Nějaký spyware v PC, prosím o pomoc Vyřešeno

[bluu]

Ahoj, posledích pár dní mi spomaluje komp, dočelt jsem se o Mwaw tak jsem ho nainstaloval a našel mi tohle:

Invalid Entry DllName = appmgmts.dll (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}). Action Taken: Deleting Registry Key {c6dc5466-785a-11d2-84d0-00c04fb169f7}.
Object "Xitram Worm" found in File System! Action Taken: No Action Taken.
Object "WinFixer/ErrorSafe Adware" found in File System! Action Taken: No Action Taken.
Object "WhenU.SaveNow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "XP Police Antivirus Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "WhenU.SaveNow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "XP Police Antivirus Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "WhenU.SaveNow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "XP Police Antivirus Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Entry "HKCR\CDO.Address" refers to invalid object "{6BDCDDD9-BEBE-EEEA-BEE8-66268A628049}". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".license". Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMCoreA.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMCoreB.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMCoreC.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMCoreD.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMCoreE.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMDataServicesA.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMDataServicesB.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMDataServicesC.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMDataServicesD.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMDataServicesE.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreA.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreB.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreC.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreD.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreE.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreF.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreG.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreH.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreI.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreJ.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMSearchA.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMSearchB.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMSearchC.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMSearchD.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMSearchE.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File D:\RECYCLER\S-1-5-21-1757981266-630328440-1417001333-1004\Dd1\Universal Crack_Reflexive Games\Reflexorator v1.2.exe infected by "Trojan.Generic.1447472 (DB)" Virus! Action Taken: No Action Taken.

prosim o pomoc jak se toho zbavit, díky vám :)

[Reklama]

[pitimir]

Az na jednu vec nic nebezpecneho...ale pekne poporadi:

1) Napichaj do PC vsetky USB kluce, flash disky a podobne a pouzi Flash Desinfector.


2) Stiahni RSIT. Spust, klik na "Continue". Po dokoneceni by se ti mal otvorit textovy subor. Ten skopiruj sem.
Pokial by sa nieco stalo, najdes ho aj na adrese "C:\rsit\log.txt".

[bluu]

Logfile of random's system information tool 1.06 (written by random/random)
Run by majmo at 2009-09-01 17:26:45
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 52 GB (65%) free of 80 GB
Total RAM: 3071 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:02, on 1.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\System Control Manager\edd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\WINDOWS\BisonCam\BisonHK.exe
C:\WINDOWS\BisonCam\BsMnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Mouse\Amoumain.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\PROGRAM FILES\FRAPS\FRAPS.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Vypress Chat\VyChat.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Altap Salamander 2.5\salamand.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\System32\svchost.exe
D:\QIP8040\qip.exe
D:\WPMP150\miranda32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\majmo\Plocha\RSIT.exe
C:\Program Files\trend micro\majmo.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [BisonHK] C:\WINDOWS\BisonCam\BisonHK.exe
O4 - HKLM\..\Run: [BsMnt] C:\WINDOWS\BisonCam\BsMnt.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Fraps] C:\PROGRAM FILES\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife 3\HDDlifeNB.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Vypress Chat StartUp.lnk = ?
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra 'Tools' menuitem: Nastavení aplikace &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9723079437
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 8454 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll [2009-07-17 2097152]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-04 186904]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-06-09 13537280]
"nwiz"=nwiz.exe /install []
"IntelZeroConfig"=C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [2009-02-27 1368064]
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2009-02-27 1202448]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"MGSysCtrl"=C:\Program Files\System Control Manager\MGSysCtrl.exe [2007-11-21 180224]
"BisonHK"=C:\WINDOWS\BisonCam\BisonHK.exe [2007-03-15 32768]
"BsMnt"=C:\WINDOWS\BisonCam\BsMnt.exe [2007-03-15 172032]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-14 2029640]
"WheelMouse"=C:\Program Files\Mouse\Amoumain.exe [2007-04-19 196608]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-07-09 570664]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2008-12-19 83336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"Fraps"=C:\PROGRAM FILES\FRAPS\FRAPS.EXE [2008-01-14 3182248]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Vypress Chat StartUp.lnk - C:\WINDOWS\Installer\{32230531-F971-468F-9BD4-7C3369F3468B}\iconVCAdvertised.exe

C:\Documents and Settings\majmo\Nabídka Start\Programy\Po spuštění
HDDlife.lnk - C:\Program Files\BinarySense\HDDlife 3\HDDlifeNB.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitSpirit\BitSpirit.exe"="C:\Program Files\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
"C:\Games\Unreal Tournament 3\Binaries\UT3.exe"="C:\Games\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-09-01 17:26:45 ----D---- C:\rsit
2009-09-01 17:24:51 ----RASHD---- C:\autorun.inf
2009-09-01 14:59:48 ----AD---- C:\WINDOWS\system32\runouce.exe
2009-09-01 14:59:48 ----AD---- C:\WINDOWS\rundll16.exe
2009-09-01 14:59:47 ----AD---- C:\WINDOWS\rundl132.dll
2009-09-01 14:59:47 ----AD---- C:\WINDOWS\logo1_.exe
2009-09-01 14:52:28 ----A---- C:\WINDOWS\system32\msvcr80.dll
2009-09-01 14:52:27 ----A---- C:\WINDOWS\system32\msvcp80.dll
2009-09-01 14:52:26 ----A---- C:\WINDOWS\system32\eEmpty.exe
2009-09-01 14:52:24 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2009-09-01 14:52:24 ----A---- C:\WINDOWS\system32\T.COM
2009-09-01 14:52:24 ----A---- C:\WINDOWS\REGEDIT.COM
2009-09-01 14:52:24 ----A---- C:\WINDOWS\R.COM
2009-09-01 14:52:23 ----D---- C:\Program Files\Common Files\MicroWorld
2009-09-01 14:52:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2009-08-31 21:46:41 ----D---- C:\Downloads
2009-08-31 21:46:41 ----D---- C:\Bases
2009-08-31 11:25:17 ----SHD---- C:\Config.Msi
2009-08-29 19:04:11 ----A---- C:\WINDOWS\vtmb.ini
2009-08-26 22:43:52 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-08-26 22:43:51 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-08-26 22:43:50 ----A---- C:\WINDOWS\system32\pthreadGC2.dll
2009-08-26 22:43:49 ----D---- C:\Program Files\ffdshow
2009-08-25 13:23:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe Systems
2009-08-25 13:20:22 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2009-08-24 13:52:12 ----A---- C:\WINDOWS\system32\ReWire.dll
2009-08-24 13:52:10 ----D---- C:\Documents and Settings\majmo\Data aplikací\Tracktion
2009-08-24 13:51:38 ----D---- C:\Program Files\Tracktion2
2009-08-22 12:48:34 ----D---- C:\Program Files\Fraps
2009-08-22 12:34:39 ----D---- C:\Program Files\Common Files\Native Instruments
2009-08-22 12:34:36 ----D---- C:\Program Files\Common Files\Digidesign
2009-08-22 12:33:59 ----D---- C:\Program Files\Native Instruments
2009-08-21 08:08:43 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-21 08:08:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-08-20 20:36:25 ----D---- C:\Documents and Settings\majmo\Data aplikací\InstallShield Installation Information
2009-08-20 20:26:27 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-08-20 20:26:27 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-08-20 20:26:26 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-08-20 20:26:25 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-08-20 20:26:25 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-08-20 20:26:24 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-08-20 20:26:24 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-08-20 20:26:23 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-08-20 20:26:23 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-08-20 20:26:21 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-08-20 20:26:21 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-08-20 20:26:21 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-08-20 20:26:21 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-08-20 20:26:21 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-08-20 20:26:20 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-08-20 20:25:53 ----D---- C:\WINDOWS\system32\AGEIA
2009-08-20 20:25:52 ----D---- C:\Program Files\AGEIA Technologies
2009-08-20 20:25:34 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-08-20 11:43:09 ----D---- C:\Program Files\Trend Micro
2009-08-19 18:11:56 ----D---- C:\Documents and Settings\majmo\Data aplikací\Help
2009-08-19 18:01:28 ----D---- C:\Program Files\Acoustica Beatcraft
2009-08-19 15:32:13 ----D---- C:\Program Files\DOSBox-0.73
2009-08-19 14:04:47 ----D---- C:\WINDOWS\pss
2009-08-18 21:19:24 ----D---- C:\Documents and Settings\majmo\Data aplikací\BinarySense
2009-08-18 21:19:21 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2009-08-18 21:19:15 ----D---- C:\Program Files\Common Files\BinarySense
2009-08-18 16:38:05 ----D---- C:\Program Files\Oldgames
2009-08-16 20:52:07 ----D---- C:\Program Files\Doomsday
2009-08-16 19:33:53 ----D---- C:\Program Files\Google
2009-08-16 13:48:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\TOSHIBA
2009-08-16 13:30:52 ----D---- C:\Program Files\Toshiba
2009-08-15 14:44:25 ----HD---- C:\WINDOWS\PIF
2009-08-14 13:10:52 ----D---- C:\Documents and Settings\majmo\Data aplikací\Mp3tag
2009-08-14 13:10:43 ----D---- C:\Program Files\Mp3tag
2009-08-13 21:45:39 ----A---- C:\WINDOWS\War3Unin.exe
2009-08-12 17:05:43 ----D---- C:\Program Files\ACD
2009-08-11 17:24:56 ----A---- C:\WINDOWS\Winchat.ini
2009-08-11 13:10:31 ----A---- C:\WINDOWS\IsUninst.exe
2009-08-11 11:26:26 ----D---- C:\Program Files\RMClock
2009-08-10 17:43:58 ----D---- C:\Program Files\Guitar Pro 5
2009-08-08 19:57:11 ----D---- C:\WINDOWS\system32\LogFiles
2009-08-08 19:44:08 ----A---- C:\WINDOWS\system32\kbdkor.dll
2009-08-08 19:44:08 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2009-08-08 19:44:08 ----A---- C:\WINDOWS\system32\kbd103.dll
2009-08-08 19:44:08 ----A---- C:\WINDOWS\system32\kbd101c.dll
2009-08-08 19:44:06 ----A---- C:\WINDOWS\system32\kbd101b.dll
2009-08-08 19:44:05 ----A---- C:\WINDOWS\system32\kbd106.dll
2009-08-08 11:49:29 ----D---- C:\Temp
2009-08-08 11:49:13 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-08 11:48:03 ----D---- C:\Program Files\MSXML 4.0
2009-08-08 11:44:18 ----D---- C:\Program Files\coolpro2
2009-08-08 11:31:45 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-08-08 11:31:45 ----D---- C:\WINDOWS\system32\PreInstall
2009-08-08 11:31:45 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-08-08 11:31:43 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-08 11:18:06 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-08-08 10:30:08 ----A---- C:\WINDOWS\system32\dxva_sig.txt
2009-08-08 03:02:11 ----A---- C:\debugoutput.txt
2009-08-08 02:04:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Last.fm
2009-08-08 02:03:48 ----D---- C:\Program Files\Last.fm
2009-08-08 01:02:24 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-08-08 01:00:25 ----SHD---- C:\RECYCLER
2009-08-08 00:38:27 ----D---- C:\Program Files\Microsoft Bootvis
2009-08-07 22:35:25 ----A---- C:\WINDOWS\system32\wpa.bak
2009-08-07 22:22:54 ----D---- C:\Games
2009-08-07 19:36:37 ----D---- C:\Documents and Settings\majmo\Data aplikací\BitSpirit
2009-08-07 15:43:10 ----D---- C:\Documents and Settings\majmo\Data aplikací\Adobe
2009-08-07 15:43:07 ----D---- C:\Documents and Settings\majmo\Data aplikací\Macromedia
2009-08-07 15:23:20 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-07 14:03:49 ----D---- C:\WINDOWS\system32\NtmsData
2009-08-07 13:33:44 ----D---- C:\Documents and Settings\majmo\Data aplikací\Nero
2009-08-07 13:15:46 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2009-08-07 13:13:43 ----D---- C:\Program Files\Nero
2009-08-07 13:13:43 ----D---- C:\Program Files\Common Files\Nero
2009-08-07 13:13:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2009-08-07 13:12:10 ----D---- C:\WINDOWS\RegisteredPackages
2009-08-07 13:10:35 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-08-07 13:10:34 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-08-07 13:05:55 ----A---- C:\WINDOWS\system32\h323log.txt
2009-08-07 12:58:08 ----A---- C:\WINDOWS\system32\usbui.dll
2009-08-07 12:57:05 ----SHD---- C:\WINDOWS\Installer
2009-08-07 12:57:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-07 12:57:04 ----D---- C:\Program Files\Common Files\ODBC
2009-08-07 12:57:04 ----A---- C:\WINDOWS\ODBCINST.INI
2009-08-07 12:57:01 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-08-07 12:57:01 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-08-07 12:57:00 ----RD---- C:\Program Files
2009-08-07 12:57:00 ----D---- C:\Program Files\Common Files
2009-08-07 12:56:57 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-08-07 12:56:57 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-08-07 12:56:57 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-08-07 12:56:55 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-08-07 12:56:55 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-08-07 12:56:55 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-08-07 12:56:55 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-08-07 12:56:55 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-08-07 12:56:55 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-08-07 12:56:55 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-08-07 12:56:55 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-08-07 12:56:55 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-08-07 12:56:55 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-08-07 12:56:55 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-08-07 12:56:55 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-08-07 12:56:53 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-08-07 12:56:53 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-08-07 12:56:53 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-08-07 12:56:53 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-08-07 12:56:53 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-08-07 12:56:53 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-08-07 12:56:53 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-08-07 12:56:51 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-08-07 12:56:51 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-08-07 12:56:51 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-08-07 12:56:51 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-08-07 12:56:51 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-08-07 12:56:48 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2009-08-07 12:56:48 ----A---- C:\WINDOWS\system32\kbdsl.dll
2009-08-07 12:56:48 ----A---- C:\WINDOWS\system32\kbdro.dll
2009-08-07 12:56:48 ----A---- C:\WINDOWS\system32\kbdpl.dll
2009-08-07 12:56:47 ----A---- C:\WINDOWS\system32\kbdycl.dll
2009-08-07 12:56:47 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2009-08-07 12:56:47 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2009-08-07 12:56:47 ----A---- C:\WINDOWS\system32\kbdhu.dll
2009-08-07 12:56:47 ----A---- C:\WINDOWS\system32\kbdcr.dll
2009-08-07 12:56:47 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2009-08-07 12:56:46 ----A---- C:\WINDOWS\system32\irclass.dll
2009-08-07 12:56:46 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-08-07 12:56:46 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-08-07 12:56:45 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-08-07 12:56:45 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-08-07 12:56:43 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-08-07 12:56:43 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-08-07 12:56:43 ----A---- C:\WINDOWS\system32\batt.dll
2009-08-07 12:56:42 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-08-07 12:56:41 ----A---- C:\WINDOWS\system32\storprop.dll
2009-08-07 12:56:34 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2009-08-07 12:56:31 ----RA---- C:\WINDOWS\SET8.tmp
2009-08-07 12:56:29 ----RA---- C:\WINDOWS\SET4.tmp
2009-08-07 12:56:27 ----RA---- C:\WINDOWS\SET3.tmp
