\antcerm\Plocha\KA Select - licence+klíče
2014-05-15 08:17 - 2013-08-27 17:34 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2014-05-15 08:16 - 2013-08-14 10:59 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-15 08:15 - 2014-05-15 08:15 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 08:15 - 2009-05-20 07:24 - 90547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-14 14:43 - 2014-03-11 10:38 - 00000000 ____D () C:\Documents and Settings\antcerm\Dokumenty\Ašské služby
2014-05-14 14:17 - 2013-08-27 15:29 - 00002347 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Adobe Reader XI.lnk
2014-05-14 13:25 - 2014-05-14 13:23 - 00000000 ____D () C:\hp_CLJ_1600_Full_Solution
2014-05-14 13:24 - 2014-05-14 13:24 - 00000000 ____D () C:\Documents and Settings\antcerm\Data aplikací\HP
2014-05-14 13:24 - 2014-02-25 10:18 - 00000000 ____D () C:\Program Files\HP
2014-05-12 16:45 - 2014-01-08 11:02 - 00000000 ____D () C:\Documents and Settings\antcerm\Dokumenty\Ivan
2014-05-12 16:45 - 2009-03-11 09:43 - 00000000 ___RD () C:\Documents and Settings\antcerm\Dokumenty
2014-05-12 14:54 - 2014-05-12 14:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-12 14:50 - 2014-02-11 09:12 - 00000000 ____D () C:\Documents and Settings\antcerm\Dokumenty\PC
2014-05-12 14:38 - 2014-02-10 10:12 - 00012156 _____ () C:\WINDOWS\Wdf01009Inst.log
2014-05-12 14:38 - 2014-01-16 04:01 - 00004100 _____ () C:\WINDOWS\setupact.log
2014-05-12 11:38 - 2009-05-21 10:01 - 00000000 ____D () C:\Program Files\Aladdin
2014-05-12 11:38 - 2009-05-21 10:01 - 00000000 ____D () C:\Documents and Settings\antcerm\Nabídka Start\Programy\Aladdin

Some content of TEMP:
====================
C:\Documents and Settings\antcerm\Local Settings\Temp\BackupSetup.exe
C:\Documents and Settings\antcerm\Local Settings\Temp\ca_AC8.tmp.dll
C:\Documents and Settings\antcerm\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\antcerm\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\antcerm\Local Settings\Temp\nsf10C.tmp.exe
C:\Documents and Settings\antcerm\Local Settings\Temp\PIPInstaller_PTV_.exe
C:\Documents and Settings\antcerm\Local Settings\Temp\safeguard.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

#2 Příspěvek od **JaRon** » 09 čer 2014 14:08

ahoj
Tvorba fixlistu pro FRST

•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript nize

Kód: Vybrat vše

Start
HKLM\...\Run: [MSStp] => C:\WINDOWS\inf\msstp.vbe [1584 2014-03-05] ()
HKLM\...\Run: [mncqajeSrv] => C:\WINDOWS\system32\mncqaje.vbe [7670 2014-03-05] ()

Hosts:
CMD: shutdown /r /f /t 2
End

•Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

sorcer · #3 Příspěvek od **sorcer** » 09 čer 2014 14:29

Děkuji. Doplnil jsem do 1. příspěvku ještě nějaké info. Zřejmě je to skrytý Bitcoin miner....

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:09-06-2014 01
Ran by antcerm at 2014-06-09 15:21:21 Run:2
Running from C:\Documents and Settings\antcerm\Plocha
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [MSStp] => C:\WINDOWS\inf\msstp.vbe [1584 2014-03-05] ()
HKLM\...\Run: [mncqajeSrv] => C:\WINDOWS\system32\mncqaje.vbe [7670 2014-03-05] ()

Hosts:
CMD: shutdown /r /f /t 2
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSStp => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mncqajeSrv => Value not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========

========= End of CMD: =========

==== End of Fixlog ====

#4 Příspěvek od **JaRon** » 09 čer 2014 17:38

zopakuj akciu - dalsi script:

Kód: Vybrat vše

Start
2014-05-20 15:16 - 2014-03-05 23:19 - 00007670 ____S () C:\WINDOWS\system32\mncqaje.vbe
2014-05-20 15:16 - 2013-12-10 01:30 - 10236928 ____S () C:\WINDOWS\system32\acumncqaje.exe
2014-05-20 15:16 - 2013-10-26 21:30 - 00972814 ____S () C:\WINDOWS\system32\dcgmncqaje.exe
2014-05-20 15:16 - 2013-07-18 17:06 - 00187904 ____S () C:\WINDOWS\system32\lcpmncqaje.exe



Hosts:
CMD: shutdown /r /f /t 2
End

sorcer · #5 Příspěvek od **sorcer** » 09 čer 2014 20:10

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:09-06-2014 01
Ran by antcerm at 2014-06-09 21:08:45 Run:3
Running from C:\Documents and Settings\antcerm\Plocha
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
2014-05-20 15:16 - 2014-03-05 23:19 - 00007670 ____S () C:\WINDOWS\system32\mncqaje.vbe
2014-05-20 15:16 - 2013-12-10 01:30 - 10236928 ____S () C:\WINDOWS\system32\acumncqaje.exe
2014-05-20 15:16 - 2013-10-26 21:30 - 00972814 ____S () C:\WINDOWS\system32\dcgmncqaje.exe
2014-05-20 15:16 - 2013-07-18 17:06 - 00187904 ____S () C:\WINDOWS\system32\lcpmncqaje.exe

Hosts:
CMD: shutdown /r /f /t 2
End
*****************

C:\WINDOWS\system32\mncqaje.vbe => Moved successfully.
C:\WINDOWS\system32\acumncqaje.exe => Moved successfully.
C:\WINDOWS\system32\dcgmncqaje.exe => Moved successfully.
C:\WINDOWS\system32\lcpmncqaje.exe => Moved successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.

========= shutdown /r /f /t 2 =========

========= End of CMD: =========

==== End of Fixlog ====

#6 Příspěvek od **JaRon** » 10 čer 2014 06:08

fajn, vycisti PC s CCleanerom
restart - a napis ci su nejake problemy ?

sorcer · #7 Příspěvek od **sorcer** » 10 čer 2014 21:32

Nyní vše v pořádku, vřele děkuji.

Máte tušení, jakým způsobem se mohlo PC nakazit ?

#8 Příspěvek od **JaRon** » 11 čer 2014 06:14

rado sa stalo

ziskane asi na nejakej infikovanej stranke ,,,

VIRY.CZ

Prosím o kontrolu

Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu