ako odstrániť virut

Zpráva

milkasv · #1 Příspěvek od **milkasv** » 31 říj 2009 09:48

eset hlási stále 31. 10. 2009 5:34:41 Rezidentná ochrana súbor E:\System Volume Information\_restore{94753B3E-124E-4AE4-8A94-B8EA3B03CF9B}\RP22\A0010270.exe Win32/Virut.NBP vírus vyliečený - uložený do karantény NT AUTHORITY\SYSTEM Táto skutočnosť bola zistená pri pokuse o prístup k súboru aplikáciou: C:\WINDOWS\System32\svchost.exe. alebo 31. 10. 2009 6:22:41 Rezidentná ochrana súbor E:\System Volume Information\_restore{94753B3E-124E-4AE4-8A94-B8EA3B03CF9B}\RP22\A0010296.exe variant infiltrácie Win32/Injector.TM trójsky kôň vyliečený zmazaním - uložený do karantény NT AUTHORITY\SYSTEM Táto skutočnosť bola zistená na súbore, ktorý bol modifikovaný aplikáciou: C:\WINDOWS\System32\svchost.exe. mám tri disky c, e, f.
tu je log. ako to odstrániť. zatiaľ ďakujem. miky.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jožko at 2009-10-31 09:44:01
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 667 GB (93%) free of 715 GB
Total RAM: 3327 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:12, on 31. 10. 2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\instal\RSIT.exe
C:\Program Files\trend micro\Jožko.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE8D5548-E360-4227-8DC3-F70A3121639B}: NameServer = 217.119.117.28,217.119.113.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{FAB40884-47D3-4360-ADC3-25649E47705B}: NameServer = 217.119.117.28,217.119.113.244
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 6411 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
ToggleEN Toolbar - C:\Program Files\ToggleEN\tbTogg.dll [2009-07-02 2215960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{038cb5c7-48ea-4af9-94e0-a1646542e62b} - ToggleEN Toolbar - C:\Program Files\ToggleEN\tbTogg.dll [2009-07-02 2215960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-01-29 16859648]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-03-08 13680640]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-03-08 86016]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2007-12-21 1443072]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-25 149280]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]
"NPSStartup"= []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-09-20 202024]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-08-03 102400]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=55924053

