Vir v MBR sektoru - nejde odstranit

Zpráva

dinospages · #1 Příspěvek od **dinospages** » 15 bře 2010 12:26

Zdravím

NOD mi nalezl tuto infekci, bohužel nejde žádným způsobem odebrat, zůstala na disku i po formátování:

MBR sektor 1. fyzického disku - Win32/Mebroot.K trojský kůň

LOG z RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Martin at 2010-03-15 12:26:03
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 24 GB (62%) free of 38 GB
Total RAM: 2038 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:06, on 15.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\acer\epm\epm-dm.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Martin\Plocha\RSIT.exe
C:\Program Files\trend micro\Martin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15187&l=dis
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

--
End of file - 3853 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-04-09 2029640]
"EPM-DM"=c:\acer\epm\epm-dm.exe [2005-06-01 192512]
"ePowerManagement"=C:\Acer\ePM\ePM.exe [2005-03-15 2893824]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-01-23 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-01-23 126976]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-04-15 77824]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-04 102490]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-04 708698]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-01-23 348160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\sdc230\sdc230\StrongDC.exe"="C:\Program Files\sdc230\sdc230\StrongDC.exe:*:Enabled:StrongDC++"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58ad33b7-3017-11df-bee7-000ae4e5246a}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

======List of files/folders created in the last 1 months======

2010-03-15 12:21:56 ----D---- C:\Program Files\trend micro
2010-03-15 12:21:55 ----D---- C:\rsit
2010-03-15 12:05:33 ----D---- C:\Program Files\Winamp3
2010-03-15 12:05:32 ----D---- C:\Program Files\Ozone
2010-03-15 12:04:55 ----A---- C:\WINDOWS\ODBC.INI
2010-03-15 12:04:45 ----A---- C:\WINDOWS\system32\mdimon.dll
2010-03-15 12:04:31 ----D---- C:\WINDOWS\system32\appmgmt
2010-03-15 12:03:23 ----D---- C:\Program Files\Microsoft.NET
2010-03-15 12:02:12 ----D---- C:\Program Files\Common Files\DESIGNER
2010-03-15 12:02:03 ----D---- C:\Program Files\Microsoft Works
2010-03-15 12:01:47 ----D---- C:\Program Files\Microsoft Visual Studio
2010-03-15 12:01:14 ----D---- C:\WINDOWS\SHELLNEW
2010-03-15 12:00:58 ----D---- C:\Program Files\Microsoft Office
2010-03-15 11:53:46 ----D---- C:\Program Files\sdc230
2010-03-15 11:49:06 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-03-15 11:48:50 ----D---- C:\Program Files\DAEMON Tools Lite
2010-03-15 11:48:32 ----D---- C:\Documents and Settings\Martin\Data aplikací\DAEMON Tools Lite
2010-03-15 11:48:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-03-15 11:45:31 ----D---- C:\Program Files\uTorrent
2010-03-15 11:45:23 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2010-03-15 11:45:23 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2010-03-15 11:45:16 ----D---- C:\WINDOWS\Logs
2010-03-15 11:44:54 ----D---- C:\Documents and Settings\Martin\Data aplikací\uTorrent
2010-03-15 11:44:14 ----D---- C:\Program Files\The KMPlayer
2010-03-15 11:43:34 ----D---- C:\WINDOWS\RegisteredPackages
2010-03-15 11:43:07 ----N---- C:\WINDOWS\system32\vxblock.dll
2010-03-15 11:43:07 ----N---- C:\WINDOWS\system32\pxwave.dll
2010-03-15 11:43:07 ----N---- C:\WINDOWS\system32\pxsfs.dll
2010-03-15 11:43:07 ----N---- C:\WINDOWS\system32\pxmas.dll
2010-03-15 11:43:07 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2010-03-15 11:43:07 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2010-03-15 11:43:07 ----N---- C:\WINDOWS\system32\pxdrv.dll
2010-03-15 11:43:07 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2010-03-15 11:43:07 ----N---- C:\WINDOWS\system32\pxafs.dll
2010-03-15 11:43:07 ----N---- C:\WINDOWS\system32\px.dll
2010-03-15 11:43:05 ----D---- C:\Program Files\Winamp
2010-03-15 11:43:05 ----D---- C:\Documents and Settings\Martin\Data aplikací\Winamp
2010-03-15 11:39:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-03-15 11:39:27 ----D---- C:\Program Files\Common Files\Adobe
2010-03-15 11:39:27 ----D---- C:\Program Files\Adobe
2010-03-15 11:38:02 ----D---- C:\WINDOWS\system32\Adobe
2010-03-15 11:35:48 ----D---- C:\Documents and Settings\Martin\Data aplikací\Macromedia
2010-03-15 11:35:48 ----D---- C:\Documents and Settings\Martin\Data aplikací\Adobe
2010-03-15 11:34:53 ----D---- C:\Documents and Settings\Martin\Data aplikací\Opera
2010-03-15 11:34:40 ----D---- C:\Program Files\Opera
2010-03-15 11:30:59 ----A---- C:\WINDOWS\system32\h323log.txt
2010-03-15 11:27:49 ----A---- C:\WINDOWS\system32\usbui.dll
2010-03-15 11:26:23 ----SHD---- C:\WINDOWS\Installer
2010-03-15 11:26:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-15 11:26:22 ----D---- C:\Program Files\Common Files\ODBC
2010-03-15 11:26:22 ----A---- C:\WINDOWS\ODBCINST.INI
2010-03-15 11:26:17 ----RD---- C:\Program Files
2010-03-15 11:26:17 ----D---- C:\Program Files\Common Files\SpeechEngines
2010-03-15 11:26:17 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-03-15 11:26:17 ----D---- C:\Program Files\Common Files
2010-03-15 11:26:14 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-03-15 11:26:13 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-03-15 11:26:13 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdur.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdru.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2010-03-15 11:26:10 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-03-15 11:26:10 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-03-15 11:26:10 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-03-15 11:26:10 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-03-15 11:26:10 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-03-15 11:26:10 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-03-15 11:26:10 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-03-15 11:26:09 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-03-15 11:26:09 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-03-15 11:26:09 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-03-15 11:26:09 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-03-15 11:26:09 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdycl.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdsl.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdro.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdpl.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdhu.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdcr.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2010-03-15 11:26:04 ----A---- C:\WINDOWS\system32\irclass.dll
2010-03-15 11:26:04 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-03-15 11:26:03 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-03-15 11:26:03 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-03-15 11:26:03 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-03-15 11:26:01 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2010-03-15 11:26:01 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-03-15 11:26:01 ----A---- C:\WINDOWS\system32\batt.dll
2010-03-15 11:26:00 ----A---- C:\WINDOWS\NOTEPAD.EXE
2010-03-15 11:25:59 ----A---- C:\WINDOWS\system32\storprop.dll
2010-03-15 11:25:49 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2010-03-15 11:25:46 ----RA---- C:\WINDOWS\SET8.tmp
2010-03-15 11:25:42 ----RA---- C:\WINDOWS\SET4.tmp
2010-03-15 11:25:40 ----RA---- C:\WINDOWS\SET3.tmp
2010-03-15 11:25:34 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-15 11:25:34 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-15 11:25:27 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-03-15 11:25:00 ----A---- C:\WINDOWS\setuplog.txt
2010-03-15 11:24:55 ----D---- C:\Documents and Settings
2010-03-15 11:24:54 ----SHD---- C:\System Volume Information
2010-03-15 11:23:51 ----SH---- C:\boot.ini
2010-03-15 11:18:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-15 11:18:40 ----RSD---- C:\WINDOWS\Fonts
2010-03-15 11:18:40 ----RD---- C:\WINDOWS\Web
2010-03-15 11:18:40 ----HD---- C:\WINDOWS\inf
2010-03-15 11:18:40 ----D---- C:\WINDOWS\WinSxS
2010-03-15 11:18:40 ----D---- C:\WINDOWS\twain_32
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Temp
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\wins
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\wbem
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\usmt
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\spool
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\ShellExt
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\Setup
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\ras
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\oobe
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\npp
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\mui
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\inetsrv
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\IME
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\icsxml
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\ias
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\export
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\drivers
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\dhcp
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\cs-cz
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\cs
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\config
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\3com_dmi
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\3076
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\2052
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1054
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1042
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1041
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1037
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1033
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1031
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1029
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1028
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1025
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system
2010-03-15 11:18:40 ----D---- C:\WINDOWS\security
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Resources
2010-03-15 11:18:40 ----D---- C:\WINDOWS\repair
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Provisioning
2010-03-15 11:18:40 ----D---- C:\WINDOWS\pchealth
2010-03-15 11:18:40 ----D---- C:\WINDOWS\PeerNet
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Network Diagnostic
2010-03-15 11:18:40 ----D---- C:\WINDOWS\mui
2010-03-15 11:18:40 ----D---- C:\WINDOWS\msapps
2010-03-15 11:18:40 ----D---- C:\WINDOWS\msagent
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Media
2010-03-15 11:18:40 ----D---- C:\WINDOWS\L2Schemas
2010-03-15 11:18:40 ----D---- C:\WINDOWS\java
2010-03-15 11:18:40 ----D---- C:\WINDOWS\ime
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Help
2010-03-15 11:18:40 ----D---- C:\WINDOWS\ehome
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Driver Cache
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Debug
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Cursors
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Connection Wizard
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Config
2010-03-15 11:18:40 ----D---- C:\WINDOWS\AppPatch
2010-03-15 11:18:40 ----D---- C:\WINDOWS\addins
2010-03-15 11:18:40 ----D---- C:\WINDOWS
2010-03-15 11:17:01 ----SHD---- C:\RECYCLER
2010-03-15 11:14:06 ----A---- C:\WINDOWS\system32\SynTPFcs.dll
2010-03-15 11:14:06 ----A---- C:\WINDOWS\system32\SynTPCo2.dll
2010-03-15 11:14:06 ----A---- C:\WINDOWS\system32\SynTPAPI.dll
2010-03-15 11:14:05 ----A---- C:\WINDOWS\system32\SynCtrl.dll
2010-03-15 11:14:04 ----A---- C:\WINDOWS\system32\SynCOM.dll
2010-03-15 11:14:02 ----D---- C:\Program Files\Synaptics
2010-03-15 11:13:02 ----RA---- C:\WINDOWS\system32\igfxres.dll
2010-03-15 11:12:56 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-03-15 11:12:45 ----A---- C:\WINDOWS\system32\RTLCPAPI.dll
2010-03-15 11:12:45 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2010-03-15 11:12:44 ----N---- C:\WINDOWS\system32\ChCfg.exe
2010-03-15 11:12:43 ----A---- C:\WINDOWS\system32\RTLCPL.EXE
2010-03-15 11:12:41 ----N---- C:\WINDOWS\alcupd.exe
2010-03-15 11:12:41 ----N---- C:\WINDOWS\alcrmv.exe
2010-03-15 11:12:37 ----N---- C:\WINDOWS\RtlExUpd.dll
2010-03-15 11:11:46 ----RA---- C:\WINDOWS\system32\ialmrem.dll
2010-03-15 11:11:46 ----RA---- C:\WINDOWS\system32\ialmgicd.dll
2010-03-15 11:11:46 ----RA---- C:\WINDOWS\system32\ialmgdev.dll
2010-03-15 11:11:46 ----RA---- C:\WINDOWS\system32\iAlmCoIn_v4020.dll
2010-03-15 11:11:45 ----RA---- C:\WINDOWS\system32\igfxzoom.exe
2010-03-15 11:11:45 ----RA---- C:\WINDOWS\system32\igfxress.dll
2010-03-15 11:11:45 ----RA---- C:\WINDOWS\system32\igfxhk.dll
2010-03-15 11:11:45 ----RA---- C:\WINDOWS\system32\igfxext.exe
2010-03-15 11:11:45 ----RA---- C:\WINDOWS\system32\igfxexps.dll
2010-03-15 11:11:45 ----RA---- C:\WINDOWS\system32\hkcmd.exe
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\oemdspif.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxtray.exe
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxsrvc.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxpph.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxeud.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxdo.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxdiag.exe
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxdgps.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxdev.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxcfg.exe
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\ialmrnt5.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\ialmdnt5.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\ialmdev5.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\ialmdd5.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\hccutils.dll
2010-03-15 11:11:31 ----D---- C:\Program Files\Intel
2010-03-15 11:10:14 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-03-15 11:09:44 ----D---- C:\Program Files\CONEXANT
2010-03-15 11:09:37 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2010-03-15 11:09:37 ----A---- C:\WINDOWS\system32\hsfci012.dll
2010-03-15 11:09:10 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-15 11:09:10 ----D---- C:\Acer
2010-03-15 11:09:10 ----A---- C:\WINDOWS\system32\Epm-Po.dll
2010-03-15 11:08:52 ----D---- C:\Program Files\Common Files\InstallShield
2010-03-15 11:07:34 ----D---- C:\Documents and Settings\Martin\Data aplikací\WinRAR
2010-03-15 10:55:18 ----D---- C:\Program Files\WinRAR
2010-03-15 10:51:07 ----D---- C:\Program Files\ESET
2010-03-15 10:51:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-03-15 10:44:34 ----D---- C:\Documents and Settings\Martin\Data aplikací\Identities
2010-03-15 10:44:31 ----HD---- C:\Program Files\Uninstall Information
2010-03-15 10:44:24 ----ASH---- C:\Documents and Settings\Martin\Data aplikací\desktop.ini
2010-03-15 10:44:23 ----SD---- C:\Documents and Settings\Martin\Data aplikací\Microsoft
2010-03-15 10:43:20 ----D---- C:\WINDOWS\SoftwareDistribution
2010-03-15 10:43:20 ----D---- C:\WINDOWS\IIS Temporary Compressed Files
2010-03-15 10:43:16 ----D---- C:\WINDOWS\Prefetch
2010-03-15 10:43:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-15 10:39:19 ----D---- C:\WINDOWS\system32\xircom
2010-03-15 10:39:19 ----D---- C:\Program Files\xerox
2010-03-15 10:39:19 ----D---- C:\Program Files\microsoft frontpage
2010-03-15 10:38:57 ----A---- C:\WINDOWS\control.ini
2010-03-15 10:38:57 ----A---- C:\AUTOEXEC.BAT
2010-03-15 10:38:38 ----A---- C:\WINDOWS\OEWABLog.txt
2010-03-15 10:38:34 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-03-15 10:37:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-15 10:37:28 ----RD---- C:\WINDOWS\Offline Web Pages
2010-03-15 10:37:28 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-03-15 10:37:20 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-03-15 10:37:14 ----HD---- C:\Program Files\WindowsUpdate
2010-03-15 10:37:09 ----D---- C:\Program Files\Online Services
2010-03-15 10:36:50 ----D---- C:\WINDOWS\system32\DirectX
2010-03-15 10:36:44 ----A---- C:\WINDOWS\system32\atrace.dll
2010-03-15 10:36:41 ----A---- C:\WINDOWS\system32\desktop.ini
2010-03-15 10:36:41 ----A---- C:\WINDOWS\desktop.ini
2010-03-15 10:36:34 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-03-15 10:36:33 ----D---- C:\Program Files\Common Files\Services
2010-03-15 10:36:33 ----A---- C:\WINDOWS\system32\acctres.dll
2010-03-15 10:36:30 ----SD---- C:\WINDOWS\Tasks
2010-03-15 10:36:30 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-03-15 10:36:29 ----D---- C:\Program Files\Common Files\MSSoap
2010-03-15 10:36:25 ----D---- C:\WINDOWS\srchasst
2010-03-15 10:36:23 ----D---- C:\WINDOWS\system32\Macromed
2010-03-15 10:36:20 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-03-15 10:36:20 ----A---- C:\WINDOWS\system32\wups.dll
2010-03-15 10:36:20 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-03-15 10:36:20 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-03-15 10:36:20 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-03-15 10:36:20 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-03-15 10:36:20 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-03-15 10:36:19 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-03-15 10:36:19 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-03-15 10:36:19 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-03-15 10:36:19 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-03-15 10:36:19 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2010-03-15 10:36:19 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-03-15 10:36:19 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-03-15 10:36:14 ----D---- C:\Program Files\Movie Maker
2010-03-15 10:35:55 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-03-15 10:35:55 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-03-15 10:35:55 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-03-15 10:35:55 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-03-15 10:35:51 ----D---- C:\WINDOWS\system32\Restore
2010-03-15 10:35:51 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-03-15 10:35:51 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-03-15 10:35:51 ----A---- C:\WINDOWS\system32\fltMc.exe
2010-03-15 10:35:51 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-03-15 10:35:50 ----A---- C:\WINDOWS\system32\srclient.dll
2010-03-15 10:35:50 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-03-15 10:35:50 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-03-15 10:35:50 ----A---- C:\WINDOWS\system32\ils.dll
2010-03-15 10:35:49 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-03-15 10:35:49 ----A---- C:\WINDOWS\system32\msconf.dll
2010-03-15 10:35:49 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-03-15 10:35:47 ----D---- C:\Program Files\NetMeeting
2010-03-15 10:35:47 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-03-15 10:35:46 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-03-15 10:35:46 ----A---- C:\WINDOWS\system32\inetres.dll
2010-03-15 10:35:45 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-03-15 10:35:43 ----D---- C:\Program Files\Outlook Express
2010-03-15 10:35:43 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-03-15 10:35:43 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-03-15 10:35:43 ----A---- C:\WINDOWS\system32\mstask.dll
2010-03-15 10:35:43 ----A---- C:\WINDOWS\system32\isign32.dll
2010-03-15 10:35:43 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-03-15 10:35:43 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-03-15 10:35:42 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-03-15 10:35:35 ----D---- C:\Program Files\Common Files\System
2010-03-15 10:35:31 ----D---- C:\Program Files\Internet Explorer
2010-03-15 10:34:26 ----D---- C:\Program Files\ComPlus Applications
2010-03-15 10:34:24 ----A---- C:\WINDOWS\vbaddin.ini
2010-03-15 10:34:24 ----A---- C:\WINDOWS\vb.ini
2010-03-15 10:34:18 ----D---- C:\WINDOWS\Registration
2010-03-15 10:34:08 ----SD---- C:\WINDOWS\system32\Microsoft
2010-03-15 10:34:08 ----D---- C:\WINDOWS\system32\Cache
2010-03-15 10:34:04 ----D---- C:\Program Files\Windows Media Player
2010-03-15 10:33:55 ----D---- C:\Program Files\Messenger
2010-03-15 10:33:51 ----A---- C:\WINDOWS\system32\w3ctrs.ini
2010-03-15 10:33:50 ----A---- C:\WINDOWS\system32\w3svapi.dll
2010-03-15 10:33:50 ----A---- C:\WINDOWS\system32\w3ctrs.dll
2010-03-15 10:33:50 ----A---- C:\WINDOWS\system32\iisrstap.dll
2010-03-15 10:33:50 ----A---- C:\WINDOWS\system32\iisreset.exe
2010-03-15 10:33:50 ----A---- C:\WINDOWS\system32\ftpsapi2.dll
2010-03-15 10:33:50 ----A---- C:\WINDOWS\system32\axperf.ini
2010-03-15 10:33:50 ----A---- C:\WINDOWS\system32\aspperf.dll
2010-03-15 10:33:49 ----A---- C:\WINDOWS\system32\wamregps.dll
2010-03-15 10:33:49 ----A---- C:\WINDOWS\system32\infoctrs.ini
2010-03-15 10:33:49 ----A---- C:\WINDOWS\system32\infoctrs.dll
2010-03-15 10:33:49 ----A---- C:\WINDOWS\system32\inetsloc.dll
2010-03-15 10:33:49 ----A---- C:\WINDOWS\system32\iismui.dll
2010-03-15 10:33:49 ----A---- C:\WINDOWS\system32\convlog.exe
2010-03-15 10:33:49 ----A---- C:\WINDOWS\system32\admxprox.dll
2010-03-15 10:33:44 ----D---- C:\Program Files\MSN Gaming Zone
2010-03-15 10:33:44 ----A---- C:\WINDOWS\system32\write.exe
2010-03-15 10:33:34 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-03-15 10:33:34 ----A---- C:\WINDOWS\system32\hticons.dll
2010-03-15 10:33:34 ----A---- C:\WINDOWS\system32\avwav.dll
2010-03-15 10:33:34 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-03-15 10:33:34 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-03-15 10:33:33 ----A---- C:\WINDOWS\system32\winchat.exe
2010-03-15 10:33:27 ----A---- C:\WINDOWS\system32\getuname.dll
2010-03-15 10:33:26 ----A---- C:\WINDOWS\system32\winmine.exe
2010-03-15 10:33:26 ----A---- C:\WINDOWS\system32\sol.exe
2010-03-15 10:33:26 ----A---- C:\WINDOWS\system32\charmap.exe
2010-03-15 10:33:26 ----A---- C:\WINDOWS\system32\calc.exe
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\tskill.exe
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\tscon.exe
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\shadow.exe
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\reset.exe
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\freecell.exe
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\regini.exe
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\msg.exe
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\logoff.exe
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-03-15 10:33:18 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-03-15 10:33:15 ----A---- C:\WINDOWS\system32\smtpapi.dll
2010-03-15 10:33:15 ----A---- C:\WINDOWS\system32\rwnh.dll
2010-03-15 10:33:14 ----A---- C:\WINDOWS\system32\infoadmn.dll
2010-03-15 10:33:14 ----A---- C:\WINDOWS\system32\iismap.dll
2010-03-15 10:33:14 ----A---- C:\WINDOWS\system32\iisext.dll
2010-03-15 10:33:14 ----A---- C:\WINDOWS\system32\adsiis.dll
2010-03-15 10:33:13 ----A---- C:\WINDOWS\system32\iisRtl.dll
2010-03-15 10:33:13 ----A---- C:\WINDOWS\system32\exstrace.dll
2010-03-15 10:33:13 ----A---- C:\WINDOWS\system32\admwprox.dll
2010-03-15 10:33:11 ----A---- C:\WINDOWS\system32\staxmem.dll
2010-03-15 10:33:10 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-03-15 10:33:10 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-03-15 10:33:10 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-03-15 10:33:09 ----D---- C:\Program Files\Windows NT
2010-03-15 10:33:09 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-03-15 10:33:09 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-03-15 10:33:09 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-03-15 10:33:08 ----A---- C:\WINDOWS\system32\spider.exe
2010-03-15 10:33:07 ----A---- C:\WINDOWS\system32\tsgqec.dll
2010-03-15 10:33:07 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-03-15 10:33:07 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2010-03-15 10:33:07 ----A---- C:\WINDOWS\system32\aaclient.dll
2010-03-15 10:33:06 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-03-15 10:33:06 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-03-15 10:33:06 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-03-15 10:33:06 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-03-15 10:33:06 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-03-15 10:33:06 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-03-15 10:33:05 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-03-15 10:33:05 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-03-15 10:33:05 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-03-15 10:33:05 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-03-15 10:33:05 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-03-15 10:33:05 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-03-15 10:33:05 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-03-15 10:33:05 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-03-15 10:33:04 ----D---- C:\WINDOWS\system32\MsDtc
2010-03-15 10:33:04 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-03-15 10:33:04 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-03-15 10:33:04 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-03-15 10:33:04 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-03-15 10:33:03 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-03-15 10:33:03 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-03-15 10:33:03 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-03-15 10:33:02 ----D---- C:\WINDOWS\system32\Com
2010-03-15 10:33:02 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-03-15 10:33:02 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-03-15 10:33:02 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-03-15 10:33:02 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-03-15 10:33:02 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-03-15 10:33:02 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-03-15 10:33:02 ----A---- C:\WINDOWS\system32\colbact.dll
2010-03-15 10:33:01 ----A---- C:\WINDOWS\system32\stclient.dll
2010-03-15 10:33:01 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-03-15 10:33:01 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-03-15 10:33:01 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-03-15 10:33:01 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-03-15 10:33:00 ----A---- C:\WINDOWS\system32\comuid.dll
2010-03-15 10:33:00 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-03-15 10:33:00 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-03-15 10:32:59 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-03-15 10:32:52 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-03-15 10:32:52 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-03-15 10:32:52 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-03-15 10:32:51 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-03-15 10:32:46 ----D---- C:\Inetpub
2010-03-15 10:32:45 ----D---- C:\WINDOWS\system32\Logfiles

======List of files/folders modified in the last 1 months======

2010-03-15 12:04:28 ----A---- C:\WINDOWS\win.ini
2010-03-15 11:26:15 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-04-09 94360]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-04-09 113960]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-12-15 207232]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-01-23 804317]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-02-04 193216]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S3 a8wh7jry;a8wh7jry; C:\WINDOWS\system32\drivers\a8wh7jry.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-04-09 731840]
R2 IISADMIN;Správa služby IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 W3SVC;Publikování na webu; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-04-09 20680]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

KONEC LOGu

Díky za pomoc!

-----------------EOF-----------------

dinospages · #2 Příspěvek od **dinospages** » 15 bře 2010 14:03

LOG:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-15 14:01:00
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Martin\LOCALS~1\Temp\pxrirkow.sys

---- System - GMER 1.0.15 ----

SSDT 89819630 ZwAssignProcessToJobObject
SSDT spre.sys ZwCreateKey [0xBA6B50E0]
SSDT spre.sys ZwEnumerateKey [0xBA6CDDA4]
SSDT spre.sys ZwEnumerateValueKey [0xBA6CE132]
SSDT spre.sys ZwOpenKey [0xBA6B50C0]
SSDT 89818A60 ZwOpenProcess
SSDT 89818E80 ZwOpenThread
SSDT spre.sys ZwQueryKey [0xBA6CE20A]
SSDT spre.sys ZwQueryValueKey [0xBA6CE08A]
SSDT spre.sys ZwSetValueKey [0xBA6CE29C]
SSDT 89819460 ZwSuspendProcess
SSDT 89819280 ZwSuspendThread
SSDT 89818C90 ZwTerminateProcess
SSDT 898190B0 ZwTerminateThread

INT 0x62 ? 89E47BF8
INT 0x74 ? 89B6CE58
INT 0x84 ? 89B6CE58
INT 0xA4 ? 89B6CE58
INT 0xB4 ? 89B6CE58

---- Kernel code sections - GMER 1.0.15 ----

? spre.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload BA3878AC 5 Bytes JMP 89B6C438
.text a8wh7jry.SYS A8C2E386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a8wh7jry.SYS A8C2E3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a8wh7jry.SYS A8C2E3C4 3 Bytes [00, 80, 02]
.text a8wh7jry.SYS A8C2E3C9 1 Byte [30]
.text a8wh7jry.SYS A8C2E3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1300] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 00]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6B6042] spre.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6B613E] spre.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6B60C0] spre.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6B6800] spre.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6B66D6] spre.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6C5B90] spre.sys
IAT \SystemRoot\System32\Drivers\a8wh7jry.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\a8wh7jry.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\a8wh7jry.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\a8wh7jry.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\a8wh7jry.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\a8wh7jry.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\a8wh7jry.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\a8wh7jry.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\a8wh7jry.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\a8wh7jry.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\a8wh7jry.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\a8wh7jry.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\a8wh7jry.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\a8wh7jry.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\a8wh7jry.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89E461F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 89C711F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89DDB1F8
Device \Driver\dmio \Device\DmControl\DmConfig 89DDB1F8
Device \Driver\dmio \Device\DmControl\DmPnP 89DDB1F8
Device \Driver\dmio \Device\DmControl\DmInfo 89DDB1F8
Device \Driver\usbuhci \Device\USBPDO-1 89C711F8
Device \Driver\usbuhci \Device\USBPDO-2 89C711F8
Device \Driver\usbehci \Device\USBPDO-3 89CD51F8
Device \Driver\usbuhci \Device\USBPDO-4 89C711F8

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device \Driver\Ftdisk \Device\HarddiskVolume1 89E481F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89E481F8
Device \Driver\Cdrom \Device\CdRom0 89B62500
Device \Driver\atapi \Device\Ide\IdePort0 [BA5EBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [BA5EBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [BA5EBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom3 89B62500
Device \Driver\NetBT \Device\NetBt_Wins_Export 898861F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{921983E0-B323-404F-BF33-007C8CA8210E} 898861F8
Device \Driver\NetBT \Device\NetbiosSmb 898861F8
Device \Driver\sptd \Device\1678947136 spre.sys
Device \Driver\USBSTOR \Device\00000079 898021F8
Device \Driver\usbuhci \Device\USBFDO-0 89C711F8
Device \Driver\USBSTOR \Device\0000007a 898021F8
Device \Driver\usbuhci \Device\USBFDO-1 89C711F8
Device \Driver\usbuhci \Device\USBFDO-2 89C711F8
Device \Driver\usbuhci \Device\USBFDO-3 89C711F8
Device \Driver\usbehci \Device\USBFDO-4 89CD51F8
Device \Driver\Ftdisk \Device\FtControl 89E481F8
Device \Driver\PCI_PNP5886 \Device\0000007e spre.sys
Device \Driver\a8wh7jry \Device\Scsi\a8wh7jry1Port1Path0Target0Lun0 89655500
Device \Driver\a8wh7jry \Device\Scsi\a8wh7jry1 89655500
Device \FileSystem\Cdfs \Cdfs 894041F8

---- Threads - GMER 1.0.15 ----

Thread System [4:328] 89817790

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAC 0x4F 0x92 0x7A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC6 0x8F 0x30 0x5F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA0 0x8F 0x41 0x23 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0E 0x2C 0x04 0xFB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x4a8143f size 0x1fd
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Martin\Local Settings\Data aplikací\Opera\Opera

\cache\g_0005\opr000JK.tmp 9258 bytes

---- EOF - GMER 1.0.15 ----

KONEC LOGU

Díky

dinospages · #3 Příspěvek od **dinospages** » 15 bře 2010 15:05

Odinstaloval jsem deamon

LOG z DEFOGGERU:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:56 on 15/03/2010 (Martin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled

-=E.O.F=-

LOG z MBR

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
malicious code @ sector 0x4a8143f size 0x1fd !
copy of MBR has been found in sector 62 !
PE file found in sector at 0x04A8143F !

Poté provedeny úpravy v příkazovém řádku

Opětovný log z MBR

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
malicious code @ sector 0x4a8143f size 0x1fd !
copy of MBR has been found in sector 62 !
PE file found in sector at 0x04A8143F !

Disk mam v notebooku jediny s jednim oddilem formátovaným NTFS

dinospages · #4 Příspěvek od **dinospages** » 15 bře 2010 15:50

Sektor 0:

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Sektor 61:

8B 14 24 68 78 56 34 12 8B 0C 24 68 78 56 34 12 0F 20 C0 50 25 FF FF FE FF 0F 22 C0 2B CA 58 0F 22 C0 FF 34 24 68 62 E0 07 37 E8 3B 00 00 00 59 59 68 AB 01 00 00 6A 00 FF D0 60 E8 00 00 00 00 5E 83 C6 15 8B F8 6A 6A 59 F3 A5 B1 80 8D BE 00 FE FF FF FF E0 33 C0 61 FF 74 24 0C FF 54 24 08 59 5A 60 87 CD E8 52 00 00 00 60 8B 6C 24 28 8B 45 3C 8B 54 05 78 03 D5 8B 4A 18 8B 5A 20 03 DD E3 32 49 8B 34 8B 03 F5 33 FF FC 33 C0 AC 3A C4 74 07 C1 CF 0D 03 F8 EB F2 3B 7C 24 24 75 E1 8B 5A 24 03 DD 66 8B 0C 4B 8B 5A 1C 03 DD 8B 04 8B 03 C5 EB 02 33 C0 89 44 24 1C 61 C3 5B 55 68 B8 74 29 85 FF D3 33 D2 52 52 8B F4 52 8B FC E8 26 00 00 00 5C 00 3F 00 3F 00 5C 00 50 00 68 00 79 00 73 00 69 00 63 00 61 00 6C 00 44 00 72 00 69 00 76 00 65 00 30 00 00 00 68 24 00 26 00 8B CC 52 52 6A 40 51 52 6A 18 8B CC 6A 20 6A 03 56 51 68 00 00 10 80 57 FF D0 55 68 62 E0 07 37 FF D3 97 55 68 16 D5 FC 84 FF D3 89 06 68 09 00 00 00 68 00 7E 28 50 8B CC 6A 00 51 B9 00 FA 03 00 51 51 6A 00 FF D7 50 56 8B CE 96 33 D2 52 52 52 FF 74 24 58 FF 11 55 68 5F 4C D4 DC FF D3 FF 74 24 40 FF D0 8B 46 3C 03 C6 50 8B 50 50 52 52 6A 00 FF D7 97 59 57 32 C0 F3 AA 5F 58 60 8B 48 54 F3 A4 61 2B C6 03 C7 0F B7 48 06 8D 90 F8 00 00 00 60 03 72 14 03 7A 0C 8B 4A 10 E3 02 F3 A4 61 83 C2 28 E2 EC 50 60 8B FE 91 B9 80 FE 00 00 F3 AB 61 55 68 1F 9D 48 9D FF D3 95 56 FF D5 8B 74 24 08 FF B4 24 84 00 00 00 57 8B 46 28 03 C7 FF D0 0B C0 7D 0E 8B 4E 50 E3 09 32 C0 57 F3 AA 5F 57 FF D5 83 C4 60 33 C0 8B FB 83 EF 15 B9 9C 01 00 00 F3 AA 61 C2 04 00 00 00 00 00 00 00 00 00 00

Sektor 62:

33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A 56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A 01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C 61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64 A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61 9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68 6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F 6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65 7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 44 6A 1B E0 1B E0 5E 53 80 01 01 00 07 FE FF FF 3F 00 00 00 00 14 A8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA

řetězec NTLDR nalezen v sektoru 63:

EB 52 90 4E 54 46 53 20 20 20 20 00 02 08 00 00 00 00 00 00 00 F8 00 00 3F 00 FF 00 3F 00 00 00 00 00 00 00 80 00 80 00 FF 13 A8 04 00 00 00 00 00 00 0C 00 00 00 00 00 3F 81 4A 00 00 00 00 00 F6 00 00 00 01 00 00 00 F2 C3 DE 04 04 DF 04 78 00 00 00 00 FA 33 C0 8E D0 BC 00 7C FB B8 C0 07 8E D8 E8 16 00 B8 00 0D 8E C0 33 DB C6 06 0E 00 10 E8 53 00 68 00 0D 68 6A 02 CB 8A 16 24 00 B4 08 CD 13 73 05 B9 FF FF 8A F1 66 0F B6 C6 40 66 0F B6 D1 80 E2 3F F7 E2 86 CD C0 ED 06 41 66 0F B7 C9 66 F7 E1 66 A3 20 00 C3 B4 41 BB AA 55 8A 16 24 00 CD 13 72 0F 81 FB 55 AA 75 09 F6 C1 01 74 04 FE 06 14 00 C3 66 60 1E 06 66 A1 10 00 66 03 06 1C 00 66 3B 06 20 00 0F 82 3A 00 1E 66 6A 00 66 50 06 53 66 68 10 00 01 00 80 3E 14 00 00 0F 85 0C 00 E8 B3 FF 80 3E 14 00 00 0F 84 61 00 B4 42 8A 16 24 00 16 1F 8B F4 CD 13 66 58 5B 07 66 58 66 58 1F EB 2D 66 33 D2 66 0F B7 0E 18 00 66 F7 F1 FE C2 8A CA 66 8B D0 66 C1 EA 10 F7 36 1A 00 86 D6 8A 16 24 00 8A E8 C0 E4 06 0A CC B8 01 02 CD 13 0F 82 19 00 8C C0 05 20 00 8E C0 66 FF 06 10 00 FF 0E 0E 00 0F 85 6F FF 07 1F 66 61 C3 A0 F8 01 E8 09 00 A0 FB 01 E8 03 00 FB EB FE B4 01 8B F0 AC 3C 00 74 09 B4 0E BB 07 00 CD 10 EB F2 C3 0D 0A 43 68 79 62 61 20 9F 74 65 6E A1 20 64 69 73 6B 75 00 0D 0A 4E 54 4C 44 52 20 6E 65 6E 61 6C 65 7A 65 6E 00 0D 0A 4E 54 4C 44 52 20 6B 6F 6D 70 72 69 6D 6F 76 A0 6E 2E 00 0D 0A 52 65 73 74 61 72 74 75 6A 74 65 20 73 74 69 73 6B 6E 75 74 A1 6D 20 6B 6C A0 76 65 73 20 43 74 72 6C 2B 41 6C 74 2B 44 65 6C 2E 0D 0A 00 00 00 00 00 00 00 00 00 00 00 83 97 A9 BE 00 00 55 AA

Další byl ale až v sektoru 8901

65 73 20 69 6E 20 00 4E 74 6F 73 6B 72 6E 6C 00 2E 65 78 65 2C 20 48 61 40 6C 2E 64 6C 6C 2C 03 8C 6F 00 6F 74 20 64 72 69 76 65 00 72 73 2C 20 61 6E 64 20 00 66 69 6C 65 20 73 79 73 00 74 65 6D 73 20 6C 6F 61 02 64 03 B0 4E 74 6C 64 72 2F 04 6F 73 02 22 72 2E 20 20 54 02 68 01 7C 6F 75 6E 74 65 72 28 20 64 6F 00 69 6E 00 4A 69 6E 00 63 6C 75 64 65 20 63 6F 01 00 04 74 68 61 74 20 6D 75 80 73 74 20 72 65 6D 61 00 88 41 00 02 70 68 79 73 69 00 B3 20 40 6D 65 6D 6F 72 79 02 72 63 04 61 6E 01 3B 62 65 20 77 72 00 69 74 74 65 6E 20 74 6F 40 20 64 69 73 6B 2E 0C 65 69 40 73 70 6C 61 79 73 02 B9 6C 02 61 80 2B 6F 62 73 65 72 76 09 80 50 76 61 01 87 6F 6E 6C 79 30 3B 20 69 74 81 8B 81 28 61 6E 04 20 61 80 6C 61 67 65 2E 00 14 00 53 82 69 44 82 75 52 65 73 80 69 64 65 6E 74 42 79 00 91 00 00 15 00 00 00 22 00 D4 15 80 02 03 80 01 2B 80 01 0A 00 00 08 80 03 08 00 04 D4 3E 00 00 2A DC 80 01 81 01 06 E9 00 04 07 3F 14 00 00 02 06 14 00 04 00 75 69 80 6E 74 36 34 00 00 44 83 4C 50 4E 61 6D 65 05 34 20 83 34 20 05 05 35 20 83 35 00 44 65 73 63 80 72 69 70 74 69 6F 6E 1B 15 63 01 62 01 E3 73 69 7A 80 DA 00 9D 62 A1 01 56 2C 20 6F 66 82 7F 70 80 6A 4C 61 62 C0 6A 4D 54 62 65 01 80 75 02 73 C3 6D 64 65 76 69 63 65 31 85 78 2E 20 49 02 47 C1 15 77 6F 04 72 6B 41 0A 73 65 74 20 28 E1 8E 65 72 65 61 29 85 1A C4 87 44 63 0B 83 5A 00 7F 61 40 79 6D 70 6F 6E CB C0 51 41 0A 4D 02 74 5C 5C C3 59 85 3F 20 54 6F 74 61 6C C3 3E 2C 20 00 77 68 69 63 68 20 61 6C EC 73 6F 80 A5 02 8A 73 44 26 85 83 82 8C C0 68 61 73 20 62 65 80 81 8E 83 C8

dinospages · #5 Příspěvek od **dinospages** » 15 bře 2010 16:44

Sektor 0 nebyl nulový, omylem jsem zřejmě vepsal sektor 1

zde sektor 0

33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A 56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A 01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C 61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64 A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61 9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68 6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F 6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65 7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 44 6A 1B E0 1B E0 5E 53 80 01 01 00 07 FE FF FF 3F 00 00 00 00 14 A8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA

sektor 61 se přepsal na nuly

MBR:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 62 !
PE file found in sector at 0x04A8143F !

MBR-t:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 62 !
PE file found in sector at 0x04A8143F !

Po kontrole NODem již nenalezena žádná infekce!

Díky moc za pomoc a spolupráci!

Martin

dinospages · #6 Příspěvek od **dinospages** » 15 bře 2010 16:53

ajaj!

Máš pravdu. po restartu mi to opět hodilo stejnou hlášku na trojského koně:

sektor 63:

EB 52 90 4E 54 46 53 20 20 20 20 00 02 08 00 00 00 00 00 00 00 F8 00 00 3F 00 FF 00 3F 00 00 00 00 00 00 00 80 00 80 00 FF 13 A8 04 00 00 00 00 00 00 0C 00 00 00 00 00 3F 81 4A 00 00 00 00 00 F6 00 00 00 01 00 00 00 F2 C3 DE 04 04 DF 04 78 00 00 00 00 FA 33 C0 8E D0 BC 00 7C FB B8 C0 07 8E D8 E8 16 00 B8 00 0D 8E C0 33 DB C6 06 0E 00 10 E8 53 00 68 00 0D 68 6A 02 CB 8A 16 24 00 B4 08 CD 13 73 05 B9 FF FF 8A F1 66 0F B6 C6 40 66 0F B6 D1 80 E2 3F F7 E2 86 CD C0 ED 06 41 66 0F B7 C9 66 F7 E1 66 A3 20 00 C3 B4 41 BB AA 55 8A 16 24 00 CD 13 72 0F 81 FB 55 AA 75 09 F6 C1 01 74 04 FE 06 14 00 C3 66 60 1E 06 66 A1 10 00 66 03 06 1C 00 66 3B 06 20 00 0F 82 3A 00 1E 66 6A 00 66 50 06 53 66 68 10 00 01 00 80 3E 14 00 00 0F 85 0C 00 E8 B3 FF 80 3E 14 00 00 0F 84 61 00 B4 42 8A 16 24 00 16 1F 8B F4 CD 13 66 58 5B 07 66 58 66 58 1F EB 2D 66 33 D2 66 0F B7 0E 18 00 66 F7 F1 FE C2 8A CA 66 8B D0 66 C1 EA 10 F7 36 1A 00 86 D6 8A 16 24 00 8A E8 C0 E4 06 0A CC B8 01 02 CD 13 0F 82 19 00 8C C0 05 20 00 8E C0 66 FF 06 10 00 FF 0E 0E 00 0F 85 6F FF 07 1F 66 61 C3 A0 F8 01 E8 09 00 A0 FB 01 E8 03 00 FB EB FE B4 01 8B F0 AC 3C 00 74 09 B4 0E BB 07 00 CD 10 EB F2 C3 0D 0A 43 68 79 62 61 20 9F 74 65 6E A1 20 64 69 73 6B 75 00 0D 0A 4E 54 4C 44 52 20 6E 65 6E 61 6C 65 7A 65 6E 00 0D 0A 4E 54 4C 44 52 20 6B 6F 6D 70 72 69 6D 6F 76 A0 6E 2E 00 0D 0A 52 65 73 74 61 72 74 75 6A 74 65 20 73 74 69 73 6B 6E 75 74 A1 6D 20 6B 6C A0 76 65 73 20 43 74 72 6C 2B 41 6C 74 2B 44 65 6C 2E 0D 0A 00 00 00 00 00 00 00 00 00 00 00 83 97 A9 BE 00 00 55 AA

sektor 64:

05 00 4E 00 54 00 4C 00 44 00 52 00 04 00 24 00 49 00 33 00 30 00 00 E0 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EB 12 90 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8C C8 8E D8 C1 E0 04 FA 8B E0 FB E8 03 FE 66 0F B7 06 0B 00 66 0F B6 1E 0D 00 66 F7 E3 66 A3 4E 02 66 8B 0E 40 00 80 F9 00 0F 8F 0E 00 F6 D9 66 B8 01 00 00 00 66 D3 E0 EB 08 90 66 A1 4E 02 66 F7 E1 66 A3 52 02 66 0F B7 1E 0B 00 66 33 D2 66 F7 F3 66 A3 56 02 E8 71 04 66 8B 0E 4A 02 66 89 0E 22 02 66 03 0E 52 02 66 89 0E 26 02 66 03 0E 52 02 66 89 0E 2A 02 66 03 0E 52 02 66 89 0E 3A 02 66 03 0E 52 02 66 89 0E 42 02 66 B8 90 00 00 00 66 8B 0E 22 02 E8 5F 09 66 0B C0 0F 84 57 FE 66 A3 2E 02 66 B8 A0 00 00 00 66 8B 0E 26 02 E8 46 09 66 A3 32 02 66 B8 B0 00 00 00 66 8B 0E 2A 02 E8 34 09 66 A3 36 02 66 A1 2E 02 66 0B C0 0F 84 24 FE 67 80 78 08 00 0F 85 1B FE 67 66 8D 50 10 67 03 42 04 67 66 0F B6 48 0C 66 89 0E 62 02 67 66 8B 48 08 66 89 0E 5E 02 66 A1 5E 02 66 0F B7 0E 0B 00 66 33 D2 66 F7 F1 66 A3 66 02 66 A1 42 02 66 03 06 5E 02 66 A3 46 02 66 83 3E 32 02 00 0F 84 1D 00 66 83 3E 36 02 00 0F 84 C8 FD 66 8B 1E 36 02 1E 07 66 8B 3E 46 02 66 A1 2A 02 E8 BC 01 66 0F B7 0E 00 02 66 B8 02 02 00 00 E8 FE 07 66 0B C0 0F 84 A8 09 67 66 8B 00 1E 07 66 8B 3E 3A 02 E8 31 06 66 A1 3A 02 66 BB 20 00 00 00 66 B9 00 00 00 00 66 BA 00 00 00 00 E8 D6 00 66 85 C0 0F 85 23 00 66 A1 3A 02 66 BB 80 00 00 00 66 B9 00 00 00 00

V sektoru 64 je to napsáno jako N.T.L.D.R.

Mám opět vynulovat sektory?

dinospages · #7 Příspěvek od **dinospages** » 15 bře 2010 17:15

Ok chápu.

Tak 62 vyčištěna.

Ale nastal jinej problém, jelikož jsem zálohoval před formátováním data na externí HDD, tak zřejmě napadl vir i tento disk, při opětovném připojení přes USB mi píše že je napaden:
E:\autorun.inf - INF/Conficker červ
a druhý soubor:

E:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx - Win32/Conficker.AA červ

i po karanténě a odstranění se stále vrací při dalším připojení disku.

dinospages · #8 Příspěvek od **dinospages** » 15 bře 2010 17:39

LOG Z Combofixu:

aComboFix 10-03-14.06 - Martin 15.03.2010 17:27:45.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1522 [GMT 1:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\setup.exe
c:\windows\system32\Cache
c:\windows\system32\ddCCsqrk.dll
c:\windows\system32\ieuinit.inf
c:\windows\system32\setup.ini
E:\Autorun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-15 do 2010-03-15 )))))))))))))))))))))))))))))))
.

2010-03-15 16:22 . 2010-03-15 16:22 390144 ----a-w- c:\windows\system32\CF19133.exe
2010-03-15 14:38 . 2010-03-15 14:38 -------- d-----w- c:\program files\HxD
2010-03-15 13:51 . 2010-03-15 13:51 77312 ----a-w- C:\mbr.exe
2010-03-15 13:23 . 2010-03-15 13:24 -------- d-----w- c:\program files\VirtualDJ
2010-03-15 13:15 . 2010-03-15 13:18 2401 ----a-w- c:\windows\system32\khfGyaAs.dll
2010-03-15 11:55 . 2010-03-15 11:55 306432 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-03-15 11:55 . 2007-12-20 09:41 29440 ----a-w- c:\windows\system32\uxtuneup.dll
2010-03-15 11:55 . 2010-03-15 11:55 -------- d-----w- c:\program files\TuneUp Utilities 2008
2010-03-15 11:54 . 2010-03-15 11:54 -------- d-----w- ca\program files\Common Files\Wise Installation Wizard
2010-03-15 11:50 . 2005-09-19 15:44 65536 ----a-w- c:\windows\system32\SafeQUI.dll
2010-03-15 11:50 . 2005-09-19 15:19 102400 ----a-w- c:\windows\system32\SafeQ.dll
2010-03-15 11:50 . 2004-05-04 17:42 548864 ----a-w- c:\windows\system32\ChilkatSSL.dll
2010-03-15 11:50 . 2005-06-23 19:04 99656 ----a-w- c:\windows\system32\KMPJLMN.DLL
2010-03-15 11:50 . 2005-06-23 19:04 503808 ----a-w- c:\windows\system32\KCINST32.DLL
2010-03-15 11:49 . 2009-09-09 06:50 545 ----a-w- c:\windows\UC.PIF
2010-03-15 11:49 . 2010-03-15 11:49 -------- d-----w- C:\totalcmd
2010-03-15 11:49 . 2009-09-09 06:50 545 ----a-w- c:\windows\RAR.PIF
2010-03-15 11:49 . 2009-09-09 06:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-03-15 11:49 . 2009-09-09 06:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-03-15 11:49 . 2009-09-09 06:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-03-15 11:49 . 2009-09-09 06:50 545 ----a-w- c:\windows\LHA.PIF
2010-03-15 11:49 . 2009-09-09 06:50 545 ----a-w- c:\windows\ARJ.PIF
2010-03-15 11:33 . 2010-03-15 11:33 -------- d-----w- c:\program files\QIP
2010-03-15 11:33 . 2010-03-15 11:33 -------- d-----w- c:\program files\Common Files\Java
2010-03-15 11:32 . 2010-03-15 11:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-15 11:32 . 2010-03-15 11:32 -------- d-----w- c:\program files\Java
2010-03-15 11:21 . 2010-03-15 11:26 -------- d-----w- c:\program files\trend micro
2010-03-15 11:21 . 2010-03-15 11:22 -------- d-----w- C:\rsit
2010-03-15 11:05 . 2010-03-15 11:05 -------- d-----w- c:\program files\Winamp3
2010-03-15 11:05 . 2010-03-15 11:05 -------- d-----w- c:\program files\Ozone
2010-03-15 11:04 . 2004-03-22 14:17 25840 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-03-15 11:04 . 2004-03-22 14:17 24816 ----a-w- c:\windows\system32\mdimon.dll
2010-03-15 11:03 . 2010-03-15 11:03 -------- d-----w- c:\program files\Microsoft.NET
2010-03-15 11:02 . 2010-03-15 11:02 -------- d-----w- c:\program files\Microsoft Works
2010-03-15 11:01 . 2010-03-15 11:03 -------- d-----w- c:\windows\SHELLNEW

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 15:37 . 2010-03-15 09:37 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-15 15:37 . 2010-03-15 09:37 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-15 15:31 . 2010-03-15 09:38 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-03-15 11:05 . 2010-03-15 10:43 -------- d-----w- c:\program files\Winamp
2010-03-15 10:54 . 2001-10-25 14:00 56170 ----a-w- c:\windows\system32\perfc005.dat
2010-03-15 10:54 . 2001-10-25 14:00 345740 ----a-w- c:\windows\system32\perfh005.dat
2010-03-15 10:53 . 2010-03-15 10:53 -------- d-----w- c:\program files\sdc230
2010-03-15 10:52 . 2010-03-15 10:44 -------- d-----w- c:\program files\The KMPlayer
2010-03-15 10:49 . 2010-03-15 10:49 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-03-15 10:45 . 2010-03-15 10:45 -------- d-----w- c:\program files\uTorrent
2010-03-15 10:39 . 2010-03-15 10:39 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-15 10:34 . 2010-03-15 10:34 -------- d-----w- c:\program files\Opera
2010-03-15 10:14 . 2010-03-15 10:14 -------- d-----w- c:\program files\Synaptics
2010-03-15 10:12 . 2010-03-15 10:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-15 10:11 . 2010-03-15 10:11 -------- d-----w- c:\program files\Intel
2010-03-15 10:10 . 2010-03-15 10:08 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-15 10:09 . 2010-03-15 10:09 -------- d-----w- c:\program files\CONEXANT
2010-03-15 09:51 . 2010-03-15 09:51 -------- d-----w- c:\program files\ESET
2010-03-15 09:39 . 2010-03-15 09:39 -------- d-----w- c:\program files\microsoft frontpage
2010-03-15 09:34 . 2010-03-15 09:34 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-18 06:30 . 2010-01-18 06:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-18 06:30 . 2010-01-18 06:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2029640]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-06-01 192512]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-15 2893824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 708698]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\sdc230\\sdc230\\StrongDC.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.4.2009 15:18 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.4.2009 15:21 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.4.2009 15:19 731840]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-03-15 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:17]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.ask.com?o=15187&l=dis
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-15 17:34
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-03-15 17:36:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-15 16:36

Před spuštěním: Volných bajtů: 25 096 089 600
Po spuštění: Volných bajtů: 25 121 165 312

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 429A8267859FE3E30206BC46463EFD8D

Nevím kde jsem k havěti přišel. jsem na VŠ na kolejích, na podezřelé weby nelezu..všechen "potřebný materiál" mám na kolejním DC..

dinospages · #9 Příspěvek od **dinospages** » 15 bře 2010 17:56

¨LOG:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
PE file found in sector at 0x04A8143F !

dinospages · #10 Příspěvek od **dinospages** » 15 bře 2010 18:40

NOD našel 3 soubory a 2 opravil - vymazal. jeden ale stálke zůstává - opět trojan na disku NTB. Externí HDD je již zřejmě bez virů

LOG z RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Martin at 2010-03-15 18:38:36
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 24 GB (63%) free of 38 GB
Total RAM: 2038 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:38:43, on 15.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\acer\epm\epm-dm.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Martin\Plocha\RSIT.exe
C:\Program Files\trend micro\Martin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15187&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 4029 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-15 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-04-09 2029640]
"EPM-DM"=c:\acer\epm\epm-dm.exe [2005-06-01 192512]
"ePowerManagement"=C:\Acer\ePM\ePM.exe [2005-03-15 2893824]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-01-23 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-01-23 126976]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-04 708698]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-01-23 348160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\sdc230\sdc230\StrongDC.exe"="C:\Program Files\sdc230\sdc230\StrongDC.exe:*:Enabled:StrongDC++"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-03-15 17:36:33 ----A---- C:\ComboFix.txt
2010-03-15 17:27:04 ----A---- C:\Boot.bak
2010-03-15 17:26:58 ----RASHD---- C:\cmdcons
2010-03-15 17:25:50 ----A---- C:\WINDOWS\zip.exe
2010-03-15 17:25:50 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-15 17:25:50 ----A---- C:\WINDOWS\SWSC.exe
2010-03-15 17:25:50 ----A---- C:\WINDOWS\SWREG.exe
2010-03-15 17:25:50 ----A---- C:\WINDOWS\sed.exe
2010-03-15 17:25:50 ----A---- C:\WINDOWS\PEV.exe
2010-03-15 17:25:50 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-15 17:25:50 ----A---- C:\WINDOWS\MBR.exe
2010-03-15 17:25:50 ----A---- C:\WINDOWS\grep.exe
2010-03-15 17:22:53 ----D---- C:\WINDOWS\ERDNT
2010-03-15 17:22:43 ----A---- C:\WINDOWS\system32\CF19133.exe
2010-03-15 17:22:27 ----AD---- C:\Qoobox
2010-03-15 15:38:36 ----D---- C:\Program Files\HxD
2010-03-15 15:37:06 ----D---- C:\Documents and Settings\Martin\Data aplikací\Mael
2010-03-15 14:51:37 ----A---- C:\mbr.exe
2010-03-15 14:23:40 ----D---- C:\Program Files\VirtualDJ
2010-03-15 14:15:21 ----A---- C:\WINDOWS\system32\khfGyaAs.dll
2010-03-15 12:55:27 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2010-03-15 12:55:21 ----D---- C:\Documents and Settings\Martin\Data aplikací\TuneUp Software
2010-03-15 12:55:18 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2010-03-15 12:55:17 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2010-03-15 12:55:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2010-03-15 12:55:00 ----D---- C:\Program Files\TuneUp Utilities 2008
2010-03-15 12:54:38 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-03-15 12:50:39 ----A---- C:\WINDOWS\system32\SafeQUI.dll
2010-03-15 12:50:39 ----A---- C:\WINDOWS\system32\SafeQ.dll
2010-03-15 12:50:39 ----A---- C:\WINDOWS\system32\ChilkatSSL.dll
2010-03-15 12:50:32 ----D---- C:\Documents and Settings\Martin\Data aplikací\VitySoft
2010-03-15 12:50:26 ----A---- C:\WINDOWS\system32\KMPJLMN.DLL
2010-03-15 12:50:26 ----A---- C:\WINDOWS\system32\KCINST32.DLL
2010-03-15 12:49:08 ----D---- C:\totalcmd
2010-03-15 12:49:08 ----D---- C:\Documents and Settings\Martin\Data aplikací\GHISLER
2010-03-15 12:33:31 ----D---- C:\Program Files\QIP
2010-03-15 12:33:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-03-15 12:33:27 ----D---- C:\Program Files\Common Files\Java
2010-03-15 12:32:57 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-03-15 12:32:56 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-15 12:32:56 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-15 12:32:56 ----A---- C:\WINDOWS\system32\java.exe
2010-03-15 12:32:38 ----D---- C:\Program Files\Java
2010-03-15 12:32:10 ----D---- C:\Documents and Settings\Martin\Data aplikací\Sun
2010-03-15 12:21:56 ----D---- C:\Program Files\trend micro
2010-03-15 12:21:55 ----D---- C:\rsit
2010-03-15 12:05:33 ----D---- C:\Program Files\Winamp3
2010-03-15 12:05:32 ----D---- C:\Program Files\Ozone
2010-03-15 12:04:55 ----A---- C:\WINDOWS\ODBC.INI
2010-03-15 12:04:45 ----A---- C:\WINDOWS\system32\mdimon.dll
2010-03-15 12:04:31 ----D---- C:\WINDOWS\system32\appmgmt
2010-03-15 12:03:23 ----D---- C:\Program Files\Microsoft.NET
2010-03-15 12:02:12 ----D---- C:\Program Files\Common Files\DESIGNER
2010-03-15 12:02:03 ----D---- C:\Program Files\Microsoft Works
2010-03-15 12:01:47 ----D---- C:\Program Files\Microsoft Visual Studio
2010-03-15 12:01:14 ----D---- C:\WINDOWS\SHELLNEW
2010-03-15 12:00:58 ----D---- C:\Program Files\Microsoft Office
2010-03-15 11:53:46 ----D---- C:\Program Files\sdc230
2010-03-15 11:49:06 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-03-15 11:48:32 ----D---- C:\Documents and Settings\Martin\Data aplikací\DAEMON Tools Lite
2010-03-15 11:48:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-03-15 11:45:31 ----D---- C:\Program Files\uTorrent
2010-03-15 11:45:23 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2010-03-15 11:45:23 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2010-03-15 11:45:16 ----D---- C:\WINDOWS\Logs
2010-03-15 11:44:54 ----D---- C:\Documents and Settings\Martin\Data aplikací\uTorrent
2010-03-15 11:44:14 ----D---- C:\Program Files\The KMPlayer
2010-03-15 11:43:34 ----D---- C:\WINDOWS\RegisteredPackages
2010-03-15 11:43:07 ----A---- C:\WINDOWS\system32\vxblock.dll
2010-03-15 11:43:07 ----A---- C:\WINDOWS\system32\pxwave.dll
2010-03-15 11:43:07 ----A---- C:\WINDOWS\system32\pxsfs.dll
2010-03-15 11:43:07 ----A---- C:\WINDOWS\system32\pxmas.dll
2010-03-15 11:43:07 ----A---- C:\WINDOWS\system32\pxinsa64.exe
2010-03-15 11:43:07 ----A---- C:\WINDOWS\system32\pxhpinst.exe
2010-03-15 11:43:07 ----A---- C:\WINDOWS\system32\pxdrv.dll
2010-03-15 11:43:07 ----A---- C:\WINDOWS\system32\pxcpya64.exe
2010-03-15 11:43:07 ----A---- C:\WINDOWS\system32\pxafs.dll
2010-03-15 11:43:07 ----A---- C:\WINDOWS\system32\px.dll
2010-03-15 11:43:05 ----D---- C:\Program Files\Winamp
2010-03-15 11:43:05 ----D---- C:\Documents and Settings\Martin\Data aplikací\Winamp
2010-03-15 11:39:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-03-15 11:39:27 ----D---- C:\Program Files\Common Files\Adobe
2010-03-15 11:39:27 ----D---- C:\Program Files\Adobe
2010-03-15 11:38:02 ----D---- C:\WINDOWS\system32\Adobe
2010-03-15 11:35:48 ----D---- C:\Documents and Settings\Martin\Data aplikací\Macromedia
2010-03-15 11:35:48 ----D---- C:\Documents and Settings\Martin\Data aplikací\Adobe
2010-03-15 11:34:53 ----D---- C:\Documents and Settings\Martin\Data aplikací\Opera
2010-03-15 11:34:40 ----D---- C:\Program Files\Opera
2010-03-15 11:30:59 ----A---- C:\WINDOWS\system32\h323log.txt
2010-03-15 11:27:49 ----A---- C:\WINDOWS\system32\usbui.dll
2010-03-15 11:26:23 ----SHD---- C:\WINDOWS\Installer
2010-03-15 11:26:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-15 11:26:22 ----D---- C:\Program Files\Common Files\ODBC
2010-03-15 11:26:22 ----A---- C:\WINDOWS\ODBCINST.INI
2010-03-15 11:26:17 ----RD---- C:\Program Files
2010-03-15 11:26:17 ----D---- C:\Program Files\Common Files\SpeechEngines
2010-03-15 11:26:17 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-03-15 11:26:17 ----D---- C:\Program Files\Common Files
2010-03-15 11:26:14 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-03-15 11:26:13 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-03-15 11:26:13 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdur.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdru.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2010-03-15 11:26:10 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-03-15 11:26:10 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-03-15 11:26:10 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-03-15 11:26:10 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-03-15 11:26:10 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-03-15 11:26:10 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-03-15 11:26:10 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-03-15 11:26:09 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-03-15 11:26:09 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-03-15 11:26:09 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-03-15 11:26:09 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-03-15 11:26:09 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdycl.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdsl.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdro.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdpl.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdhu.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdcr.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2010-03-15 11:26:04 ----A---- C:\WINDOWS\system32\irclass.dll
2010-03-15 11:26:04 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-03-15 11:26:03 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-03-15 11:26:03 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-03-15 11:26:03 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-03-15 11:26:01 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-03-15 11:26:01 ----A---- C:\WINDOWS\system32\CONFIG.TMP
2010-03-15 11:26:01 ----A---- C:\WINDOWS\system32\batt.dll
2010-03-15 11:26:00 ----A---- C:\WINDOWS\NOTEPAD.EXE
2010-03-15 11:25:59 ----A---- C:\WINDOWS\system32\storprop.dll
2010-03-15 11:25:49 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2010-03-15 11:25:46 ----RA---- C:\WINDOWS\SET8.tmp
2010-03-15 11:25:42 ----RA---- C:\WINDOWS\SET4.tmp
2010-03-15 11:25:40 ----RA---- C:\WINDOWS\SET3.tmp
2010-03-15 11:25:34 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-15 11:25:34 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-15 11:25:27 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-03-15 11:24:55 ----D---- C:\Documents and Settings
2010-03-15 11:24:54 ----SHD---- C:\System Volume Information
2010-03-15 11:23:51 ----RASH---- C:\boot.ini
2010-03-15 11:18:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-15 11:18:40 ----RSD---- C:\WINDOWS\Fonts
2010-03-15 11:18:40 ----RD---- C:\WINDOWS\Web
2010-03-15 11:18:40 ----HD---- C:\WINDOWS\inf
2010-03-15 11:18:40 ----D---- C:\WINDOWS\WinSxS
2010-03-15 11:18:40 ----D---- C:\WINDOWS\twain_32
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Temp
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\wins
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\wbem
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\usmt
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\spool
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\ShellExt
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\Setup
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\ras
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\oobe
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\npp
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\mui
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\inetsrv
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\IME
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\icsxml
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\ias
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\export
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\drivers
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\dhcp
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\cs-cz
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\cs
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\config
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\3com_dmi
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\3076
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\2052
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1054
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1042
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1041
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1037
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1033
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1031
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1029
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1028
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1025
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system
2010-03-15 11:18:40 ----D---- C:\WINDOWS\security
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Resources
2010-03-15 11:18:40 ----D---- C:\WINDOWS\repair
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Provisioning
2010-03-15 11:18:40 ----D---- C:\WINDOWS\pchealth
2010-03-15 11:18:40 ----D---- C:\WINDOWS\PeerNet
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Network Diagnostic
2010-03-15 11:18:40 ----D---- C:\WINDOWS\mui
2010-03-15 11:18:40 ----D---- C:\WINDOWS\msapps
2010-03-15 11:18:40 ----D---- C:\WINDOWS\msagent
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Media
2010-03-15 11:18:40 ----D---- C:\WINDOWS\L2Schemas
2010-03-15 11:18:40 ----D---- C:\WINDOWS\java
2010-03-15 11:18:40 ----D---- C:\WINDOWS\ime
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Help
2010-03-15 11:18:40 ----D---- C:\WINDOWS\ehome
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Driver Cache
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Debug
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Cursors
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Connection Wizard
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Config
2010-03-15 11:18:40 ----D---- C:\WINDOWS\AppPatch
2010-03-15 11:18:40 ----D---- C:\WINDOWS\addins
2010-03-15 11:18:40 ----D---- C:\WINDOWS
2010-03-15 11:14:06 ----A---- C:\WINDOWS\system32\SynTPFcs.dll
2010-03-15 11:14:06 ----A---- C:\WINDOWS\system32\SynTPCo2.dll
2010-03-15 11:14:06 ----A---- C:\WINDOWS\system32\SynTPAPI.dll
2010-03-15 11:14:05 ----A---- C:\WINDOWS\system32\SynCtrl.dll
2010-03-15 11:14:04 ----A---- C:\WINDOWS\system32\SynCOM.dll
2010-03-15 11:14:02 ----D---- C:\Program Files\Synaptics
2010-03-15 11:13:02 ----RA---- C:\WINDOWS\system32\igfxres.dll
2010-03-15 11:12:56 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-03-15 11:12:45 ----A---- C:\WINDOWS\system32\RTLCPAPI.dll
2010-03-15 11:12:45 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2010-03-15 11:12:44 ----A---- C:\WINDOWS\system32\ChCfg.exe
2010-03-15 11:12:43 ----A---- C:\WINDOWS\system32\RTLCPL.EXE
2010-03-15 11:12:41 ----N---- C:\WINDOWS\alcupd.exe
2010-03-15 11:12:41 ----N---- C:\WINDOWS\alcrmv.exe
2010-03-15 11:12:37 ----N---- C:\WINDOWS\RtlExUpd.dll
2010-03-15 11:11:46 ----RA---- C:\WINDOWS\system32\ialmrem.dll
2010-03-15 11:11:46 ----RA---- C:\WINDOWS\system32\ialmgicd.dll
2010-03-15 11:11:46 ----RA---- C:\WINDOWS\system32\ialmgdev.dll
2010-03-15 11:11:46 ----RA---- C:\WINDOWS\system32\iAlmCoIn_v4020.dll
2010-03-15 11:11:45 ----RA---- C:\WINDOWS\system32\igfxzoom.exe
2010-03-15 11:11:45 ----RA---- C:\WINDOWS\system32\igfxress.dll
2010-03-15 11:11:45 ----RA---- C:\WINDOWS\system32\igfxhk.dll
2010-03-15 11:11:45 ----RA---- C:\WINDOWS\system32\igfxext.exe
2010-03-15 11:11:45 ----RA---- C:\WINDOWS\system32\igfxexps.dll
2010-03-15 11:11:45 ----RA---- C:\WINDOWS\system32\hkcmd.exe
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\oemdspif.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxtray.exe
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxsrvc.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxpph.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxeud.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxdo.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxdiag.exe
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxdgps.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxdev.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxcfg.exe
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\ialmrnt5.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\ialmdnt5.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\ialmdev5.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\ialmdd5.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\hccutils.dll
2010-03-15 11:11:31 ----D---- C:\Program Files\Intel
2010-03-15 11:10:14 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-03-15 11:09:44 ----D---- C:\Program Files\CONEXANT
2010-03-15 11:09:37 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2010-03-15 11:09:37 ----A---- C:\WINDOWS\system32\hsfci012.dll
2010-03-15 11:09:10 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-15 11:09:10 ----D---- C:\Acer
2010-03-15 11:09:10 ----A---- C:\WINDOWS\system32\Epm-Po.dll
2010-03-15 11:08:52 ----D---- C:\Program Files\Common Files\InstallShield
2010-03-15 11:07:34 ----D---- C:\Documents and Settings\Martin\Data aplikací\WinRAR
2010-03-15 10:55:18 ----D---- C:\Program Files\WinRAR
2010-03-15 10:51:07 ----D---- C:\Program Files\ESET
2010-03-15 10:51:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-03-15 10:44:34 ----D---- C:\Documents and Settings\Martin\Data aplikací\Identities
2010-03-15 10:44:31 ----HD---- C:\Program Files\Uninstall Information
2010-03-15 10:44:24 ----ASH---- C:\Documents and Settings\Martin\Data aplikací\desktop.ini
2010-03-15 10:44:23 ----SD---- C:\Documents and Settings\Martin\Data aplikací\Microsoft
2010-03-15 10:43:20 ----D---- C:\WINDOWS\SoftwareDistribution
2010-03-15 10:43:20 ----D---- C:\WINDOWS\IIS Temporary Compressed Files
2010-03-15 10:43:16 ----D---- C:\WINDOWS\Prefetch
2010-03-15 10:43:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-15 10:39:19 ----D---- C:\WINDOWS\system32\xircom
2010-03-15 10:39:19 ----D---- C:\Program Files\xerox
2010-03-15 10:39:19 ----D---- C:\Program Files\microsoft frontpage
2010-03-15 10:38:57 ----A---- C:\WINDOWS\control.ini
2010-03-15 10:38:57 ----A---- C:\AUTOEXEC.BAT
2010-03-15 10:38:38 ----A---- C:\WINDOWS\OEWABLog.txt
2010-03-15 10:38:34 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-03-15 10:37:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-15 10:37:28 ----RD---- C:\WINDOWS\Offline Web Pages
2010-03-15 10:37:28 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-03-15 10:37:20 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-03-15 10:37:14 ----HD---- C:\Program Files\WindowsUpdate
2010-03-15 10:37:09 ----D---- C:\Program Files\Online Services
2010-03-15 10:36:50 ----D---- C:\WINDOWS\system32\DirectX
2010-03-15 10:36:44 ----A---- C:\WINDOWS\system32\atrace.dll
2010-03-15 10:36:41 ----A---- C:\WINDOWS\system32\desktop.ini
2010-03-15 10:36:41 ----A---- C:\WINDOWS\desktop.ini
2010-03-15 10:36:34 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-03-15 10:36:33 ----D---- C:\Program Files\Common Files\Services
2010-03-15 10:36:33 ----A---- C:\WINDOWS\system32\acctres.dll
2010-03-15 10:36:30 ----SD---- C:\WINDOWS\Tasks
2010-03-15 10:36:30 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-03-15 10:36:29 ----D---- C:\Program Files\Common Files\MSSoap
2010-03-15 10:36:25 ----D---- C:\WINDOWS\srchasst
2010-03-15 10:36:23 ----D---- C:\WINDOWS\system32\Macromed
2010-03-15 10:36:20 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-03-15 10:36:20 ----A---- C:\WINDOWS\system32\wups.dll
2010-03-15 10:36:20 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-03-15 10:36:20 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-03-15 10:36:20 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-03-15 10:36:20 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-03-15 10:36:20 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-03-15 10:36:19 ----N---- C:\WINDOWS\system32\wuauclt.exe
2010-03-15 10:36:19 ----N---- C:\WINDOWS\system32\qmgr.dll
2010-03-15 10:36:19 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-03-15 10:36:19 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-03-15 10:36:19 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2010-03-15 10:36:19 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-03-15 10:36:19 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-03-15 10:36:14 ----D---- C:\Program Files\Movie Maker
2010-03-15 10:35:55 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-03-15 10:35:55 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-03-15 10:35:55 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-03-15 10:35:55 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-03-15 10:35:51 ----N---- C:\WINDOWS\system32\srsvc.dll
2010-03-15 10:35:51 ----D---- C:\WINDOWS\system32\Restore
2010-03-15 10:35:51 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-03-15 10:35:51 ----A---- C:\WINDOWS\system32\fltMc.exe
2010-03-15 10:35:51 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-03-15 10:35:50 ----A---- C:\WINDOWS\system32\srclient.dll
2010-03-15 10:35:50 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-03-15 10:35:50 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-03-15 10:35:50 ----A---- C:\WINDOWS\system32\ils.dll
2010-03-15 10:35:49 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-03-15 10:35:49 ----A---- C:\WINDOWS\system32\msconf.dll
2010-03-15 10:35:49 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-03-15 10:35:47 ----D---- C:\Program Files\NetMeeting
2010-03-15 10:35:47 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-03-15 10:35:46 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-03-15 10:35:46 ----A---- C:\WINDOWS\system32\inetres.dll
2010-03-15 10:35:45 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-03-15 10:35:43 ----N---- C:\WINDOWS\system32\schedsvc.dll
2010-03-15 10:35:43 ----D---- C:\Program Files\Outlook Express
2010-03-15 10:35:43 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-03-15 10:35:43 ----A---- C:\WINDOWS\system32\mstask.dll
2010-03-15 10:35:43 ----A---- C:\WINDOWS\system32\isign32.dll
2010-03-15 10:35:43 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-03-15 10:35:43 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-03-15 10:35:42 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-03-15 10:35:35 ----D---- C:\Program Files\Common Files\System
2010-03-15 10:35:31 ----D---- C:\Program Files\Internet Explorer
2010-03-15 10:34:26 ----D---- C:\Program Files\ComPlus Applications
2010-03-15 10:34:24 ----A---- C:\WINDOWS\vbaddin.ini
2010-03-15 10:34:24 ----A---- C:\WINDOWS\vb.ini
2010-03-15 10:34:18 ----D---- C:\WINDOWS\Registration
2010-03-15 10:34:08 ----SD---- C:\WINDOWS\system32\Microsoft
2010-03-15 10:34:04 ----D---- C:\Program Files\Windows Media Player
2010-03-15 10:33:55 ----D---- C:\Program Files\Messenger
2010-03-15 10:33:51 ----A---- C:\WINDOWS\system32\w3ctrs.ini
2010-03-15 10:33:50 ----A---- C:\WINDOWS\system32\w3svapi.dll
2010-03-15 10:33:50 ----A---- C:\WINDOWS\system32\w3ctrs.dll
2010-03-15 10:33:50 ----A---- C:\WINDOWS\system32\iisrstap.dll
2010-03-15 10:33:50 ----A---- C:\WINDOWS\system32\iisreset.exe
2010-03-15 10:33:50 ----A---- C:\WINDOWS\system32\ftpsapi2.dll
2010-03-15 10:33:50 ----A---- C:\WINDOWS\system32\axperf.ini
2010-03-15 10:33:50 ----A---- C:\WINDOWS\system32\aspperf.dll
2010-03-15 10:33:49 ----A---- C:\WINDOWS\system32\wamregps.dll
2010-03-15 10:33:49 ----A---- C:\WINDOWS\system32\infoctrs.ini
2010-03-15 10:33:49 ----A---- C:\WINDOWS\system32\infoctrs.dll
2010-03-15 10:33:49 ----A---- C:\WINDOWS\system32\inetsloc.dll
2010-03-15 10:33:49 ----A---- C:\WINDOWS\system32\iismui.dll
2010-03-15 10:33:49 ----A---- C:\WINDOWS\system32\convlog.exe
2010-03-15 10:33:49 ----A---- C:\WINDOWS\system32\admxprox.dll
2010-03-15 10:33:44 ----D---- C:\Program Files\MSN Gaming Zone
2010-03-15 10:33:44 ----A---- C:\WINDOWS\system32\write.exe
2010-03-15 10:33:34 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-03-15 10:33:34 ----A---- C:\WINDOWS\system32\hticons.dll
2010-03-15 10:33:34 ----A---- C:\WINDOWS\system32\avwav.dll
2010-03-15 10:33:34 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-03-15 10:33:34 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-03-15 10:33:33 ----A---- C:\WINDOWS\system32\winchat.exe
2010-03-15 10:33:27 ----A---- C:\WINDOWS\system32\getuname.dll
2010-03-15 10:33:26 ----A---- C:\WINDOWS\system32\winmine.exe
2010-03-15 10:33:26 ----A---- C:\WINDOWS\system32\sol.exe
2010-03-15 10:33:26 ----A---- C:\WINDOWS\system32\charmap.exe
2010-03-15 10:33:26 ----A---- C:\WINDOWS\system32\calc.exe
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\tskill.exe
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\tscon.exe
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\shadow.exe
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\reset.exe
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\freecell.exe
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\regini.exe
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\msg.exe
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\logoff.exe
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-03-15 10:33:18 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-03-15 10:33:15 ----A---- C:\WINDOWS\system32\smtpapi.dll
2010-03-15 10:33:15 ----A---- C:\WINDOWS\system32\rwnh.dll
2010-03-15 10:33:14 ----A---- C:\WINDOWS\system32\infoadmn.dll
2010-03-15 10:33:14 ----A---- C:\WINDOWS\system32\iismap.dll
2010-03-15 10:33:14 ----A---- C:\WINDOWS\system32\iisext.dll
2010-03-15 10:33:14 ----A---- C:\WINDOWS\system32\adsiis.dll
2010-03-15 10:33:13 ----A---- C:\WINDOWS\system32\iisRtl.dll
2010-03-15 10:33:13 ----A---- C:\WINDOWS\system32\exstrace.dll
2010-03-15 10:33:13 ----A---- C:\WINDOWS\system32\admwprox.dll
2010-03-15 10:33:11 ----A---- C:\WINDOWS\system32\staxmem.dll
2010-03-15 10:33:10 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-03-15 10:33:10 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-03-15 10:33:10 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-03-15 10:33:09 ----D---- C:\Program Files\Windows NT
2010-03-15 10:33:09 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-03-15 10:33:09 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-03-15 10:33:09 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-03-15 10:33:08 ----A---- C:\WINDOWS\system32\spider.exe
2010-03-15 10:33:07 ----A---- C:\WINDOWS\system32\tsgqec.dll
2010-03-15 10:33:07 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-03-15 10:33:07 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2010-03-15 10:33:07 ----A---- C:\WINDOWS\system32\aaclient.dll
2010-03-15 10:33:06 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-03-15 10:33:06 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-03-15 10:33:06 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-03-15 10:33:06 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-03-15 10:33:06 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-03-15 10:33:06 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-03-15 10:33:05 ----N---- C:\WINDOWS\system32\termsrv.dll
2010-03-15 10:33:05 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-03-15 10:33:05 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-03-15 10:33:05 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-03-15 10:33:05 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-03-15 10:33:05 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-03-15 10:33:05 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-03-15 10:33:05 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-03-15 10:33:04 ----D---- C:\WINDOWS\system32\MsDtc
2010-03-15 10:33:04 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-03-15 10:33:04 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-03-15 10:33:04 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-03-15 10:33:04 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-03-15 10:33:03 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-03-15 10:33:03 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-03-15 10:33:03 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-03-15 10:33:02 ----D---- C:\WINDOWS\system32\Com
2010-03-15 10:33:02 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-03-15 10:33:02 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-03-15 10:33:02 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-03-15 10:33:02 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-03-15 10:33:02 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-03-15 10:33:02 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-03-15 10:33:02 ----A---- C:\WINDOWS\system32\colbact.dll
2010-03-15 10:33:01 ----A---- C:\WINDOWS\system32\stclient.dll
2010-03-15 10:33:01 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-03-15 10:33:01 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-03-15 10:33:01 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-03-15 10:33:01 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-03-15 10:33:00 ----A---- C:\WINDOWS\system32\comuid.dll
2010-03-15 10:33:00 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-03-15 10:33:00 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-03-15 10:32:59 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-03-15 10:32:52 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-03-15 10:32:52 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-03-15 10:32:52 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-03-15 10:32:51 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-03-15 10:32:46 ----D---- C:\Inetpub
2010-03-15 10:32:45 ----D---- C:\WINDOWS\system32\Logfiles

======List of files/folders modified in the last 1 months======

2010-03-15 17:34:13 ----A---- C:\WINDOWS\system.ini
2010-03-15 12:04:28 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-04-09 94360]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-04-09 113960]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-12-15 207232]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-01-23 804317]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-02-04 193216]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-04-09 731840]
R2 IISADMIN;Správa služby IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-15 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 W3SVC;Publikování na webu; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-04-09 20680]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-03-15 306432]

-----------------EOF-----------------

dinospages · #11 Příspěvek od **dinospages** » 15 bře 2010 19:07

TOTO je log z NODu zkopíroval jsem pouze info o zasažených souborech:

Testované disky, adresáře a soubory: Paměť;C:\Boot sektor;C:\;E:\Boot sektor;E:\
MBR sektor 1. fyzického disku - Win32/Mebroot.K trojský kůň - výběr akce byl odložen na konec skenování
C:\hiberfil.sys - chyba při otevírání [4]
C:\pagefile.sys - chyba při otevírání [4]

dinospages · #12 Příspěvek od **dinospages** » 15 bře 2010 19:31

0 sektor E:

FA 33 DB 8E D3 36 89 26 FE 7B BC FE 7B 1E 66 60 FC 8E DB BE 13 04 83 2C 02 AD C1 E0 06 8E C0 BE 00 7C 33 FF B9 00 01 F3 A5 B8 02 02 B1 3D BA 80 00 8B DF CD 13 33 DB 90 90 90 90 66 8B 47 4C C7 47 4C 6A 00 66 26 A3 77 00 8C 47 4E 06 68 51 00 CB FB 8E C3 B8 01 02 B9 3F 00 BA 80 00 B7 7C CD 13 66 61 1F 5C EA 00 7C 00 00 9C 80 FC 42 74 0B 80 FC 02 74 06 9D EA 00 00 00 00 2E 88 26 94 00 9D 9C 2E FF 1E 77 00 0F 82 9E 00 9C FA 06 66 60 FC B4 00 B5 00 80 FD 42 75 04 AD AD C4 1C 85 C0 75 01 40 8B C8 C1 E1 09 B0 8B 8B FB 60 F2 AE 75 48 90 66 26 81 3D F0 85 F6 74 75 F1 26 81 7D 05 80 3D 75 E9 26 8A 45 04 3C 21 74 04 3C 22 75 DD BE 0B 02 2E 80 3C 00 75 20 2E 88 04 26 C7 45 FF FF 15 66 8C C8 66 C1 E0 04 05 00 02 66 2E A3 FC 01 2D 04 00 66 26 89 45 01 61 B0 83 F2 AE 75 25 66 26 81 3D C4 02 E9 00 75 F2 66 26 81 7D 04 00 E9 FD FF 75 E7 66 26 C7 45 FC 90 90 90 83 26 83 65 06 00 EB D7 66 61 07 9D CA 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 44 63 05 92 77 8F 16 C8 00 01 01 00 07 FE FF FF 3F 00 00 00 82 E4 50 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA

MBR -t:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
PE file found in sector at 0x04A8143F !

LOG z GMER:

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2010-03-15 19:31:28
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT 895F9630 ZwAssignProcessToJobObject
SSDT 895F8A60 ZwOpenProcess
SSDT 895F8E80 ZwOpenThread
SSDT 895F9460 ZwSuspendProcess
SSDT 895F9280 ZwSuspendThread
SSDT 895F8C90 ZwTerminateProcess
SSDT 895F90B0 ZwTerminateThread

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1876] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

---- Threads - GMER 1.0.15 ----

Thread System [4:316] 895F7790

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAC 0x4F 0x92 0x7A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAC 0x4F 0x92 0x7A ...

---- EOF - GMER 1.0.15 ----

dinospages · #13 Příspěvek od **dinospages** » 15 bře 2010 20:32

LOG z MBR:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
PE file found in sector at 0x04A8143F !

LOG z GMER - pouze disk E

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2010-03-15 20:14:44
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT 895F9630 ZwAssignProcessToJobObject
SSDT 895F8A60 ZwOpenProcess
SSDT 895F8E80 ZwOpenThread
SSDT 895F9460 ZwSuspendProcess
SSDT 895F9280 ZwSuspendThread
SSDT 895F8C90 ZwTerminateProcess
SSDT 895F90B0 ZwTerminateThread

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Martin\LOCALS~1\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1876] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

---- Threads - GMER 1.0.15 ----

Thread System [4:316] 895F7790

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAC 0x4F 0x92 0x7A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAC 0x4F 0x92 0x7A ...

---- EOF - GMER 1.0.15 ----

dinospages · #14 Příspěvek od **dinospages** » 15 bře 2010 20:57

MBR sektor 1. fyzického disku - Win32/Mebroot.K trojský kůň - výběr akce byl odložen na konec skenování

stále kvoká...stále kvoká..

disk E je již asi vyléčen.

dinospages · #15 Příspěvek od **dinospages** » 15 bře 2010 21:21

log z mbr -t:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
PE file found in sector at 0x04A8143F !

Scan z RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Martin at 2010-03-15 21:20:23
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 24 GB (63%) free of 38 GB
Total RAM: 2038 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:27, on 15.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\acer\epm\epm-dm.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Opera\opera.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\The KMPlayer\KMPlayer.exe
C:\Documents and Settings\Martin\Plocha\RSIT.exe
C:\Program Files\trend micro\Martin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15187&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 4066 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-15 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-04-09 2029640]
"EPM-DM"=c:\acer\epm\epm-dm.exe [2005-06-01 192512]
"ePowerManagement"=C:\Acer\ePM\ePM.exe [2005-03-15 2893824]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-01-23 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-01-23 126976]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-04 708698]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-01-23 348160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\sdc230\sdc230\StrongDC.exe"="C:\Program Files\sdc230\sdc230\StrongDC.exe:*:Enabled:StrongDC++"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-03-15 20:09:40 ----A---- C:\MbrFix64.exe
2010-03-15 20:09:40 ----A---- C:\MbrFix.exe
2010-03-15 19:13:59 ----SHD---- C:\RECYCLER
2010-03-15 17:36:33 ----A---- C:\ComboFix.txt
2010-03-15 17:27:04 ----A---- C:\Boot.bak
2010-03-15 17:26:58 ----RASHD---- C:\cmdcons
2010-03-15 17:25:50 ----A---- C:\WINDOWS\zip.exe
2010-03-15 17:25:50 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-15 17:25:50 ----A---- C:\WINDOWS\SWSC.exe
2010-03-15 17:25:50 ----A---- C:\WINDOWS\SWREG.exe
2010-03-15 17:25:50 ----A---- C:\WINDOWS\sed.exe
2010-03-15 17:25:50 ----A---- C:\WINDOWS\PEV.exe
2010-03-15 17:25:50 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-15 17:25:50 ----A---- C:\WINDOWS\MBR.exe
2010-03-15 17:25:50 ----A---- C:\WINDOWS\grep.exe
2010-03-15 17:22:53 ----D---- C:\WINDOWS\ERDNT
2010-03-15 17:22:43 ----A---- C:\WINDOWS\system32\CF19133.exe
2010-03-15 17:22:27 ----AD---- C:\Qoobox
2010-03-15 15:38:36 ----D---- C:\Program Files\HxD
2010-03-15 15:37:06 ----D---- C:\Documents and Settings\Martin\Data aplikací\Mael
2010-03-15 14:51:37 ----A---- C:\mbr.exe
2010-03-15 14:23:40 ----D---- C:\Program Files\VirtualDJ
2010-03-15 14:15:21 ----A---- C:\WINDOWS\system32\khfGyaAs.dll
2010-03-15 12:55:27 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2010-03-15 12:55:21 ----D---- C:\Documents and Settings\Martin\Data aplikací\TuneUp Software
2010-03-15 12:55:18 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2010-03-15 12:55:17 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2010-03-15 12:55:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2010-03-15 12:55:00 ----D---- C:\Program Files\TuneUp Utilities 2008
2010-03-15 12:54:38 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-03-15 12:50:39 ----A---- C:\WINDOWS\system32\SafeQUI.dll
2010-03-15 12:50:39 ----A---- C:\WINDOWS\system32\SafeQ.dll
2010-03-15 12:50:39 ----A---- C:\WINDOWS\system32\ChilkatSSL.dll
2010-03-15 12:50:32 ----D---- C:\Documents and Settings\Martin\Data aplikací\VitySoft
2010-03-15 12:50:26 ----A---- C:\WINDOWS\system32\KMPJLMN.DLL
2010-03-15 12:50:26 ----A---- C:\WINDOWS\system32\KCINST32.DLL
2010-03-15 12:49:08 ----D---- C:\totalcmd
2010-03-15 12:49:08 ----D---- C:\Documents and Settings\Martin\Data aplikací\GHISLER
2010-03-15 12:33:31 ----D---- C:\Program Files\QIP
2010-03-15 12:33:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-03-15 12:33:27 ----D---- C:\Program Files\Common Files\Java
2010-03-15 12:32:57 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-03-15 12:32:56 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-15 12:32:56 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-15 12:32:56 ----A---- C:\WINDOWS\system32\java.exe
2010-03-15 12:32:38 ----D---- C:\Program Files\Java
2010-03-15 12:32:10 ----D---- C:\Documents and Settings\Martin\Data aplikací\Sun
2010-03-15 12:21:56 ----D---- C:\Program Files\trend micro
2010-03-15 12:21:55 ----D---- C:\rsit
2010-03-15 12:05:33 ----D---- C:\Program Files\Winamp3
2010-03-15 12:05:32 ----D---- C:\Program Files\Ozone
2010-03-15 12:04:55 ----A---- C:\WINDOWS\ODBC.INI
2010-03-15 12:04:45 ----A---- C:\WINDOWS\system32\mdimon.dll
2010-03-15 12:04:31 ----D---- C:\WINDOWS\system32\appmgmt
2010-03-15 12:03:23 ----D---- C:\Program Files\Microsoft.NET
2010-03-15 12:02:12 ----D---- C:\Program Files\Common Files\DESIGNER
2010-03-15 12:02:03 ----D---- C:\Program Files\Microsoft Works
2010-03-15 12:01:47 ----D---- C:\Program Files\Microsoft Visual Studio
2010-03-15 12:01:14 ----D---- C:\WINDOWS\SHELLNEW
2010-03-15 12:00:58 ----D---- C:\Program Files\Microsoft Office
2010-03-15 11:53:46 ----D---- C:\Program Files\sdc230
2010-03-15 11:49:06 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-03-15 11:48:32 ----D---- C:\Documents and Settings\Martin\Data aplikací\DAEMON Tools Lite
2010-03-15 11:48:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-03-15 11:45:31 ----D---- C:\Program Files\uTorrent
2010-03-15 11:45:23 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2010-03-15 11:45:23 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2010-03-15 11:45:16 ----D---- C:\WINDOWS\Logs
2010-03-15 11:44:54 ----D---- C:\Documents and Settings\Martin\Data aplikací\uTorrent
2010-03-15 11:44:14 ----D---- C:\Program Files\The KMPlayer
2010-03-15 11:43:34 ----D---- C:\WINDOWS\RegisteredPackages
2010-03-15 11:43:07 ----A---- C:\WINDOWS\system32\vxblock.dll
2010-03-15 11:43:07 ----A---- C:\WINDOWS\system32\pxwave.dll
2010-03-15 11:43:07 ----A---- C:\WINDOWS\system32\pxsfs.dll
2010-03-15 11:43:07 ----A---- C:\WINDOWS\system32\pxmas.dll
2010-03-15 11:43:07 ----A---- C:\WINDOWS\system32\pxinsa64.exe
2010-03-15 11:43:07 ----A---- C:\WINDOWS\system32\pxhpinst.exe
2010-03-15 11:43:07 ----A---- C:\WINDOWS\system32\pxdrv.dll
2010-03-15 11:43:07 ----A---- C:\WINDOWS\system32\pxcpya64.exe
2010-03-15 11:43:07 ----A---- C:\WINDOWS\system32\pxafs.dll
2010-03-15 11:43:07 ----A---- C:\WINDOWS\system32\px.dll
2010-03-15 11:43:05 ----D---- C:\Program Files\Winamp
2010-03-15 11:43:05 ----D---- C:\Documents and Settings\Martin\Data aplikací\Winamp
2010-03-15 11:39:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-03-15 11:39:27 ----D---- C:\Program Files\Common Files\Adobe
2010-03-15 11:39:27 ----D---- C:\Program Files\Adobe
2010-03-15 11:38:02 ----D---- C:\WINDOWS\system32\Adobe
2010-03-15 11:35:48 ----D---- C:\Documents and Settings\Martin\Data aplikací\Macromedia
2010-03-15 11:35:48 ----D---- C:\Documents and Settings\Martin\Data aplikací\Adobe
2010-03-15 11:34:53 ----D---- C:\Documents and Settings\Martin\Data aplikací\Opera
2010-03-15 11:34:40 ----D---- C:\Program Files\Opera
2010-03-15 11:30:59 ----A---- C:\WINDOWS\system32\h323log.txt
2010-03-15 11:27:49 ----A---- C:\WINDOWS\system32\usbui.dll
2010-03-15 11:26:23 ----SHD---- C:\WINDOWS\Installer
2010-03-15 11:26:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-15 11:26:22 ----D---- C:\Program Files\Common Files\ODBC
2010-03-15 11:26:22 ----A---- C:\WINDOWS\ODBCINST.INI
2010-03-15 11:26:17 ----RD---- C:\Program Files
2010-03-15 11:26:17 ----D---- C:\Program Files\Common Files\SpeechEngines
2010-03-15 11:26:17 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-03-15 11:26:17 ----D---- C:\Program Files\Common Files
2010-03-15 11:26:14 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-03-15 11:26:13 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-03-15 11:26:13 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdur.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdru.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2010-03-15 11:26:12 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2010-03-15 11:26:10 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-03-15 11:26:10 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-03-15 11:26:10 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-03-15 11:26:10 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-03-15 11:26:10 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-03-15 11:26:10 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-03-15 11:26:10 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-03-15 11:26:09 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-03-15 11:26:09 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-03-15 11:26:09 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-03-15 11:26:09 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-03-15 11:26:09 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdycl.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdsl.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdro.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdpl.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdhu.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\kbdcr.dll
2010-03-15 11:26:05 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2010-03-15 11:26:04 ----A---- C:\WINDOWS\system32\irclass.dll
2010-03-15 11:26:04 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-03-15 11:26:03 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-03-15 11:26:03 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-03-15 11:26:03 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-03-15 11:26:01 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-03-15 11:26:01 ----A---- C:\WINDOWS\system32\CONFIG.TMP
2010-03-15 11:26:01 ----A---- C:\WINDOWS\system32\batt.dll
2010-03-15 11:26:00 ----A---- C:\WINDOWS\NOTEPAD.EXE
2010-03-15 11:25:59 ----A---- C:\WINDOWS\system32\storprop.dll
2010-03-15 11:25:49 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2010-03-15 11:25:46 ----RA---- C:\WINDOWS\SET8.tmp
2010-03-15 11:25:42 ----RA---- C:\WINDOWS\SET4.tmp
2010-03-15 11:25:40 ----RA---- C:\WINDOWS\SET3.tmp
2010-03-15 11:25:34 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-15 11:25:34 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-15 11:25:27 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-03-15 11:24:55 ----D---- C:\Documents and Settings
2010-03-15 11:24:54 ----SHD---- C:\System Volume Information
2010-03-15 11:23:51 ----RASH---- C:\boot.ini
2010-03-15 11:18:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-15 11:18:40 ----RSD---- C:\WINDOWS\Fonts
2010-03-15 11:18:40 ----RD---- C:\WINDOWS\Web
2010-03-15 11:18:40 ----HD---- C:\WINDOWS\inf
2010-03-15 11:18:40 ----D---- C:\WINDOWS\WinSxS
2010-03-15 11:18:40 ----D---- C:\WINDOWS\twain_32
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Temp
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\wins
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\wbem
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\usmt
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\spool
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\ShellExt
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\Setup
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\ras
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\oobe
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\npp
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\mui
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\inetsrv
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\IME
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\icsxml
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\ias
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\export
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\drivers
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\dhcp
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\cs-cz
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\cs
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\config
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\3com_dmi
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\3076
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\2052
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1054
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1042
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1041
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1037
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1033
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1031
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1029
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1028
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32\1025
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system32
2010-03-15 11:18:40 ----D---- C:\WINDOWS\system
2010-03-15 11:18:40 ----D---- C:\WINDOWS\security
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Resources
2010-03-15 11:18:40 ----D---- C:\WINDOWS\repair
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Provisioning
2010-03-15 11:18:40 ----D---- C:\WINDOWS\pchealth
2010-03-15 11:18:40 ----D---- C:\WINDOWS\PeerNet
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Network Diagnostic
2010-03-15 11:18:40 ----D---- C:\WINDOWS\mui
2010-03-15 11:18:40 ----D---- C:\WINDOWS\msapps
2010-03-15 11:18:40 ----D---- C:\WINDOWS\msagent
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Media
2010-03-15 11:18:40 ----D---- C:\WINDOWS\L2Schemas
2010-03-15 11:18:40 ----D---- C:\WINDOWS\java
2010-03-15 11:18:40 ----D---- C:\WINDOWS\ime
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Help
2010-03-15 11:18:40 ----D---- C:\WINDOWS\ehome
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Driver Cache
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Debug
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Cursors
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Connection Wizard
2010-03-15 11:18:40 ----D---- C:\WINDOWS\Config
2010-03-15 11:18:40 ----D---- C:\WINDOWS\AppPatch
2010-03-15 11:18:40 ----D---- C:\WINDOWS\addins
2010-03-15 11:18:40 ----D---- C:\WINDOWS
2010-03-15 11:14:06 ----A---- C:\WINDOWS\system32\SynTPFcs.dll
2010-03-15 11:14:06 ----A---- C:\WINDOWS\system32\SynTPCo2.dll
2010-03-15 11:14:06 ----A---- C:\WINDOWS\system32\SynTPAPI.dll
2010-03-15 11:14:05 ----A---- C:\WINDOWS\system32\SynCtrl.dll
2010-03-15 11:14:04 ----A---- C:\WINDOWS\system32\SynCOM.dll
2010-03-15 11:14:02 ----D---- C:\Program Files\Synaptics
2010-03-15 11:13:02 ----RA---- C:\WINDOWS\system32\igfxres.dll
2010-03-15 11:12:56 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-03-15 11:12:45 ----A---- C:\WINDOWS\system32\RTLCPAPI.dll
2010-03-15 11:12:45 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2010-03-15 11:12:44 ----A---- C:\WINDOWS\system32\ChCfg.exe
2010-03-15 11:12:43 ----A---- C:\WINDOWS\system32\RTLCPL.EXE
2010-03-15 11:12:41 ----N---- C:\WINDOWS\alcupd.exe
2010-03-15 11:12:41 ----N---- C:\WINDOWS\alcrmv.exe
2010-03-15 11:12:37 ----N---- C:\WINDOWS\RtlExUpd.dll
2010-03-15 11:11:46 ----RA---- C:\WINDOWS\system32\ialmrem.dll
2010-03-15 11:11:46 ----RA---- C:\WINDOWS\system32\ialmgicd.dll
2010-03-15 11:11:46 ----RA---- C:\WINDOWS\system32\ialmgdev.dll
2010-03-15 11:11:46 ----RA---- C:\WINDOWS\system32\iAlmCoIn_v4020.dll
2010-03-15 11:11:45 ----RA---- C:\WINDOWS\system32\igfxzoom.exe
2010-03-15 11:11:45 ----RA---- C:\WINDOWS\system32\igfxress.dll
2010-03-15 11:11:45 ----RA---- C:\WINDOWS\system32\igfxhk.dll
2010-03-15 11:11:45 ----RA---- C:\WINDOWS\system32\igfxext.exe
2010-03-15 11:11:45 ----RA---- C:\WINDOWS\system32\igfxexps.dll
2010-03-15 11:11:45 ----RA---- C:\WINDOWS\system32\hkcmd.exe
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\oemdspif.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxtray.exe
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxsrvc.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxpph.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxeud.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxdo.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxdiag.exe
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxdgps.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxdev.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\igfxcfg.exe
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\ialmrnt5.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\ialmdnt5.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\ialmdev5.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\ialmdd5.dll
2010-03-15 11:11:44 ----RA---- C:\WINDOWS\system32\hccutils.dll
2010-03-15 11:11:31 ----D---- C:\Program Files\Intel
2010-03-15 11:10:14 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-03-15 11:09:44 ----D---- C:\Program Files\CONEXANT
2010-03-15 11:09:37 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2010-03-15 11:09:37 ----A---- C:\WINDOWS\system32\hsfci012.dll
2010-03-15 11:09:10 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-15 11:09:10 ----D---- C:\Acer
2010-03-15 11:09:10 ----A---- C:\WINDOWS\system32\Epm-Po.dll
2010-03-15 11:08:52 ----D---- C:\Program Files\Common Files\InstallShield
2010-03-15 11:07:34 ----D---- C:\Documents and Settings\Martin\Data aplikací\WinRAR
2010-03-15 10:55:18 ----D---- C:\Program Files\WinRAR
2010-03-15 10:51:07 ----D---- C:\Program Files\ESET
2010-03-15 10:51:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-03-15 10:44:34 ----D---- C:\Documents and Settings\Martin\Data aplikací\Identities
2010-03-15 10:44:31 ----HD---- C:\Program Files\Uninstall Information
2010-03-15 10:44:24 ----ASH---- C:\Documents and Settings\Martin\Data aplikací\desktop.ini
2010-03-15 10:44:23 ----SD---- C:\Documents and Settings\Martin\Data aplikací\Microsoft
2010-03-15 10:43:20 ----D---- C:\WINDOWS\SoftwareDistribution
2010-03-15 10:43:20 ----D---- C:\WINDOWS\IIS Temporary Compressed Files
2010-03-15 10:43:16 ----D---- C:\WINDOWS\Prefetch
2010-03-15 10:43:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-15 10:39:19 ----D---- C:\WINDOWS\system32\xircom
2010-03-15 10:39:19 ----D---- C:\Program Files\xerox
2010-03-15 10:39:19 ----D---- C:\Program Files\microsoft frontpage
2010-03-15 10:38:57 ----A---- C:\WINDOWS\control.ini
2010-03-15 10:38:57 ----A---- C:\AUTOEXEC.BAT
2010-03-15 10:38:38 ----A---- C:\WINDOWS\OEWABLog.txt
2010-03-15 10:38:34 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-03-15 10:37:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-15 10:37:28 ----RD---- C:\WINDOWS\Offline Web Pages
2010-03-15 10:37:28 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-03-15 10:37:20 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-03-15 10:37:14 ----HD---- C:\Program Files\WindowsUpdate
2010-03-15 10:37:09 ----D---- C:\Program Files\Online Services
2010-03-15 10:36:50 ----D---- C:\WINDOWS\system32\DirectX
2010-03-15 10:36:44 ----A---- C:\WINDOWS\system32\atrace.dll
2010-03-15 10:36:41 ----A---- C:\WINDOWS\system32\desktop.ini
2010-03-15 10:36:41 ----A---- C:\WINDOWS\desktop.ini
2010-03-15 10:36:34 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-03-15 10:36:33 ----D---- C:\Program Files\Common Files\Services
2010-03-15 10:36:33 ----A---- C:\WINDOWS\system32\acctres.dll
2010-03-15 10:36:30 ----SD---- C:\WINDOWS\Tasks
2010-03-15 10:36:30 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-03-15 10:36:29 ----D---- C:\Program Files\Common Files\MSSoap
2010-03-15 10:36:25 ----D---- C:\WINDOWS\srchasst
2010-03-15 10:36:23 ----D---- C:\WINDOWS\system32\Macromed
2010-03-15 10:36:20 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-03-15 10:36:20 ----A---- C:\WINDOWS\system32\wups.dll
2010-03-15 10:36:20 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-03-15 10:36:20 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-03-15 10:36:20 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-03-15 10:36:20 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-03-15 10:36:20 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-03-15 10:36:19 ----N---- C:\WINDOWS\system32\wuauclt.exe
2010-03-15 10:36:19 ----N---- C:\WINDOWS\system32\qmgr.dll
2010-03-15 10:36:19 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-03-15 10:36:19 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-03-15 10:36:19 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2010-03-15 10:36:19 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-03-15 10:36:19 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-03-15 10:36:14 ----D---- C:\Program Files\Movie Maker
2010-03-15 10:35:55 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-03-15 10:35:55 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-03-15 10:35:55 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-03-15 10:35:55 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-03-15 10:35:51 ----N---- C:\WINDOWS\system32\srsvc.dll
2010-03-15 10:35:51 ----D---- C:\WINDOWS\system32\Restore
2010-03-15 10:35:51 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-03-15 10:35:51 ----A---- C:\WINDOWS\system32\fltMc.exe
2010-03-15 10:35:51 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-03-15 10:35:50 ----A---- C:\WINDOWS\system32\srclient.dll
2010-03-15 10:35:50 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-03-15 10:35:50 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-03-15 10:35:50 ----A---- C:\WINDOWS\system32\ils.dll
2010-03-15 10:35:49 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-03-15 10:35:49 ----A---- C:\WINDOWS\system32\msconf.dll
2010-03-15 10:35:49 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-03-15 10:35:47 ----D---- C:\Program Files\NetMeeting
2010-03-15 10:35:47 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-03-15 10:35:46 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-03-15 10:35:46 ----A---- C:\WINDOWS\system32\inetres.dll
2010-03-15 10:35:45 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-03-15 10:35:43 ----N---- C:\WINDOWS\system32\schedsvc.dll
2010-03-15 10:35:43 ----D---- C:\Program Files\Outlook Express
2010-03-15 10:35:43 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-03-15 10:35:43 ----A---- C:\WINDOWS\system32\mstask.dll
2010-03-15 10:35:43 ----A---- C:\WINDOWS\system32\isign32.dll
2010-03-15 10:35:43 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-03-15 10:35:43 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-03-15 10:35:42 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-03-15 10:35:35 ----D---- C:\Program Files\Common Files\System
2010-03-15 10:35:31 ----D---- C:\Program Files\Internet Explorer
2010-03-15 10:34:26 ----D---- C:\Program Files\ComPlus Applications
2010-03-15 10:34:24 ----A---- C:\WINDOWS\vbaddin.ini
2010-03-15 10:34:24 ----A---- C:\WINDOWS\vb.ini
2010-03-15 10:34:18 ----D---- C:\WINDOWS\Registration
2010-03-15 10:34:08 ----SD---- C:\WINDOWS\system32\Microsoft
2010-03-15 10:34:04 ----D---- C:\Program Files\Windows Media Player
2010-03-15 10:33:55 ----D---- C:\Program Files\Messenger
2010-03-15 10:33:51 ----A---- C:\WINDOWS\system32\w3ctrs.ini
2010-03-15 10:33:50 ----A---- C:\WINDOWS\system32\w3svapi.dll
2010-03-15 10:33:50 ----A---- C:\WINDOWS\system32\w3ctrs.dll
2010-03-15 10:33:50 ----A---- C:\WINDOWS\system32\iisrstap.dll
2010-03-15 10:33:50 ----A---- C:\WINDOWS\system32\iisreset.exe
2010-03-15 10:33:50 ----A---- C:\WINDOWS\system32\ftpsapi2.dll
2010-03-15 10:33:50 ----A---- C:\WINDOWS\system32\axperf.ini
2010-03-15 10:33:50 ----A---- C:\WINDOWS\system32\aspperf.dll
2010-03-15 10:33:49 ----A---- C:\WINDOWS\system32\wamregps.dll
2010-03-15 10:33:49 ----A---- C:\WINDOWS\system32\infoctrs.ini
2010-03-15 10:33:49 ----A---- C:\WINDOWS\system32\infoctrs.dll
2010-03-15 10:33:49 ----A---- C:\WINDOWS\system32\inetsloc.dll
2010-03-15 10:33:49 ----A---- C:\WINDOWS\system32\iismui.dll
2010-03-15 10:33:49 ----A---- C:\WINDOWS\system32\convlog.exe
2010-03-15 10:33:49 ----A---- C:\WINDOWS\system32\admxprox.dll
2010-03-15 10:33:44 ----D---- C:\Program Files\MSN Gaming Zone
2010-03-15 10:33:44 ----A---- C:\WINDOWS\system32\write.exe
2010-03-15 10:33:34 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-03-15 10:33:34 ----A---- C:\WINDOWS\system32\hticons.dll
2010-03-15 10:33:34 ----A---- C:\WINDOWS\system32\avwav.dll
2010-03-15 10:33:34 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-03-15 10:33:34 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-03-15 10:33:33 ----A---- C:\WINDOWS\system32\winchat.exe
2010-03-15 10:33:27 ----A---- C:\WINDOWS\system32\getuname.dll
2010-03-15 10:33:26 ----A---- C:\WINDOWS\system32\winmine.exe
2010-03-15 10:33:26 ----A---- C:\WINDOWS\system32\sol.exe
2010-03-15 10:33:26 ----A---- C:\WINDOWS\system32\charmap.exe
2010-03-15 10:33:26 ----A---- C:\WINDOWS\system32\calc.exe
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\tskill.exe
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\tscon.exe
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\shadow.exe
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\reset.exe
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-03-15 10:33:25 ----A---- C:\WINDOWS\system32\freecell.exe
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\regini.exe
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\msg.exe
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\logoff.exe
2010-03-15 10:33:24 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-03-15 10:33:18 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-03-15 10:33:15 ----A---- C:\WINDOWS\system32\smtpapi.dll
2010-03-15 10:33:15 ----A---- C:\WINDOWS\system32\rwnh.dll
2010-03-15 10:33:14 ----A---- C:\WINDOWS\system32\infoadmn.dll
2010-03-15 10:33:14 ----A---- C:\WINDOWS\system32\iismap.dll
2010-03-15 10:33:14 ----A---- C:\WINDOWS\system32\iisext.dll
2010-03-15 10:33:14 ----A---- C:\WINDOWS\system32\adsiis.dll
2010-03-15 10:33:13 ----A---- C:\WINDOWS\system32\iisRtl.dll
2010-03-15 10:33:13 ----A---- C:\WINDOWS\system32\exstrace.dll
2010-03-15 10:33:13 ----A---- C:\WINDOWS\system32\admwprox.dll
2010-03-15 10:33:11 ----A---- C:\WINDOWS\system32\staxmem.dll
2010-03-15 10:33:10 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-03-15 10:33:10 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-03-15 10:33:10 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-03-15 10:33:09 ----D---- C:\Program Files\Windows NT
2010-03-15 10:33:09 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-03-15 10:33:09 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-03-15 10:33:09 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-03-15 10:33:08 ----A---- C:\WINDOWS\system32\spider.exe
2010-03-15 10:33:07 ----A---- C:\WINDOWS\system32\tsgqec.dll
2010-03-15 10:33:07 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-03-15 10:33:07 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2010-03-15 10:33:07 ----A---- C:\WINDOWS\system32\aaclient.dll
2010-03-15 10:33:06 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-03-15 10:33:06 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-03-15 10:33:06 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-03-15 10:33:06 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-03-15 10:33:06 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-03-15 10:33:06 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-03-15 10:33:05 ----N---- C:\WINDOWS\system32\termsrv.dll
2010-03-15 10:33:05 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-03-15 10:33:05 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-03-15 10:33:05 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-03-15 10:33:05 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-03-15 10:33:05 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-03-15 10:33:05 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-03-15 10:33:05 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-03-15 10:33:04 ----D---- C:\WINDOWS\system32\MsDtc
2010-03-15 10:33:04 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-03-15 10:33:04 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-03-15 10:33:04 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-03-15 10:33:04 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-03-15 10:33:03 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-03-15 10:33:03 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-03-15 10:33:03 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-03-15 10:33:02 ----D---- C:\WINDOWS\system32\Com
2010-03-15 10:33:02 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-03-15 10:33:02 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-03-15 10:33:02 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-03-15 10:33:02 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-03-15 10:33:02 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-03-15 10:33:02 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-03-15 10:33:02 ----A---- C:\WINDOWS\system32\colbact.dll
2010-03-15 10:33:01 ----A---- C:\WINDOWS\system32\stclient.dll
2010-03-15 10:33:01 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-03-15 10:33:01 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-03-15 10:33:01 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-03-15 10:33:01 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-03-15 10:33:00 ----A---- C:\WINDOWS\system32\comuid.dll
2010-03-15 10:33:00 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-03-15 10:33:00 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-03-15 10:32:59 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-03-15 10:32:52 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-03-15 10:32:52 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-03-15 10:32:52 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-03-15 10:32:51 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-03-15 10:32:46 ----D---- C:\Inetpub
2010-03-15 10:32:45 ----D---- C:\WINDOWS\system32\Logfiles