2009-08-07 12:56:22 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-07 12:56:22 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-07 12:56:17 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2009-08-07 12:55:22 ----D---- C:\Documents and Settings
2009-08-07 12:55:21 ----SHD---- C:\System Volume Information
2009-08-07 12:54:36 ----SH---- C:\boot.ini
2009-08-07 12:52:46 ----D---- C:\Program Files\Mouse
2009-08-07 12:48:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-07 12:48:34 ----RSD---- C:\WINDOWS\Fonts
2009-08-07 12:48:34 ----RD---- C:\WINDOWS\Web
2009-08-07 12:48:34 ----HD---- C:\WINDOWS\inf
2009-08-07 12:48:34 ----D---- C:\WINDOWS\WinSxS
2009-08-07 12:48:34 ----D---- C:\WINDOWS\twain_32
2009-08-07 12:48:34 ----D---- C:\WINDOWS\Temp
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\wins
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\wbem
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\usmt
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\spool
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\ShellExt
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\Setup
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\ras
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\oobe
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\npp
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\mui
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\inetsrv
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\IME
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\icsxml
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\ias
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\export
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\drivers
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\dhcp
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\cs-cz
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\cs
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\config
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\3com_dmi
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\3076
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\2052
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\1054
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\1042
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\1041
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\1037
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\1033
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\1031
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\1029
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\1028
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32\1025
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system32
2009-08-07 12:48:34 ----D---- C:\WINDOWS\system
2009-08-07 12:48:34 ----D---- C:\WINDOWS\security
2009-08-07 12:48:34 ----D---- C:\WINDOWS\Resources
2009-08-07 12:48:34 ----D---- C:\WINDOWS\repair
2009-08-07 12:48:34 ----D---- C:\WINDOWS\Provisioning
2009-08-07 12:48:34 ----D---- C:\WINDOWS\pchealth
2009-08-07 12:48:34 ----D---- C:\WINDOWS\PeerNet
2009-08-07 12:48:34 ----D---- C:\WINDOWS\Network Diagnostic
2009-08-07 12:48:34 ----D---- C:\WINDOWS\mui
2009-08-07 12:48:34 ----D---- C:\WINDOWS\msapps
2009-08-07 12:48:34 ----D---- C:\WINDOWS\msagent
2009-08-07 12:48:34 ----D---- C:\WINDOWS\Media
2009-08-07 12:48:34 ----D---- C:\WINDOWS\L2Schemas
2009-08-07 12:48:34 ----D---- C:\WINDOWS\java
2009-08-07 12:48:34 ----D---- C:\WINDOWS\ime
2009-08-07 12:48:34 ----D---- C:\WINDOWS\Help
2009-08-07 12:48:34 ----D---- C:\WINDOWS\Driver Cache
2009-08-07 12:48:34 ----D---- C:\WINDOWS\Debug
2009-08-07 12:48:34 ----D---- C:\WINDOWS\Cursors
2009-08-07 12:48:34 ----D---- C:\WINDOWS\Connection Wizard
2009-08-07 12:48:34 ----D---- C:\WINDOWS\Config
2009-08-07 12:48:34 ----D---- C:\WINDOWS\AppPatch
2009-08-07 12:48:34 ----D---- C:\WINDOWS\addins
2009-08-07 12:48:34 ----D---- C:\WINDOWS
2009-08-07 12:47:00 ----D---- C:\Program Files\CCleaner
2009-08-07 12:45:48 ----D---- C:\Documents and Settings\majmo\Data aplikací\VyPRESS
2009-08-07 12:45:31 ----D---- C:\Program Files\Vypress Chat
2009-08-07 12:44:25 ----D---- C:\Program Files\CPUID
2009-08-07 12:39:50 ----D---- C:\Program Files\The KMPlayer