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-10-31 08:57:20 ----D---- C:\WINDOWS\Minidump
2009-10-31 08:52:55 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-10-31 08:51:43 ----A---- C:\Boot.bak
2009-10-31 08:51:40 ----RASHD---- C:\cmdcons
2009-10-31 08:50:26 ----A---- C:\WINDOWS\zip.exe
2009-10-31 08:50:26 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-10-31 08:50:26 ----A---- C:\WINDOWS\SWSC.exe
2009-10-31 08:50:26 ----A---- C:\WINDOWS\SWREG.exe
2009-10-31 08:50:26 ----A---- C:\WINDOWS\sed.exe
2009-10-31 08:50:26 ----A---- C:\WINDOWS\PEV.exe
2009-10-31 08:50:26 ----A---- C:\WINDOWS\NIRCMD.exe
2009-10-31 08:50:26 ----A---- C:\WINDOWS\MBR.exe
2009-10-31 08:50:26 ----A---- C:\WINDOWS\grep.exe
2009-10-31 08:50:21 ----D---- C:\WINDOWS\ERDNT
2009-10-31 08:50:20 ----SD---- C:\ComboFix
2009-10-31 08:49:56 ----D---- C:\Qoobox
2009-10-30 11:47:02 ----SHD---- C:\WINDOWS\ftpcache
2009-10-30 11:46:54 ----A---- C:\WINDOWS\game.ini
2009-10-30 11:40:21 ----D---- C:\Program Files\Activision
2009-10-30 11:02:41 ----A---- C:\WINDOWS\system32\PAStiSvc.exe
2009-10-30 11:02:29 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-10-30 11:00:42 ----D---- C:\Documents and Settings\Jožko\Data aplikací\ArcSoft
2009-10-30 11:00:23 ----D---- C:\Program Files\Common Files\ArcSoft
2009-10-30 11:00:07 ----A---- C:\WINDOWS\PCDLIB32.DLL
2009-10-30 11:00:04 ----D---- C:\Program Files\ArcSoft
2009-10-30 10:57:53 ----D---- C:\WINDOWS\PixArt
2009-10-30 10:57:52 ----D---- C:\Program Files\Trust
2009-10-30 10:57:52 ----D---- C:\Program Files\Common Files\PCCamera
2009-10-30 10:29:22 ----D---- C:\Documents and Settings\Jožko\Data aplikací\skypePM
2009-10-30 10:27:30 ----D---- C:\Documents and Settings\Jožko\Data aplikací\Skype
2009-10-30 10:26:33 ----D---- C:\Program Files\Common Files\Skype
2009-10-30 10:26:30 ----RD---- C:\Program Files\Skype
2009-10-30 10:26:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2009-10-29 09:34:20 ----A---- C:\WINDOWS\system32\DIFxAPI.dll
2009-10-29 09:33:22 ----D---- C:\Program Files\MarkAny
2009-10-29 09:17:08 ----A---- C:\WINDOWS\system32\framedyn.dll
2009-10-29 08:34:57 ----D---- C:\Program Files\trend micro
2009-10-29 08:34:55 ----D---- C:\rsit
2009-10-28 10:45:35 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-10-28 10:45:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-10-28 10:01:44 ----D---- C:\Program Files\Panda Security
2009-10-28 09:31:01 ----D---- C:\WINDOWS\Sun
2009-10-27 21:59:32 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-10-27 10:14:01 ----D---- C:\Program Files\DVDFab 6
2009-10-27 09:22:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2009-10-27 09:04:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\vsosdk
2009-10-27 05:13:26 ----D---- C:\Downloads
2009-10-27 00:42:02 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-27 00:31:01 ----A---- C:\Documents and Settings\Jožko\Data aplikací\inst.exe
2009-10-27 00:31:00 ----D---- C:\Documents and Settings\Jožko\Data aplikací\Vso
2009-10-27 00:30:44 ----A---- C:\WINDOWS\system32\wvc1dmod.dll
2009-10-27 00:30:44 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2009-10-27 00:30:44 ----A---- C:\WINDOWS\system32\sipr3260.dll
2009-10-27 00:30:44 ----A---- C:\WINDOWS\system32\Pncrt.dll
2009-10-27 00:30:44 ----A---- C:\WINDOWS\system32\drv43260.dll
2009-10-27 00:30:44 ----A---- C:\WINDOWS\system32\drv33260.dll
2009-10-27 00:30:44 ----A---- C:\WINDOWS\system32\drv23260.dll
2009-10-27 00:30:44 ----A---- C:\WINDOWS\system32\cook3260.dll
2009-10-27 00:30:41 ----D---- C:\Program Files\VSO
2009-10-26 19:19:19 ----D---- C:\Documents and Settings\Jožko\Data aplikací\PC Suite
2009-10-26 19:19:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2009-10-26 19:12:51 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2009-10-26 19:12:25 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2009-10-26 19:12:24 ----D---- C:\Program Files\DIFX
2009-10-26 19:12:21 ----A---- C:\WINDOWS\system32\FsUsbExService.Exe
2009-10-26 19:12:21 ----A---- C:\WINDOWS\system32\FsUsbExDevice.Dll
2009-10-26 19:12:14 ----D---- C:\Documents and Settings\Jožko\Data aplikací\Samsung
2009-10-26 19:12:02 ----D---- C:\Program Files\PC Connectivity Solution
2009-10-26 19:11:41 ----D---- C:\Program Files\Samsung
2009-10-26 18:34:45 ----D---- C:\Documents and Settings\Jožko\Data aplikací\Nero
2009-10-26 18:34:33 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2009-10-26 18:32:56 ----D---- C:\Program Files\Nero
2009-10-26 18:32:56 ----D---- C:\Program Files\Common Files\Nero
2009-10-26 18:32:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2009-10-26 18:31:57 ----D---- C:\WINDOWS\RegisteredPackages
2009-10-26 18:31:26 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-10-26 18:31:25 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-10-26 18:05:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\FLEXnet
2009-10-26 17:56:29 ----D---- C:\Program Files\Adobe Media Player
2009-10-26 17:54:49 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-10-26 17:53:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2009-10-26 17:46:13 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-10-26 17:46:02 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-10-26 17:45:06 ----D---- C:\Program Files\Common Files\Adobe
2009-10-26 17:34:39 ----D---- C:\Documents and Settings\Jožko\Data aplikací\Canon
2009-10-26 17:32:25 ----A---- C:\WINDOWS\MAXLINK.INI
2009-10-26 17:32:24 ----D---- C:\Documents and Settings\Jožko\Data aplikací\ScanSoft
2009-10-26 17:32:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\InstallShield
2009-10-26 17:32:18 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2009-10-26 17:32:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\ScanSoft
2009-10-26 17:31:57 ----D---- C:\Program Files\ScanSoft
2009-10-26 17:29:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2009-10-26 17:27:00 ----D---- C:\Program Files\Common Files\CANON
2009-10-26 17:23:40 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
2009-10-26 17:23:33 ----A---- C:\WINDOWS\system32\CNMLM93.DLL
2009-10-26 17:23:29 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2009-10-26 17:23:21 ----A---- C:\WINDOWS\system32\CNC610O.DLL
2009-10-26 17:23:21 ----A---- C:\WINDOWS\system32\CNC610L.DLL
2009-10-26 17:23:20 ----A---- C:\WINDOWS\system32\CNC610I.DLL
2009-10-26 17:23:20 ----A---- C:\WINDOWS\system32\CNC610C.DLL
2009-10-26 17:23:07 ----HD---- C:\Program Files\CanonBJ
2009-10-26 17:22:11 ----D---- C:\Program Files\Canon
2009-10-26 14:59:49 ----D---- C:\Documents and Settings\Jožko\Data aplikací\SPORE
2009-10-26 14:59:01 ----RHD---- C:\Documents and Settings\Jožko\Data aplikací\SecuROM
2009-10-26 14:59:01 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-10-26 14:58:43 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-10-26 14:18:54 ----D---- C:\Documents and Settings\Jožko\Data aplikací\Macromedia
2009-10-26 14:18:54 ----D---- C:\Documents and Settings\Jožko\Data aplikací\Adobe
2009-10-26 12:59:07 ----D---- C:\Documents and Settings\Jožko\Data aplikací\WinRAR
2009-10-25 16:09:05 ----D---- C:\Documents and Settings\Jožko\Data aplikací\LimeWire
2009-10-25 16:08:39 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-25 16:08:39 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-25 16:08:39 ----A---- C:\WINDOWS\system32\java.exe
2009-10-25 16:08:39 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-25 16:08:30 ----D---- C:\Program Files\Java
2009-10-25 15:53:09 ----D---- C:\Documents and Settings\Jožko\Data aplikací\Sun
2009-10-25 14:21:57 ----D---- C:\WINDOWS\system32\AGEIA
2009-10-25 14:21:57 ----D---- C:\Program Files\AGEIA Technologies
2009-10-25 14:21:36 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-10-25 14:19:09 ----A---- C:\WINDOWS\CD-Start.INI
2009-10-25 14:01:09 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2009-10-25 14:01:08 ----D---- C:\Program Files\Microsoft WSE
2009-10-25 13:59:03 ----RSD---- C:\WINDOWS\assembly
2009-10-25 13:58:43 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-25 13:58:26 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-10-25 13:58:24 ----D---- C:\WINDOWS\Logs
2009-10-25 13:55:45 ----D---- C:\Program Files\Electronic Arts
2009-10-25 13:53:42 ----D---- C:\Program Files\D-Tools
2009-10-25 13:53:33 ----D---- C:\WINDOWS\Downloaded Installations
2009-10-25 13:48:16 ----D---- C:\Program Files\Conduit
2009-10-25 13:48:15 ----D---- C:\Program Files\ToggleEN
2009-10-25 13:47:24 ----D---- C:\Program Files\WinRAR
2009-10-25 13:37:10 ----D---- C:\Documents and Settings\Jožko\Data aplikací\Mozilla
2009-10-25 13:36:55 ----D---- C:\Program Files\Mozilla Firefox
2009-10-25 12:58:44 ----A---- C:\WINDOWS\system32\h323log.txt
2009-10-25 12:53:24 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-10-25 12:52:11 ----A---- C:\WINDOWS\system32\usbui.dll
2009-10-25 12:51:03 ----A---- C:\WINDOWS\imsins.BAK
2009-10-25 12:51:01 ----SHD---- C:\WINDOWS\Installer
2009-10-25 12:51:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-25 12:51:00 ----D---- C:\Program Files\Common Files\ODBC
2009-10-25 12:51:00 ----A---- C:\WINDOWS\ODBCINST.INI
2009-10-25 12:50:57 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-10-25 12:50:56 ----RD---- C:\Program Files
2009-10-25 12:50:56 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-10-25 12:50:56 ----D---- C:\Program Files\Common Files
2009-10-25 12:50:52 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-10-25 12:50:52 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-10-25 12:50:52 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-10-25 12:50:50 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-10-25 12:50:50 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-10-25 12:50:50 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-10-25 12:50:50 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-10-25 12:50:50 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-10-25 12:50:49 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-10-25 12:50:49 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-10-25 12:50:49 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-10-25 12:50:49 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-10-25 12:50:49 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-10-25 12:50:49 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-10-25 12:50:49 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-10-25 12:50:47 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-10-25 12:50:47 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-10-25 12:50:47 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-10-25 12:50:47 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-10-25 12:50:47 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-10-25 12:50:47 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-10-25 12:50:46 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-10-25 12:50:45 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-10-25 12:50:45 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-10-25 12:50:44 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-10-25 12:50:44 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-10-25 12:50:44 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-10-25 12:50:40 ----A---- C:\WINDOWS\system32\kbdycl.dll
2009-10-25 12:50:40 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2009-10-25 12:50:40 ----A---- C:\WINDOWS\system32\kbdsl.dll
2009-10-25 12:50:40 ----A---- C:\WINDOWS\system32\kbdro.dll
2009-10-25 12:50:40 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2009-10-25 12:50:40 ----A---- C:\WINDOWS\system32\kbdpl.dll
2009-10-25 12:50:40 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2009-10-25 12:50:40 ----A---- C:\WINDOWS\system32\kbdhu.dll
2009-10-25 12:50:40 ----A---- C:\WINDOWS\system32\kbdcr.dll
2009-10-25 12:50:40 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2009-10-25 12:50:39 ----A---- C:\WINDOWS\system32\irclass.dll
2009-10-25 12:50:39 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-10-25 12:50:38 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-10-25 12:50:38 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-10-25 12:50:38 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-10-25 12:50:36 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-10-25 12:50:35 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-10-25 12:50:35 ----A---- C:\WINDOWS\system32\batt.dll
2009-10-25 12:50:34 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-10-25 12:50:33 ----A---- C:\WINDOWS\system32\storprop.dll
2009-10-25 12:50:26 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2009-10-25 12:50:21 ----RA---- C:\WINDOWS\SET8.tmp
2009-10-25 12:50:18 ----RA---- C:\WINDOWS\SET4.tmp
2009-10-25 12:50:17 ----RA---- C:\WINDOWS\SET3.tmp
2009-10-25 12:50:13 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-25 12:50:13 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-25 12:50:07 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2009-10-25 12:49:10 ----A---- C:\WINDOWS\setuplog.txt
2009-10-25 12:49:07 ----SHD---- C:\System Volume Information
2009-10-25 12:49:07 ----D---- C:\Documents and Settings
2009-10-25 12:48:06 ----RASH---- C:\boot.ini
2009-10-25 12:42:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-25 12:42:40 ----RSD---- C:\WINDOWS\Fonts
2009-10-25 12:42:40 ----RD---- C:\WINDOWS\Web
2009-10-25 12:42:40 ----HD---- C:\WINDOWS\inf
2009-10-25 12:42:40 ----D---- C:\WINDOWS\WinSxS
2009-10-25 12:42:40 ----D---- C:\WINDOWS\twain_32
2009-10-25 12:42:40 ----D---- C:\WINDOWS\Temp
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\wins
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\wbem
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\usmt
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\spool
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\ShellExt
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\Setup
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\ras
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\oobe
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\npp
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\mui
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\inetsrv
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\IME
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\icsxml
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\ias
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\export
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\drivers
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\dhcp
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\config
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\3com_dmi
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\3076
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\2052
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\1054
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\1042
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\1041
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\1037
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\1033
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\1031
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\1029