======List of files/folders modified in the last 1 months======

2010-03-15 17:34:13 ----A---- C:\WINDOWS\system.ini
2010-03-15 12:04:28 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-04-09 94360]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-04-09 113960]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-12-15 207232]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-01-23 804317]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-02-04 193216]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\Martin\LOCALS~1\Temp\mbr.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-04-09 731840]
R2 IISADMIN;Správa služby IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-15 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 W3SVC;Publikování na webu; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-04-09 20680]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-03-15 306432]

-----------------EOF-----------------

Jdu psát ESETu

Zatím děkuji za snahu a přeji dobrou noc

VIRY.CZ

Vir v MBR sektoru - nejde odstranit

Vir v MBR sektoru - nejde odstranit

Re: Vir v MBR sektoru - nejde odstranit

Re: Vir v MBR sektoru - nejde odstranit

Re: Vir v MBR sektoru - nejde odstranit

Re: Vir v MBR sektoru - nejde odstranit

Re: Vir v MBR sektoru - nejde odstranit

Re: Vir v MBR sektoru - nejde odstranit

Re: Vir v MBR sektoru - nejde odstranit

Re: Vir v MBR sektoru - nejde odstranit

Re: Vir v MBR sektoru - nejde odstranit

Re: Vir v MBR sektoru - nejde odstranit

Re: Vir v MBR sektoru - nejde odstranit

Re: Vir v MBR sektoru - nejde odstranit

Re: Vir v MBR sektoru - nejde odstranit

Re: Vir v MBR sektoru - nejde odstranit