2009-08-07 12:38:17 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-08-07 12:38:17 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-08-07 12:38:17 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-08-07 12:38:17 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-08-07 12:38:17 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-08-07 12:38:17 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-08-07 12:38:17 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-08-07 12:38:17 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-08-07 12:38:17 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-08-07 12:38:17 ----N---- C:\WINDOWS\system32\px.dll
2009-08-07 12:38:13 ----D---- C:\Program Files\Winamp
2009-08-07 12:38:13 ----D---- C:\Documents and Settings\majmo\Data aplikací\Winamp
2009-08-07 12:36:57 ----D---- C:\Program Files\MozBackup
2009-08-07 12:34:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2009-08-07 12:34:18 ----D---- C:\Program Files\DAEMON Tools Toolbar
2009-08-07 12:34:06 ----D---- C:\Program Files\DAEMON Tools Lite
2009-08-07 12:30:26 ----D---- C:\Documents and Settings\majmo\Data aplikací\DAEMON Tools Lite
2009-08-07 12:30:03 ----D---- C:\Documents and Settings\majmo\Data aplikací\Talkback
2009-08-07 12:29:57 ----D---- C:\Documents and Settings\majmo\Data aplikací\Thunderbird
2009-08-07 12:29:49 ----D---- C:\Program Files\Mozilla Thunderbird
2009-08-07 12:29:07 ----D---- C:\Documents and Settings\majmo\Data aplikací\Mozilla
2009-08-07 12:28:51 ----D---- C:\Program Files\Mozilla Firefox
2009-08-07 12:27:08 ----D---- C:\Program Files\ESET
2009-08-07 12:27:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2009-08-07 12:26:22 ----D---- C:\Program Files\Common Files\BitSpirit
2009-08-07 12:26:21 ----D---- C:\Program Files\BitSpirit
2009-08-07 12:25:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2009-08-07 12:25:23 ----D---- C:\Program Files\Common Files\Adobe
2009-08-07 12:25:23 ----D---- C:\Program Files\Adobe
2009-08-07 12:24:17 ----D---- C:\Program Files\Sunbelt Software
2009-08-07 12:19:55 ----D---- C:\WINDOWS\Snapshot
2009-08-07 12:19:37 ----A---- C:\WINDOWS\system32\BisonRem.dll
2009-08-07 12:19:37 ----A---- C:\WINDOWS\M2000Twn.ini
2009-08-07 12:19:33 ----D---- C:\WINDOWS\BisonCam
2009-08-07 12:16:50 ----D---- C:\Program Files\System Control Manager
2009-08-07 12:16:50 ----A---- C:\WINDOWS\system32\MGPwrShm.dll
2009-08-07 12:16:50 ----A---- C:\WINDOWS\system32\MGHwCtrl.dll
2009-08-07 12:16:50 ----A---- C:\WINDOWS\system32\MGFPMCE.dll
2009-08-07 12:16:50 ----A---- C:\WINDOWS\system32\MGFPCtrl.dll
2009-08-07 12:16:50 ----A---- C:\WINDOWS\system32\IdleTrac.dll
2009-08-07 12:15:11 ----D---- C:\Program Files\Altap Salamander 2.5
2009-08-07 12:13:51 ----D---- C:\WINDOWS\system32\SDA
2009-08-07 12:13:51 ----D---- C:\Program Files\O2Micro Flash Memory Card Driver
2009-08-07 12:13:51 ----A---- C:\WINDOWS\system32\O2Icon_2.dll
2009-08-07 12:13:51 ----A---- C:\WINDOWS\system32\O2Icon.dll
2009-08-07 12:13:10 ----N---- C:\WINDOWS\system32\agrsmdel.exe
2009-08-07 12:13:00 ----D---- C:\WINDOWS\Options
2009-08-07 12:12:54 ----A---- C:\WINDOWS\system32\agrsmsvc.exe
2009-08-07 12:12:54 ----A---- C:\WINDOWS\agrsmdel.exe
2009-08-07 12:12:53 ----N---- C:\WINDOWS\system32\agrscoin.dll
2009-08-07 12:11:43 ----D---- C:\WINDOWS\system32\Lang
2009-08-07 12:10:30 ----A---- C:\WINDOWS\system32\ChCfg.exe
2009-08-07 12:10:21 ----D---- C:\WINDOWS\system32\RTCOM
2009-08-07 12:10:20 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-08-07 12:10:17 ----A---- C:\WINDOWS\SoundMan.exe
2009-08-07 12:10:17 ----A---- C:\WINDOWS\SkyTel.exe
2009-08-07 12:10:17 ----A---- C:\WINDOWS\RtlUpd.exe
2009-08-07 12:10:16 ----A---- C:\WINDOWS\RTLCPL.exe
2009-08-07 12:10:15 ----D---- C:\Program Files\Realtek
2009-08-07 12:10:15 ----A---- C:\WINDOWS\RTHDCPL.exe
2009-08-07 12:10:15 ----A---- C:\WINDOWS\MicCal.exe
2009-08-07 12:10:15 ----A---- C:\WINDOWS\alcwzrd.exe
2009-08-07 12:10:15 ----A---- C:\WINDOWS\Alcmtr.exe
2009-08-07 12:09:56 ----A---- C:\WINDOWS\RtlExUpd.dll
2009-08-07 12:09:56 ----A---- C:\WINDOWS\HideWin.exe
2009-08-07 12:07:43 ----D---- C:\Program Files\DIFX
2009-08-07 12:04:34 ----D---- C:\Documents and Settings\majmo\Data aplikací\Intel
2009-08-07 12:04:22 ----A---- C:\WINDOWS\system32\NETw5r32.dll
2009-08-07 12:04:22 ----A---- C:\WINDOWS\system32\NETw5c32.dll
2009-08-07 12:04:15 ----D---- C:\Program Files\Common Files\Intel
2009-08-07 12:04:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Intel
2009-08-07 11:42:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2009-08-07 11:41:06 ----D---- C:\WINDOWS\nview