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\1028
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32\1025
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system32
2009-10-25 12:42:40 ----D---- C:\WINDOWS\system
2009-10-25 12:42:40 ----D---- C:\WINDOWS\security
2009-10-25 12:42:40 ----D---- C:\WINDOWS\Resources
2009-10-25 12:42:40 ----D---- C:\WINDOWS\repair
2009-10-25 12:42:40 ----D---- C:\WINDOWS\Provisioning
2009-10-25 12:42:40 ----D---- C:\WINDOWS\pchealth
2009-10-25 12:42:40 ----D---- C:\WINDOWS\PeerNet
2009-10-25 12:42:40 ----D---- C:\WINDOWS\mui
2009-10-25 12:42:40 ----D---- C:\WINDOWS\msapps
2009-10-25 12:42:40 ----D---- C:\WINDOWS\msagent
2009-10-25 12:42:40 ----D---- C:\WINDOWS\Media
2009-10-25 12:42:40 ----D---- C:\WINDOWS\java
2009-10-25 12:42:40 ----D---- C:\WINDOWS\ime
2009-10-25 12:42:40 ----D---- C:\WINDOWS\Help
2009-10-25 12:42:40 ----D---- C:\WINDOWS\ehome
2009-10-25 12:42:40 ----D---- C:\WINDOWS\Driver Cache
2009-10-25 12:42:40 ----D---- C:\WINDOWS\Debug
2009-10-25 12:42:40 ----D---- C:\WINDOWS\Cursors
2009-10-25 12:42:40 ----D---- C:\WINDOWS\Connection Wizard
2009-10-25 12:42:40 ----D---- C:\WINDOWS\Config
2009-10-25 12:42:40 ----D---- C:\WINDOWS\AppPatch
2009-10-25 12:42:40 ----D---- C:\WINDOWS\addins
2009-10-25 12:42:40 ----D---- C:\WINDOWS
2009-10-25 12:40:28 ----D---- C:\Documents and Settings\Jožko\Data aplikací\ESET
2009-10-25 12:39:46 ----D---- C:\Program Files\ESET
2009-10-25 12:39:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2009-10-25 12:30:24 ----D---- C:\WINDOWS\nview
2009-10-25 12:30:24 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-10-25 12:29:51 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-10-25 12:28:34 ----D---- C:\WINDOWS\system32\Lang
2009-10-25 12:26:35 ----R---- C:\WINDOWS\system32\ChCfg.exe
2009-10-25 12:26:21 ----D---- C:\WINDOWS\system32\RTCOM
2009-10-25 12:26:19 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-10-25 12:25:50 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-10-25 12:25:49 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2009-10-25 12:25:46 ----R---- C:\WINDOWS\SoundMan.exe
2009-10-25 12:25:46 ----R---- C:\WINDOWS\SkyTel.exe
2009-10-25 12:25:45 ----R---- C:\WINDOWS\RtlUpd.exe
2009-10-25 12:25:43 ----R---- C:\WINDOWS\RTLCPL.exe
2009-10-25 12:25:38 ----R---- C:\WINDOWS\RTHDCPL.exe
2009-10-25 12:25:37 ----R---- C:\WINDOWS\MicCal.exe
2009-10-25 12:25:34 ----R---- C:\WINDOWS\alcwzrd.exe
2009-10-25 12:25:34 ----R---- C:\WINDOWS\Alcmtr.exe
2009-10-25 12:25:33 ----D---- C:\Program Files\Realtek
2009-10-25 12:25:32 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-25 12:25:25 ----R---- C:\WINDOWS\RtlExUpd.dll
2009-10-25 12:25:25 ----A---- C:\WINDOWS\HideWin.exe
2009-10-25 12:25:21 ----D---- C:\Program Files\Common Files\InstallShield
2009-10-25 12:18:49 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-10-25 12:18:47 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-25 12:18:47 ----D---- C:\Program Files\Intel
2009-10-25 12:18:47 ----A---- C:\WINDOWS\system32\CSVer.dll
2009-10-25 12:18:15 ----D---- C:\Intel
2009-10-25 12:13:10 ----SHD---- C:\RECYCLER
2009-10-25 12:12:20 ----D---- C:\Documents and Settings\Jožko\Data aplikací\Identities
2009-10-25 12:12:19 ----HD---- C:\Program Files\Uninstall Information
2009-10-25 12:12:13 ----ASH---- C:\Documents and Settings\Jožko\Data aplikací\desktop.ini
2009-10-25 12:12:12 ----SD---- C:\Documents and Settings\Jožko\Data aplikací\Microsoft
2009-10-25 12:11:16 ----D---- C:\WINDOWS\SoftwareDistribution
2009-10-25 12:11:15 ----SD---- C:\WINDOWS\system32\Microsoft
2009-10-25 12:11:15 ----D---- C:\WINDOWS\Prefetch
2009-10-25 12:11:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-25 12:08:20 ----D---- C:\WINDOWS\system32\xircom
2009-10-25 12:08:20 ----D---- C:\Program Files\xerox
2009-10-25 12:08:20 ----D---- C:\Program Files\microsoft frontpage
2009-10-25 12:08:04 ----A---- C:\WINDOWS\control.ini
2009-10-25 12:08:04 ----A---- C:\AUTOEXEC.BAT
2009-10-25 12:07:54 ----A---- C:\WINDOWS\OEWABLog.txt
2009-10-25 12:07:51 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-10-25 12:07:06 ----RD---- C:\WINDOWS\Offline Web Pages
2009-10-25 12:07:05 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-25 12:07:05 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-10-25 12:07:00 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-10-25 12:06:56 ----HD---- C:\Program Files\WindowsUpdate
2009-10-25 12:06:52 ----D---- C:\Program Files\Online Services
2009-10-25 12:06:33 ----D---- C:\WINDOWS\system32\DirectX
2009-10-25 12:06:07 ----A---- C:\WINDOWS\system32\atrace.dll
2009-10-25 12:06:04 ----A---- C:\WINDOWS\system32\desktop.ini
2009-10-25 12:06:04 ----A---- C:\WINDOWS\desktop.ini
2009-10-25 12:05:56 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-10-25 12:05:55 ----A---- C:\WINDOWS\system32\acctres.dll
2009-10-25 12:05:54 ----D---- C:\Program Files\Common Files\Services
2009-10-25 12:05:50 ----SD---- C:\WINDOWS\Tasks
2009-10-25 12:05:50 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-10-25 12:05:49 ----D---- C:\Program Files\Common Files\MSSoap
2009-10-25 12:05:44 ----D---- C:\WINDOWS\srchasst
2009-10-25 12:05:43 ----D---- C:\WINDOWS\system32\Macromed
2009-10-25 12:05:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-10-25 12:05:40 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-10-25 12:05:39 ----A---- C:\WINDOWS\system32\wups.dll
2009-10-25 12:05:39 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-10-25 12:05:39 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-10-25 12:05:39 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-10-25 12:05:39 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-10-25 12:05:39 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-10-25 12:05:38 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-10-25 12:05:38 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-10-25 12:05:38 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-10-25 12:05:38 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-10-25 12:05:38 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-10-25 12:05:33 ----D---- C:\Program Files\Movie Maker
2009-10-25 12:05:28 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-10-25 12:05:28 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-10-25 12:05:28 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-10-25 12:05:28 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-10-25 12:05:24 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-10-25 12:05:24 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-10-25 12:05:23 ----D---- C:\WINDOWS\system32\Restore
2009-10-25 12:05:23 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-10-25 12:05:23 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-10-25 12:05:23 ----A---- C:\WINDOWS\system32\srclient.dll
2009-10-25 12:05:22 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-10-25 12:05:22 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-10-25 12:05:22 ----A---- C:\WINDOWS\system32\ils.dll
2009-10-25 12:05:21 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-10-25 12:05:21 ----A---- C:\WINDOWS\system32\msconf.dll
2009-10-25 12:05:21 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-10-25 12:05:18 ----D---- C:\Program Files\NetMeeting
2009-10-25 12:05:18 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-10-25 12:05:17 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-10-25 12:05:16 ----A---- C:\WINDOWS\system32\inetres.dll
2009-10-25 12:05:16 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-10-25 12:05:13 ----D---- C:\Program Files\Outlook Express
2009-10-25 12:05:13 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-10-25 12:05:13 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-10-25 12:05:13 ----A---- C:\WINDOWS\system32\mstask.dll
2009-10-25 12:05:13 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-10-25 12:05:12 ----A---- C:\WINDOWS\system32\isign32.dll
2009-10-25 12:05:12 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-10-25 12:05:12 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-10-25 12:05:05 ----D---- C:\Program Files\Common Files\System
2009-10-25 12:05:04 ----D---- C:\Program Files\Internet Explorer
2009-10-25 12:04:31 ----D---- C:\Program Files\ComPlus Applications
2009-10-25 12:04:29 ----A---- C:\WINDOWS\vbaddin.ini
2009-10-25 12:04:29 ----A---- C:\WINDOWS\vb.ini
2009-10-25 12:04:25 ----D---- C:\WINDOWS\Registration
2009-10-25 12:04:18 ----D---- C:\Program Files\Windows Media Player
2009-10-25 12:04:11 ----D---- C:\Program Files\Messenger
2009-10-25 12:04:06 ----D---- C:\Program Files\MSN Gaming Zone
2009-10-25 12:04:06 ----A---- C:\WINDOWS\system32\write.exe
2009-10-25 12:03:54 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-10-25 12:03:54 ----A---- C:\WINDOWS\system32\hticons.dll
2009-10-25 12:03:54 ----A---- C:\WINDOWS\system32\avwav.dll
2009-10-25 12:03:54 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-10-25 12:03:54 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-10-25 12:03:53 ----A---- C:\WINDOWS\system32\winchat.exe
2009-10-25 12:03:44 ----A---- C:\WINDOWS\system32\charmap.exe
2009-10-25 12:03:44 ----A---- C:\WINDOWS\system32\getuname.dll
2009-10-25 12:03:44 ----A---- C:\WINDOWS\system32\calc.exe
2009-10-25 12:03:43 ----A---- C:\WINDOWS\system32\winmine.exe
2009-10-25 12:03:43 ----A---- C:\WINDOWS\system32\sol.exe
2009-10-25 12:03:43 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-10-25 12:03:42 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-10-25 12:03:42 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-10-25 12:03:42 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-10-25 12:03:42 ----A---- C:\WINDOWS\system32\tskill.exe
2009-10-25 12:03:42 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-10-25 12:03:42 ----A---- C:\WINDOWS\system32\tscon.exe
2009-10-25 12:03:42 ----A---- C:\WINDOWS\system32\reset.exe
2009-10-25 12:03:42 ----A---- C:\WINDOWS\system32\freecell.exe
2009-10-25 12:03:41 ----A---- C:\WINDOWS\system32\shadow.exe
2009-10-25 12:03:41 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-10-25 12:03:41 ----A---- C:\WINDOWS\system32\regini.exe
2009-10-25 12:03:41 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-10-25 12:03:41 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-10-25 12:03:41 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-10-25 12:03:41 ----A---- C:\WINDOWS\system32\msg.exe
2009-10-25 12:03:41 ----A---- C:\WINDOWS\system32\logoff.exe
2009-10-25 12:03:41 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-10-25 12:03:40 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-10-25 12:03:39 ----A---- C:\WINDOWS\system32\stclient.dll
2009-10-25 12:03:39 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-10-25 12:03:39 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-10-25 12:03:39 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-10-25 12:03:39 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-10-25 12:03:39 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-10-25 12:03:39 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-10-25 12:03:38 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-10-25 12:03:32 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-10-25 12:03:31 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-10-25 12:03:31 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-10-25 12:03:30 ----D---- C:\Program Files\Windows NT
2009-10-25 12:03:30 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-10-25 12:03:30 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-10-25 12:03:29 ----A---- C:\WINDOWS\system32\spider.exe
2009-10-25 12:03:29 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-10-25 12:03:29 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-10-25 12:03:28 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-10-25 12:03:28 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-10-25 12:03:28 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-10-25 12:03:27 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-10-25 12:03:27 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-10-25 12:03:27 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-10-25 12:03:27 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-10-25 12:03:27 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-10-25 12:03:27 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-10-25 12:03:26 ----D---- C:\WINDOWS\system32\MsDtc
2009-10-25 12:03:26 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-10-25 12:03:26 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-10-25 12:03:26 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-10-25 12:03:26 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-10-25 12:03:26 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-10-25 12:03:26 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-10-25 12:03:26 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-10-25 12:03:26 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-10-25 12:03:25 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-10-25 12:03:25 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-10-25 12:03:25 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-10-25 12:03:25 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-10-25 12:03:24 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-10-25 12:03:24 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-10-25 12:03:23 ----D---- C:\WINDOWS\system32\Com
2009-10-25 12:03:23 ----A---- C:\WINDOWS\system32\colbact.dll
2009-10-25 12:03:23 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-10-25 12:03:23 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-10-25 12:03:23 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-10-25 12:03:23 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-10-25 12:03:22 ----A---- C:\WINDOWS\system32\comuid.dll
2009-10-25 12:03:22 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-10-25 12:03:21 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-10-25 12:03:13 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-10-25 12:03:13 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-10-25 12:03:13 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-10-25 12:03:13 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2009-10-30 11:02:15 ----A---- C:\WINDOWS\win.ini
2009-10-25 12:50:55 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2007-12-21 53768]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-10-29 5632]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2007-12-21 71176]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2007-12-21 30728]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-01-30 4725760]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-03-08 6288672]
R3 PAC207;Trust WB-1400T Webcam; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-10-27 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\JOKO~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-08-03 233472]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-25 153376]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-03-08 163908]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2007-12-21 19200]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]

-----------------EOF-----------------

#2 Příspěvek od **motji** » 31 říj 2009 10:01

Hezké dopoledne

Combofix se provedl? Můžu vidět log?

Klikněte mi do podpisu na SVI a podle návodu zapněte a vypněte obnovu systému, někdy se tam viry schovávají

Dejte soubor otestovat na http://www.virustotal.com
c:\windows\system32\lsass.exe
c:\windows\system32\spoolsv.exe
c:\windows\system32\svchost.exe
c:\windows\system32\winlogon.exe
c:\windows\explorer.exe
c:\windows\system32\services.exe

Udělejte kompletní scan pomocí AVPTool[/b] - http://www.viry.cz/forum/viewtopic.php?f=29&t=58179,
- vše nechte léčit, obsah logu dle návodu vložte zde.
-sken může tvrvat několik hodin

A budeme doufát, že virut není rozlezlý, jinak je to na formát

.

Virut je potvůrka napadající všechny spustitelné soubory, exe, scr, htm...a systémové soubory. Připojuje se k IRC siti.Je možné ho na dálku ovládat.Virus hledá spustitelné soubory exe,src.Spustitelné soubory virus infikuje připojením svého kódu k poslední sekci. Hostitelský soubor modifikuje tak, ze před během původního kódu se spustí virus.Dokáže se aktualizovat anebo spustit libovolný soubor.

edit/
dívám se že máte 3 disky, nechte zkontrolovat všechny 3 Avptoolem.

Předtím převezměte práva nad složkami SVI takto a smažte je:

1. Start --> Ovládací panely --> Možnosti složky --> karta Zobrazeni --> odstranit zatržitko u "Použít zjednodušené sdilení souborů (doporučeno)",
- dále přidat zatržítko k "Zobrazovat skryté soubory a složky"

2. Start --> Spustit --> vepsat a potvrdit enter: cmd --> do spuštěného okna vepsat a potvrdit enter: cacls "E:\System Volume Information" /T /E /G "název účtu s admin právy":F
(tzn. pokud máte na svém pc napr. účet s admin právy "Hanzal", bude přikaz vypadat takto: cacls "F:\System Volume Information" /T /E /G "Hanzal":F)
, měšní se pouze na začátku písmenko u disku a název učtu)

teď se lze do složky E:\System Volume Information dostat,
zkuste složky a soubory v ní smazat ručně

milkasv · #3 Příspěvek od **milkasv** » 31 říj 2009 10:03

ja som tu už pred dvoma dňami dala log a bolo mi poradené urobiť combofix. až dnes som sa k tomu dostala a spravila. ale combo fix mi niečo stiahol lebo som to nemala a oskenoval. ale nemám nikde log,aj keď som dala hľadať. akurát mi na c: urobilo zložku combofix ktorá ma ikonu tento počítač. keď na ňu poťukám, tak mi otvorí normálne ako tento počítač. a ked reštartoval tak pri nabiehaní s´boli dve možnosti spustiť windows alebo nejakú konzolu zotavenia či čo, lebo sa to nedalo prečítať, lebo to hneď spustilo windows. nečakalo čo zvolím. zatiaľ ďakujem.

#4 Příspěvek od **motji** » 31 říj 2009 10:11

to je konzole zotavení, tu tam zatím nechte.

Start -> Spustit -> napište

notepad "C:\ComboFix.txt"

Enter.
-log vložte zde.