2009-08-07 11:41:06 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-08-07 11:40:55 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-08-07 11:40:48 ----D---- C:\Program Files\Common Files\InstallShield
2009-08-07 11:35:27 ----A---- C:\WINDOWS\system32\nwiz.exe
2009-08-07 11:35:27 ----A---- C:\WINDOWS\system32\nvwssr.dll
2009-08-07 11:35:27 ----A---- C:\WINDOWS\system32\nvwss.dll
2009-08-07 11:35:27 ----A---- C:\WINDOWS\system32\nvwrszht.dll
2009-08-07 11:35:27 ----A---- C:\WINDOWS\system32\nvwrszhc.dll
2009-08-07 11:35:27 ----A---- C:\WINDOWS\system32\nvwrssv.dll
2009-08-07 11:35:27 ----A---- C:\WINDOWS\system32\nvwrsru.dll
2009-08-07 11:35:27 ----A---- C:\WINDOWS\system32\nvwrsptb.dll
2009-08-07 11:35:27 ----A---- C:\WINDOWS\system32\nvwrsno.dll
2009-08-07 11:35:27 ----A---- C:\WINDOWS\system32\nvwrsnl.dll
2009-08-07 11:35:27 ----A---- C:\WINDOWS\system32\nvwrsko.dll
2009-08-07 11:35:27 ----A---- C:\WINDOWS\system32\nvwrsja.dll
2009-08-07 11:35:27 ----A---- C:\WINDOWS\system32\nvwrsit.dll
2009-08-07 11:35:27 ----A---- C:\WINDOWS\system32\nvwrshu.dll
2009-08-07 11:35:27 ----A---- C:\WINDOWS\system32\nvwrshe.dll
2009-08-07 11:35:27 ----A---- C:\WINDOWS\system32\nvwrsfr.dll
2009-08-07 11:35:27 ----A---- C:\WINDOWS\system32\nvwrsfi.dll
2009-08-07 11:35:27 ----A---- C:\WINDOWS\system32\nvwrses.dll
2009-08-07 11:35:27 ----A---- C:\WINDOWS\system32\nvwrseng.dll
2009-08-07 11:35:27 ----A---- C:\WINDOWS\system32\nvwrsda.dll
2009-08-07 11:35:27 ----A---- C:\WINDOWS\system32\nvwrscs.dll
2009-08-07 11:35:27 ----A---- C:\WINDOWS\system32\nvwrsar.dll
2009-08-07 11:35:27 ----A---- C:\WINDOWS\system32\nvwimg.dll
2009-08-07 11:35:27 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2009-08-07 11:35:27 ----A---- C:\WINDOWS\system32\nvwddi.dll
2009-08-07 11:35:24 ----A---- C:\WINDOWS\system32\nvvitvsr.dll
2009-08-07 11:35:24 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2009-08-07 11:35:24 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2009-08-07 11:35:24 ----A---- C:\WINDOWS\system32\nvshell.dll
2009-08-07 11:35:24 ----A---- C:\WINDOWS\system32\nvrszht.dll
2009-08-07 11:35:24 ----A---- C:\WINDOWS\system32\nvrszhc.dll
2009-08-07 11:35:24 ----A---- C:\WINDOWS\system32\nvrssv.dll
2009-08-07 11:35:24 ----A---- C:\WINDOWS\system32\nvrsru.dll
2009-08-07 11:35:24 ----A---- C:\WINDOWS\system32\nvrsptb.dll
2009-08-07 11:35:24 ----A---- C:\WINDOWS\system32\nvrsno.dll
2009-08-07 11:35:24 ----A---- C:\WINDOWS\system32\nvrsnl.dll
2009-08-07 11:35:24 ----A---- C:\WINDOWS\system32\nvrsko.dll
2009-08-07 11:35:24 ----A---- C:\WINDOWS\system32\nvrsja.dll
2009-08-07 11:35:23 ----A---- C:\WINDOWS\system32\nvrsit.dll
2009-08-07 11:35:23 ----A---- C:\WINDOWS\system32\nvrshu.dll
2009-08-07 11:35:23 ----A---- C:\WINDOWS\system32\nvrshe.dll
2009-08-07 11:35:22 ----A---- C:\WINDOWS\system32\nvrsfr.dll
2009-08-07 11:35:22 ----A---- C:\WINDOWS\system32\nvrsfi.dll
2009-08-07 11:35:22 ----A---- C:\WINDOWS\system32\nvrses.dll
2009-08-07 11:35:22 ----A---- C:\WINDOWS\system32\nvrseng.dll
2009-08-07 11:35:22 ----A---- C:\WINDOWS\system32\nvrsda.dll
2009-08-07 11:35:22 ----A---- C:\WINDOWS\system32\nvrscs.dll
2009-08-07 11:35:22 ----A---- C:\WINDOWS\system32\nvrsar.dll
2009-08-07 11:35:22 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2009-08-07 11:35:21 ----A---- C:\WINDOWS\system32\nvmoblsr.dll
2009-08-07 11:35:20 ----A---- C:\WINDOWS\system32\nvmobls.dll
2009-08-07 11:35:15 ----A---- C:\WINDOWS\system32\nvmctray.dll
2009-08-07 11:35:15 ----A---- C:\WINDOWS\system32\nvmccssr.dll
2009-08-07 11:35:15 ----A---- C:\WINDOWS\system32\nvmccss.dll
2009-08-07 11:35:15 ----A---- C:\WINDOWS\system32\nview.dll
2009-08-07 11:35:15 ----A---- C:\WINDOWS\system32\nvgamesr.dll
2009-08-07 11:35:15 ----A---- C:\WINDOWS\system32\nvgames.dll
2009-08-07 11:35:15 ----A---- C:\WINDOWS\system32\nvexpbar.dll
2009-08-07 11:35:14 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2009-08-07 11:35:07 ----A---- C:\WINDOWS\system32\nvdispsr.dll
2009-08-07 11:35:07 ----A---- C:\WINDOWS\system32\nvdisps.dll
2009-08-07 11:35:07 ----A---- C:\WINDOWS\system32\nvcuda.dll
2009-08-07 11:35:06 ----A---- C:\WINDOWS\system32\nvcpluir.dll
2009-08-07 11:35:06 ----A---- C:\WINDOWS\system32\nvcplui.exe
2009-08-07 11:34:59 ----A---- C:\WINDOWS\system32\nvcpl.dll