Zatím otestujte Ty systémové soubory, pak uvidíme co dál

.
Zeditovala jsem první příspěvek, je tam návod, jak převzít práva nad složkou z jiného disku, kdyby jste tomu nerozuměla, napište.

milkasv · #5 Příspěvek od **milkasv** » 31 říj 2009 11:31

urobila som to tak ale ten súbor combofix.txt napíše, že nelze najít.
dala som skntrolovať tie súbory a tu je výsledok. teraz idem dať kontrolovať AVPTool. potom dam log. len neviem či ešte dať raz kontrolovať combofixom. dik.

milkasv · #6 Příspěvek od **milkasv** » 31 říj 2009 11:33

zabudla som dať tie výsledky. tu sú.

c:\windows\system32\spoolsv.exe

Antivirus Version Last Update Result
a-squared 4.5.0.41 2009.10.31 -
AhnLab-V3 5.0.0.2 2009.10.30 -
AntiVir 7.9.1.53 2009.10.30 -
Antiy-AVL 2.0.3.7 2009.10.30 -
Authentium 5.1.2.4 2009.10.31 -
Avast 4.8.1351.0 2009.10.30 -
AVG 8.5.0.423 2009.10.31 -
BitDefender 7.2 2009.10.31 -
CAT-QuickHeal 10.00 2009.10.31 -
ClamAV 0.94.1 2009.10.31 -
Comodo 2790 2009.10.31 -
DrWeb 5.0.0.12182 2009.10.31 -
eSafe 7.0.17.0 2009.10.29 -
eTrust-Vet 35.1.7094 2009.10.30 -
F-Prot 4.5.1.85 2009.10.31 -
F-Secure 9.0.15370.0 2009.10.30 -
Fortinet 3.120.0.0 2009.10.31 -
GData 19 2009.10.31 -
Ikarus T3.1.1.72.0 2009.10.31 -
Jiangmin 11.0.800 2009.10.31 -
K7AntiVirus 7.10.884 2009.10.30 -
Kaspersky 7.0.0.125 2009.10.31 -
McAfee 5787 2009.10.30 -
McAfee+Artemis 5787 2009.10.30 -
McAfee-GW-Edition 6.8.5 2009.10.31 Heuristic.LooksLike.Trojan.PePatch.L
Microsoft 1.5202 2009.10.31 -
NOD32 4559 2009.10.30 -
Norman 6.03.02 2009.10.30 -
nProtect 2009.1.8.0 2009.10.31 -
Panda 10.0.2.2 2009.10.30 -
PCTools 7.0.3.5 2009.10.30 -
Prevx 3.0 2009.10.31 -
Rising 21.53.52.00 2009.10.31 -
Sophos 4.47.0 2009.10.31 -
Sunbelt 3.2.1858.2 2009.10.30 -
Symantec 1.4.4.12 2009.10.31 -
TheHacker 6.5.0.2.056 2009.10.28 -
TrendMicro 8.950.0.1094 2009.10.31 -
VBA32 3.12.10.11 2009.10.30 -
ViRobot 2009.10.31.2015 2009.10.31 -
VirusBuster 4.6.5.0 2009.10.30 -
Additional information
File size: 57856 bytes
MD5...: 21b6faa88044a41640e03ebb68be93e8
SHA1..: 5fa21fc2e2a5f38b45e650ba5eef1dcc312b8bee
SHA256: 4afdc909787a5b0f848a714972fc42e3385e6a4d3e97a0498c9ed69b9c3d75c1
ssdeep: 768:1ZM9EWlrVpYFtRtCqMQK0rWcSHhoJxWxDV3D+JMdbug/zUG9Jigo:1Z0PYFt
RtCbQK0rpH6VygrUGGgo
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x637a
timedatestamp.....: 0x41107eb4 (Wed Aug 04 06:14:12 2004)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xba30 0xbc00 5.96 ec60e07aa033a1691ce70965d0267501
.data 0xd000 0x138c 0x1400 2.23 c5a21bf1e7d86df2c21db3ef5c7e28ac
.rsrc 0xf000 0xc78 0xe00 6.19 379eff6fefd381cd4ad70f1dde3b3161

( 6 imports )
> msvcrt.dll: __initenv, _exit, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, _XcptFilter, wcsrchr, wcslen, _c_exit, _stricmp, _wcsnicmp, _except_handler3
> ADVAPI32.dll: SetServiceStatus, RegQueryValueExW, AllocateAndInitializeSid, FreeSid, InitializeSecurityDescriptor, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, GetLengthSid, InitializeAcl, AddAccessAllowedAce, AddAccessDeniedAce, GetAce, SetSecurityDescriptorDacl, GetSecurityDescriptorLength, MakeSelfRelativeSD, RegDisablePredefinedCache, RegOpenKeyExW, RegCloseKey, RegisterServiceCtrlHandlerExW, StartServiceCtrlDispatcherW
> KERNEL32.dll: GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, GetCurrentProcessId, SetUnhandledExceptionFilter, GetModuleHandleA, GetCurrentThreadId, GetTickCount, UnhandledExceptionFilter, QueryPerformanceCounter, FreeLibrary, InterlockedExchange, GetModuleHandleW, GetLastError, ExitThread, CloseHandle, WaitForSingleObject, CreateEventW, CreateThread, ExitProcess, Sleep, OpenEventW, LoadLibraryA, InitializeCriticalSection, LocalFree, LocalAlloc, SetEvent, LeaveCriticalSection, EnterCriticalSection, SetLastError, OpenProcess, InterlockedIncrement, RaiseException, InterlockedDecrement, GetProcAddress, GetSystemDirectoryW
> GDI32.dll: bMakePathNameW, GdiInitSpool, GdiGetSpoolMessage
> RPCRT4.dll: RpcServerRegisterIf2, I_RpcBindingIsClientLocal, I_RpcSessionStrictContextHandle, RpcRaiseException, RpcImpersonateClient, RpcRevertToSelf, NdrServerCall2, RpcServerUseProtseqEpA, I_RpcSsDontSerializeContext, RpcMgmtSetServerStackSize, RpcServerListen
> ntdll.dll: RtlValidRelativeSecurityDescriptor

( 12 exports )
YDriverUnloadComplete, YEndDocPrinter, YFlushPrinter, YGetPrinter, YGetPrinterDriver2, YGetPrinterDriverDirectory, YReadPrinter, YSeekPrinter, YSetJob, YSetPort, YSplReadPrinter, YWritePrinter
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Spooler SubSystem App
original name: spoolsv.exe
internal name: spoolsv.exe
file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

c:\windows\system32\winlogon.exe

Antivirus Version Last Update Result
a-squared 4.5.0.41 2009.10.31 -
AhnLab-V3 5.0.0.2 2009.10.30 -
AntiVir 7.9.1.53 2009.10.30 -
Antiy-AVL 2.0.3.7 2009.10.30 Trojan/Win32.Patched.gen
Authentium 5.1.2.4 2009.10.31 -
Avast 4.8.1351.0 2009.10.30 -
AVG 8.5.0.423 2009.10.31 -
BitDefender 7.2 2009.10.31 -
CAT-QuickHeal 10.00 2009.10.31 -
ClamAV 0.94.1 2009.10.31 -
Comodo 2790 2009.10.31 -
DrWeb 5.0.0.12182 2009.10.31 -
eSafe 7.0.17.0 2009.10.29 Win32.Agent.ha
eTrust-Vet 35.1.7094 2009.10.30 -
F-Prot 4.5.1.85 2009.10.31 -
F-Secure 9.0.15370.0 2009.10.30 -
Fortinet 3.120.0.0 2009.10.31 -
GData 19 2009.10.31 -
Ikarus T3.1.1.72.0 2009.10.31 -
Jiangmin 11.0.800 2009.10.31 -
K7AntiVirus 7.10.884 2009.10.30 -
Kaspersky 7.0.0.125 2009.10.31 -
McAfee 5787 2009.10.30 -
McAfee+Artemis 5787 2009.10.30 -
McAfee-GW-Edition 6.8.5 2009.10.31 -
Microsoft 1.5202 2009.10.31 -
NOD32 4559 2009.10.30 -
Norman 6.03.02 2009.10.30 -
nProtect 2009.1.8.0 2009.10.31 -
Panda 10.0.2.2 2009.10.30 -
PCTools 7.0.3.5 2009.10.30 -
Prevx 3.0 2009.10.31 -
Rising 21.53.52.00 2009.10.31 -
Sophos 4.47.0 2009.10.31 -
Sunbelt 3.2.1858.2 2009.10.30 -
Symantec 1.4.4.12 2009.10.31 -
TheHacker 6.5.0.2.056 2009.10.28 -
TrendMicro 8.950.0.1094 2009.10.31 -
VBA32 3.12.10.11 2009.10.30 -
ViRobot 2009.10.31.2015 2009.10.31 -
VirusBuster 4.6.5.0 2009.10.30 -
Additional information
File size: 502272 bytes
MD5...: 221c29ae1b4cc61d11d8b27de78b2307
SHA1..: b88e9fc2e1205559e3fc8c3b562ec45b56bb2595
SHA256: 70f824164fc862aaaf740dee7d6f77f78d51a27ee1caec344a203f58b7dddbaa
ssdeep: 6144:LYuZlm8LRlBw662R1pqrc7FmxSqVw/T+SN1TrSnmhPnpdcrFIzdFz/N5Wjy
fTNQb:LVLBhic7Qy1vSneJFDNhp81
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3d353
timedatestamp.....: 0x41107edc (Wed Aug 04 06:14:52 2004)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6f288 0x6f400 6.82 f2a1a72e8c281afe4b8a0661ce10d471
.data 0x71000 0x4d90 0x2000 6.20 baa64d00a5f8a540a38a60d2aff66f30
.rsrc 0x76000 0x9038 0x9200 3.96 086018373f540a35dad6a9a2cc53be93

( 20 imports )
> ADVAPI32.dll: ConvertStringSecurityDescriptorToSecurityDescriptorA, A_SHAInit, A_SHAUpdate, A_SHAFinal, LsaStorePrivateData, LsaRetrievePrivateData, LsaNtStatusToWinError, CryptGetUserKey, CryptGetKeyParam, CryptEncrypt, CryptSetProvParam, CryptSignHashW, CryptDeriveKey, CryptGetProvParam, RegOpenCurrentUser, RegDeleteKeyW, AddAccessAllowedAceEx, RegSetKeySecurity, I_ScSendTSMessage, MD5Init, MD5Update, MD5Final, SetFileSecurityA, AllocateLocallyUniqueId, LsaOpenPolicy, LsaQueryInformationPolicy, LsaFreeMemory, LsaClose, RegNotifyChangeKeyValue, QueryServiceConfigW, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegEnumKeyExW, GetCurrentHwProfileW, RegCloseKey, RegQueryValueExW, RegOpenKeyW, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, RegOpenKeyExW, CreateProcessAsUserW, DuplicateTokenEx, CloseServiceHandle, ControlService, StartServiceW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, EqualSid, GetTokenInformation, RegSetValueExW, RegCreateKeyExW, CryptGenRandom, CryptDestroyHash, CryptVerifySignatureW, CryptSetHashParam, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDecrypt, ReportEventW, RegisterEventSourceW, CryptImportKey, CryptAcquireContextW, CryptReleaseContext, CryptDestroyKey, RegEnumValueW, RegQueryInfoKeyW, RegDeleteValueW, CredFree, CredDeleteW, CredEnumerateW, CopySid, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetUserNameW, OpenThreadToken, EnumServicesStatusW, ImpersonateLoggedOnUser, RegQueryValueExA, CheckTokenMembership, DeregisterEventSource, LsaGetUserName, RevertToSelf, LookupAccountSidW, IsValidSid, SetTokenInformation, LogonUserW, LookupAccountNameW, OpenProcessToken, SynchronizeWindows31FilesAndWindowsNTRegistry, QueryWindows31FilesMigration, AdjustTokenPrivileges, RegQueryInfoKeyA
> AUTHZ.dll: AuthzInitializeResourceManager, AuthzAccessCheck, AuthziFreeAuditEventType, AuthziInitializeAuditEvent, AuthziInitializeAuditParams, AuthziInitializeAuditEventType, AuthziLogAuditEvent, AuthzFreeAuditEvent, AuthzFreeResourceManager, AuthzFreeHandle
> CRYPT32.dll: CryptImportPublicKeyInfo, CryptVerifyMessageSignature, CertCreateCertificateContext, CertSetCertificateContextProperty, CertVerifyCertificateChainPolicy, CryptSignMessage, CertCloseStore, CertComparePublicKeyInfo, CryptExportPublicKeyInfo, CertFindExtension, CryptDecryptMessage, CertGetCertificateContextProperty, CertAddCertificateContextToStore, CertOpenStore, CertVerifySubjectCertificateContext, CertGetIssuerCertificateFromStore, CertDuplicateCertificateContext, CertFreeCertificateContext, CertEnumCertificatesInStore, CryptImportPublicKeyInfoEx
> GDI32.dll: RemoveFontResourceW, AddFontResourceW
> KERNEL32.dll: WTSGetActiveConsoleSessionId, GetTimeFormatW, GetUserDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, GetProcAddress, LoadLibraryW, GetModuleHandleW, SystemTimeToFileTime, GetSystemTime, SetLastError, TerminateProcess, GetCurrentProcess, CreateTimerQueueTimer, CreateThread, lstrcpynW, GetShortPathNameW, GetProfileStringW, FreeLibrary, ReleaseSemaphore, CreateSemaphoreW, GetSystemInfo, GetComputerNameW, GetEnvironmentVariableW, WaitForSingleObjectEx, LoadResource, FindResourceW, SetThreadExecutionState, DeleteTimerQueueTimer, ResetEvent, GetSystemDirectoryW, TransactNamedPipe, SetNamedPipeHandleState, GetTickCount, CreateFileW, GlobalGetAtomNameW, VirtualLock, VirtualQuery, GetDriveTypeW, Beep, OpenMutexW, QueueUserWorkItem, LeaveCriticalSection, EnterCriticalSection, DisconnectNamedPipe, SearchPathW, lstrcatW, LocalReAlloc, ExpandEnvironmentStringsW, TerminateThread, ResumeThread, GetDiskFreeSpaceExW, GlobalMemoryStatusEx, DeleteFileW, WriteProfileStringW, ReadFile, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, FormatMessageW, SetPriorityClass, MoveFileExW, WaitForMultipleObjectsEx, GetExitCodeProcess, SleepEx, InterlockedExchange, FindClose, FindFirstFileW, GetWindowsDirectoryW, SetTimerQueueTimer, GetComputerNameA, GetVersionExW, VerSetConditionMask, WriteFile, WaitNamedPipeW, WaitForMultipleObjects, ConnectNamedPipe, DuplicateHandle, OpenProcess, GetOverlappedResult, GetVersionExA, lstrcmpW, SetEnvironmentVariableW, UnregisterWait, CreateNamedPipeW, CreateRemoteThread, CreateActCtxW, GetModuleFileNameW, ExitProcess, LoadLibraryExW, SetErrorMode, SetUnhandledExceptionFilter, GetPrivateProfileStringW, LocalSize, VirtualAlloc, VirtualQueryEx, DebugBreak, CreateFileA, InitializeCriticalSection, ProcessIdToSessionId, SetInformationJobObject, AssignProcessToJobObject, TerminateJobObject, PostQueuedCompletionStatus, PulseEvent, GetQueuedCompletionStatus, CreateIoCompletionPort, CreateJobObjectW, ActivateActCtx, DeactivateActCtx, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetSystemTimeAsFileTime, UnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, GetCurrentProcessId, SetThreadPriority, GetCurrentThreadId, lstrcmpiW, GetProfileIntW, LoadLibraryExA, lstrcpyW, lstrlenW, Sleep, LocalAlloc, CreateEventW, GetExitCodeThread, SetThreadAffinityMask, GetProcessAffinityMask, CreateWaitableTimerW, CreateMutexW, OpenEventW, RegisterWaitForSingleObject, WaitForSingleObject, CreateProcessW, SetWaitableTimer, ReleaseMutex, SetEvent, UnregisterWaitEx, CloseHandle, lstrlenA, lstrcpyA, MultiByteToWideChar, GetACP, WideCharToMultiByte, HeapAlloc, GetProcessHeap, HeapFree, lstrcpynA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, lstrcmpiA, GetFileSize, SetFilePointer, GlobalAlloc, GlobalFree, GetLastError, LocalFree, lstrcatA, lstrcmpA, GetLogicalDriveStringsA, GetDriveTypeA, GetVolumeInformationW, GlobalMemoryStatus, CreateMutexA, FindResourceExW, LockResource, SizeofResource, VerifyVersionInfoW, GetSystemDirectoryA, GetCurrentThread, DelayLoadFailureHook, BaseInitAppcompatCacheSupport, OpenProfileUserMapping, CloseProfileUserMapping, BaseCleanupAppcompatCacheSupport, InitializeCriticalSectionAndSpinCount, VirtualProtect, CreateEventA, TlsSetValue, DeleteCriticalSection, TlsGetValue, TlsAlloc, VirtualFree, TlsFree
> msvcrt.dll: _vsnwprintf, wcslen, wcsncpy, wcsstr, atoi, wcstok, memmove, wcschr, swprintf, swscanf, _local_unwind2, _wcslwr, wcscmp, _snwprintf, malloc, _c_exit, _exit, _XcptFilter, _cexit, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __3@YAXPAX@Z, __2@YAPAXI@Z, __CxxFrameHandler, _itow, _snprintf, _wtol, _strnicmp, sscanf, wcstombs, sprintf, strchr, strncmp, atof, _ftol, isspace, __set_app_type, wcscpy, _controlfp, wcsncmp, _wcsupr, ceil, wcscat, _except_handler3, free, _wcsicmp
> NDdeApi.dll: -, -, -, -
> ntdll.dll: RtlAllocateHeap, NtPowerInformation, NtSetSystemPowerState, NtRaiseHardError, RtlDeleteCriticalSection, NtOpenSymbolicLinkObject, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, NtLockProductActivationKeys, RtlTimeToTimeFields, NtUnmapViewOfSection, NtMapViewOfSection, NtOpenSection, NtQuerySymbolicLinkObject, NtQueryVolumeInformationFile, NtSetSecurityObject, RtlAdjustPrivilege, NtOpenFile, NtFsControlFile, RtlAllocateAndInitializeSid, RtlDestroyEnvironment, RtlFreeHeap, NtQueryInformationToken, NtShutdownSystem, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlInitializeCriticalSection, RtlCreateEnvironment, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeString, NtOpenKey, NtQueryValueKey, RtlSubAuthoritySid, RtlInitializeSid, RtlLengthRequiredSid, NtAllocateLocallyUniqueId, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, NtSetInformationThread, NtDuplicateToken, NtDuplicateObject, RtlEqualSid, RtlSetDaclSecurityDescriptor, NtClose, RtlOpenCurrentUser, RtlCreateSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlNtStatusToDosError, NtOpenDirectoryObject, NtQuerySystemInformation, NtCreateEvent, NtCreatePagingFile, RtlDosPathNameToNtPathName_U, RtlRegisterWait, NtSetValueKey, NtCreateKey, RtlTimeToSecondsSince1980, NtQuerySystemTime, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtOpenProcessToken, RtlUnhandledExceptionFilter, NtQueryInformationProcess, DbgBreakPoint, RtlCheckProcessParameters, RtlSetThreadIsCritical, RtlSetProcessIsCritical, RtlInitString, NtInitiatePowerAction, DbgPrint, NtFilterToken, NtQueryInformationJobObject, NtOpenEvent, RtlGetAce, RtlQueryInformationAcl, NtQuerySecurityObject, RtlCompareUnicodeString, NtSetInformationProcess
> PROFMAP.dll: InitializeProfileMappingApi, RemapAndMoveUserW
> PSAPI.DLL: EnumProcesses, EnumProcessModules, GetModuleBaseNameW
> REGAPI.dll: RegDefaultUserConfigQueryW, RegUserConfigQuery
> RPCRT4.dll: RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcImpersonateClient, I_RpcMapWin32Status, RpcServerRegisterIf, RpcGetAuthorizationContextForClient, RpcFreeAuthorizationContext, RpcServerListen, RpcRevertToSelf, NdrServerCall2, UuidCreate
> Secur32.dll: GetUserNameExW, LsaLookupAuthenticationPackage, LsaRegisterLogonProcess, LsaCallAuthenticationPackage
> SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceRegistryPropertyW
> USER32.dll: SetFocus, EnumWindows, CreateWindowStationW, RegisterLogonProcess, RecordShutdownReason, LoadLocalFonts, UnhookWindowsHook, SetWindowsHookW, GetWindowTextW, CallNextHookEx, DialogBoxParamW, GetWindowPlacement, GetSystemMenu, DeleteMenu, SetWindowPlacement, SetUserObjectInformationW, GetAsyncKeyState, PostThreadMessageW, SetUserObjectSecurity, CreateDesktopW, KillTimer, GetMessageTime, SetLogonNotifyWindow, UnlockWindowStation, SetTimer, ReplyMessage, UnregisterHotKey, RegisterHotKey, OpenInputDesktop, GetUserObjectInformationW, CloseDesktop, RegisterDeviceNotificationW, SetThreadDesktop, CreateWindowExW, GetMessageW, TranslateMessage, RegisterWindowMessageW, SetCursor, DefWindowProcW, FindWindowW, MessageBoxW, SendNotifyMessageW, PostQuitMessage, MsgWaitForMultipleObjects, GetWindowRect, GetSystemMetrics, PeekMessageW, DispatchMessageW, SetProcessWindowStation, UpdateWindow, ShowWindow, SetWindowPos, PostMessageW, ExitWindowsEx, EnumDisplayMonitors, SystemParametersInfoW, GetDlgItem, SendMessageW, CreateDialogParamW, DestroyWindow, GetWindowLongW, GetDlgItemTextW, EndDialog, SetWindowLongW, LoadStringW, SetWindowTextW, SetDlgItemTextW, wsprintfW, wsprintfA, LockWindowStation, MBToWCSEx, SetWindowStationUser, UpdatePerUserSystemParameters, DialogBoxIndirectParamW, wvsprintfW, SetLastErrorEx, LoadCursorW, CheckDlgButton, IsDlgButtonChecked, RegisterClassW, CloseWindowStation, LoadImageW, GetParent, GetKeyState, GetDesktopWindow, SetForegroundWindow, SwitchDesktop, OpenDesktopW
> USERENV.dll: WaitForUserPolicyForegroundProcessing, GetAllUsersProfileDirectoryW, -, -, -, -, WaitForMachinePolicyForegroundProcessing, -, -, -, UnloadUserProfile, LoadUserProfileW, GetUserProfileDirectoryW, RegisterGPNotification, CreateEnvironmentBlock, DestroyEnvironmentBlock, UnregisterGPNotification, -
> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
> WINSTA.dll: WinStationRequestSessionsList, WinStationQueryLogonCredentialsW, WinStationIsHelpAssistantSession, WinStationAutoReconnect, _WinStationWaitForConnect, WinStationDisconnect, _WinStationCallback, WinStationNameFromLogonIdW, _WinStationFUSCanRemoteUserDisconnect, WinStationEnumerate_IndexedW, WinStationGetMachinePolicy, WinStationQueryInformationW, WinStationFreeMemory, WinStationReset, _WinStationNotifyDisconnectPipe, WinStationConnectW, WinStationSetInformationW, WinStationShutdownSystem, WinStationCheckLoopBack, _WinStationNotifyLogon, _WinStationNotifyLogoff
> WINTRUST.dll: CryptCATCatalogInfoFromContext, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminAcquireContext, CryptCATAdminEnumCatalogFromHash, CryptCATAdminReleaseCatalogContext, WTHelperProvDataFromStateData, WinVerifyTrust, WTHelperGetProvSignerFromChain, CryptCATAdminReleaseContext
> WS2_32.dll: -, getaddrinfo, -

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. V_echna pr_va vyhrazena.
product......: Opera_n_ syst_m Microsoft_ Windows_
description..: Windows NT Logon Application
original name: WINLOGON.EXE
internal name: winlogon
file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

seno · #7 Příspěvek od **seno** » 31 říj 2009 11:44

.....radcovia sice nemaju radi, ak im dakto pise do vlakna pri ich radach, ale neda mi a kym Ti niekto napise co dalej, mam este 2 poznamky na Teba milkasv:

- ak ides pisat za svoj prispevok, hned este jeden dalsi svoj prispevok, tak pouzi tlacitko EDIT (editovanie posledneho svojho prispevku) na foru a dopis text k svojmu poslednemu prispevku

- co sa tyka toho "virustotal.com" testu, tak po skonceni kazdeho testu mas internetovu adresu v riadku s adresou v internetovom browseri hore zmenenu, stacilo sem okopirovat a vlozit vzdy tieto adresy ku kazdemu novo otestovanemu suboru, namiesto toho hromadneho "spamu"

milkasv · #8 Příspěvek od **milkasv** » 31 říj 2009 12:07

sorry. píšem druhý krát v živote do fóra, a prvý krát som nič tak nepridávala len log. to preto nemám šajnu ako sa to robí.

neviem či to mam napísať takto cacls "E:\System Volume Information" /T /E /G "Jožko":F)

to Jožko mi tam zobrazí ako Joxko a vypíše neplatné argumenty. systém máme na c: a na e: a f: len data.
skúšala som meniť to prvé písmeno disku ale stále to isté. tak nevim čo napísať. dik

a tie body obnovy som vypla a potom zapla.
dať scan tým AVPTool aj ked nemám prevzaté práva. nie som už slečna ale mama s 3 detmi, tak preto mi to tak dlho trvá

#9 Příspěvek od **motji** » 31 říj 2009 12:10

To seno - sice máš pravdu, ale někteří to neznají...nabudem je za to kamenovat.

.
Myslím že slečna má ted plné práce s virutem, takže je jedno, jak sem co vloží.

MilkaSV
Smazala jste ty složky obnovy systému?
Uvidíme co najde AVPtool

#10 Příspěvek od **motji** » 31 říj 2009 13:14

Vzhledem k tomu, že jsem taky mamina, navrhuju tykání

.
Prosím Tě, editování příspěvku dělej, jen když příspěvek pošleš a pak zjistíš, že tam chceš něco dopsat, abys neměla dva příspěvky chvilku po sobě. Jinak needituj, já si pak nevšimnu,že jsi něco dopisovala

.

S těmi právy to bude horší. Píšeš to dobře, ale ten háček.. nevím

.
Zatím to tak nechej, musím se zeptat.

Ten AVPtool udělej i tak

.

milkasv · #11 Příspěvek od **milkasv** » 31 říj 2009 20:33

Tak fajn. Konečne doskenovalo. Tu máš log. zatiaľ dik.

Detected
--------
Status Object
------ ------
deleted: adware not-a-virus:AdWare.Win32.BHO.jou File: C:\Documents and Settings\Jožko\Local Settings\Temporary Internet Files\Content.IE5\M4UA36RU\PLAY_MP3[1].exe//data0006
deleted: Trojan program Trojan.Win32.Buzus.ckee File: C:\Program Files\DVDFab 6\DVDFab.exe
deleted: Trojan program Trojan.Win32.Buzus.ckee File: E:\instal\dvdfab-platinum-v6-1-2-0-multilingual-cracked-djinn.rar/DVDFab.Platinum.v6.1.2.0.Multilingual.Cracked-DJiNN\Crack\DVDFab.exe
deleted: Trojan program Trojan.Win32.Buzus.ckee File: E:\instal\dvdfab-platinum-v6-1-2-0-multilingual-cracked-djinn\DVDFab.Platinum.v6.1.2.0.Multilingual.Cracked-DJiNN\Crack\DVDFab.exe
detected: Trojan program Trojan-Dropper.Win32.Small.sc File: F:\BitLord\Downloads\Karty.iso//Hry/2mfreesolwe/2mfreesolwe.exe;1//doc\5knoikz.exe
detected: adware not-a-virus:AdWare.Win32.NavExcel File: F:\BitLord\Downloads\Karty.iso//Hry/2mfreesolwe/2mfreesolwe.exe;1//doc\NHInstaller_ka.exe/NHInstall.exe
detected: adware not-a-virus:AdWare.Win32.NavExcel File: F:\BitLord\Downloads\Karty.iso//Hry/2mfreesolwe/2mfreesolwe.exe;1//doc\NHInstaller_ka.exe/v1.cab/NHUninstaller.exe
detected: adware not-a-virus:AdWare.Win32.NavExcel.c File: F:\BitLord\Downloads\Karty.iso//Hry/2mfreesolwe/2mfreesolwe.exe;1//doc\NHInstaller_ka.exe/v1.cab/NHelper.dll
detected: adware not-a-virus:AdWare.Win32.NavExcel.b File: F:\BitLord\Downloads\Karty.iso//Hry/2mfreesolwe/2mfreesolwe.exe;1//doc\NHInstaller_ka.exe/v1.cab/NHUpdater.exe
detected: Trojan program Trojan-Dropper.Win32.Small.sc File: F:\BitLord\Downloads\Karty.iso//Hry/3free/frepatwe.exe;1//doc\5knoikz.exe
detected: adware not-a-virus:AdWare.Win32.NavExcel.b File: F:\BitLord\Downloads\Karty.iso//Hry/3free/frepatwe.exe;1//doc\NHInstaller_ka.exe
detected: adware not-a-virus:AdWare.Win32.Aureate File: F:\BitLord\Downloads\Karty.iso//Hry/MidnightOil/MidnightOil.exe;1//data0013

#12 Příspěvek od **motji** » 31 říj 2009 21:47

Ještě pořád Nod něco hlásí? Virut se naštěstí nepotvdil

Stahni MBAM z mého podpisu
-Nainstaluj,dej úplný sken

NIC NEMAZAT

MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu
-Log zkopíruj sem

Nemáš firewall,k čemu je užitečný se dozvíš zde http://www.viry.cz/forum/viewtopic.php?f=41&t=20980 , můžu doporučit Zone alarm

Nemáš sp3 http://www.viry.cz/forum/viewtopic.php?f=46&t=86100 , doinstaluj

milkasv · #13 Příspěvek od **milkasv** » 01 lis 2009 07:44

skontrolovalo a nič nenašlo. tu log.

Malwarebytes' Anti-Malware 1.41
Verze databáze: 3072
Windows 5.1.2600 Service Pack 2

1. 11. 2009 7:33:24
mbam-log-2009-11-01 (07-33-24).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 93543
Uplynulý čas: 4 minute(s), 11 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky

eset hlásil posledný krát virut včera ráno o 10h. do dnes nič. tak neviem, je to už v poriadku?

a čo s tým combofixom, čo má ikonu tento počítač?
ten prvý príspevok napísal manžel, ja len dopísala o tom combofixe.
tak zatiaľ ti dakujem.

#14 Příspěvek od **motji** » 01 lis 2009 08:35

Zatím to vypadá, že virut v pc není

Odinstaluj combofix přes
Start >> Spustit zkopíruj do okénka:

ComboFix /u

stiskni Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

Stáhni T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusť,pro potvrzení volby mačkej klávesu A, Enter
-po použití prográmek vymaž.Pozor,antiviry ho mohou falešně označit za vir

arrow: Z mého podpisu stahni Ccleaner
-nainstaluj, při výběru, co se má nainstalovat, dej pryč fajfku u instalace yahoo toolbaru

záložka čistič
-nechej v levém sloupečku zatrhnuté vše jak je, klikni na analyzovat
-po analýze klikni na Spustit Ccleaner

záložka Registry
-klikni na hledej problémy
- pak klikni na opravit vybrané problémy

udělat zálohu registrů
-klikni opravit všechny problémy

ok

zavřít

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

Smaž cache Opery bud ručně nebo ATF Cleanerem
http://www.slunecnice.cz/sw/atf-cleaner/

- v menu nahoře vyber záložku Firefox / Opera a klikni na ni
-zatrhni Select All a pak klikni na Empty Selected

pozor - přijdete o všechna hesla uložená ve FF /Opere!

-Na záložce main zaškrtni All users temp a potvrd Empty selected

Odinstalujte AVPTool

V hlavním okně programu (pokud jste ho zavřeli, tak v adresáři, do kterého jste AVPTool nainstalovali, spusťte soubor setup_7.0.0.*.exe - soubor s ikonou velkého K) klikněte vpravo dole na nápis Complete Antivirus Protection. Potvrďte stiskem Yes a následně dvakrát stiskem Ano. Odsouhlasíte tak odinstalování AVPTool a nutný restart počítače (+ otevře se vám i internetová stránka s produkty od společnosti Kaspersky - můžete ignorovat).

Stáhněte Ccleaner,viz můj podpis
-nainstalujte a vyčištěte dočasné soubory, i registry

Tak za 2-3 dny udělej ještě log z MWAWU viz můj podpis, a vlož log ze Rsitu.
Pokud by ESET hlásil znovu viruta, okamžitě napiš

.
Virut je potvůrka co napadá syst.soubory a ostatní exe soubory a šíří se velice rychle, tak at to podchytíme.

S těmi topicy - pokud by jste to naráz řešili ve dvou topicích, byl by v tom zmatek - navíc každý rádce má svoje postupy

. Pokud rádce neodpovídá, protože tu zrovna není a spěcháš na to, můžeš sz napsat jinému rádci, at na ten topic mrkne

.

milkasv · #15 Příspěvek od **milkasv** » 01 lis 2009 22:01

Všetko som spravila tak ako si povedala. Eset nehlási nič, ani žiaden nájdený vírus. Tak dúfam, že je to v poriadku. O 3 dni spravím čo si povedala a ozvem sa. Zatiaľ Ti ďakujem veľmi, veľmi pekne a som Ti veľmi vďačná. Dobrú noc. Miky.

VIRY.CZ

ako odstrániť virut

ako odstrániť virut

Re: ako odstrániť virut

Re: ako odstrániť virut

Re: ako odstrániť virut

Re: ako odstrániť virut

Re: ako odstrániť virut

Re: ako odstrániť virut

Re: ako odstrániť virut

Re: ako odstrániť virut

Re: ako odstrániť virut

Re: ako odstrániť virut

Re: ako odstrániť virut

Re: ako odstrániť virut

Re: ako odstrániť virut

Re: ako odstrániť virut