2009-08-07 11:34:58 ----A---- C:\WINDOWS\system32\nvcolor.exe
2009-08-07 11:34:57 ----A---- C:\WINDOWS\system32\nvcodins.dll
2009-08-07 11:34:57 ----A---- C:\WINDOWS\system32\nvcod.dll
2009-08-07 11:34:57 ----A---- C:\WINDOWS\system32\nvappbar.exe
2009-08-07 11:34:57 ----A---- C:\WINDOWS\system32\nvapi.dll
2009-08-07 11:34:56 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-08-07 11:34:50 ----A---- C:\WINDOWS\system32\keystone.exe
2009-08-07 11:30:36 ----A---- C:\WINDOWS\system32\difxapi.dll
2009-08-07 11:30:25 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-07 11:30:24 ----D---- C:\Documents and Settings\majmo\Data aplikací\InstallShield
2009-08-07 11:25:18 ----D---- C:\DRIVERS
2009-08-07 11:21:27 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-08-07 11:21:24 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-07 11:21:24 ----D---- C:\Program Files\Intel
2009-08-07 11:21:15 ----D---- C:\Intel
2009-08-07 11:17:48 ----A---- C:\deviceInfo.txt
2009-08-07 11:16:44 ----D---- C:\Documents and Settings\majmo\Data aplikací\Identities
2009-08-07 11:16:42 ----HD---- C:\Program Files\Uninstall Information
2009-08-07 11:16:36 ----SD---- C:\Documents and Settings\majmo\Data aplikací\Microsoft
2009-08-07 11:16:36 ----ASH---- C:\Documents and Settings\majmo\Data aplikací\desktop.ini
2009-08-07 11:15:53 ----D---- C:\WINDOWS\SoftwareDistribution
2009-08-07 11:15:51 ----D---- C:\WINDOWS\Prefetch
2009-08-07 11:15:50 ----SD---- C:\WINDOWS\system32\Microsoft
2009-08-07 11:15:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-07 11:12:53 ----D---- C:\WINDOWS\system32\xircom
2009-08-07 11:12:53 ----D---- C:\Program Files\xerox
2009-08-07 11:12:53 ----D---- C:\Program Files\microsoft frontpage
2009-08-07 11:12:44 ----N---- C:\AUTOEXEC.BAT
2009-08-07 11:12:44 ----A---- C:\WINDOWS\control.ini
2009-08-07 11:12:32 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-08-07 11:11:51 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-07 11:11:51 ----RD---- C:\WINDOWS\Offline Web Pages
2009-08-07 11:11:50 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-08-07 11:11:46 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-08-07 11:11:42 ----HD---- C:\Program Files\WindowsUpdate
2009-08-07 11:11:38 ----D---- C:\Program Files\Online Services
2009-08-07 11:11:21 ----D---- C:\WINDOWS\system32\DirectX
2009-08-07 11:11:14 ----A---- C:\WINDOWS\system32\atrace.dll
2009-08-07 11:11:11 ----A---- C:\WINDOWS\system32\desktop.ini
2009-08-07 11:11:11 ----A---- C:\WINDOWS\desktop.ini
2009-08-07 11:11:03 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-08-07 11:11:02 ----A---- C:\WINDOWS\system32\acctres.dll
2009-08-07 11:11:01 ----D---- C:\Program Files\Common Files\Services
2009-08-07 11:10:58 ----SD---- C:\WINDOWS\Tasks
2009-08-07 11:10:58 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-08-07 11:10:57 ----D---- C:\Program Files\Common Files\MSSoap
2009-08-07 11:10:53 ----D---- C:\WINDOWS\srchasst
2009-08-07 11:10:52 ----D---- C:\WINDOWS\system32\Macromed
2009-08-07 11:10:49 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-08-07 11:10:49 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-08-07 11:10:49 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-08-07 11:10:49 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-08-07 11:10:48 ----A---- C:\WINDOWS\system32\wups.dll
2009-08-07 11:10:48 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-08-07 11:10:48 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-08-07 11:10:48 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-08-07 11:10:48 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-08-07 11:10:48 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-08-07 11:10:48 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-08-07 11:10:48 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-08-07 11:10:47 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-08-07 11:10:47 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-08-07 11:10:43 ----D---- C:\Program Files\Movie Maker
2009-08-07 11:10:23 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-08-07 11:10:23 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-08-07 11:10:23 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-08-07 11:10:23 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-08-07 11:10:20 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-08-07 11:10:19 ----D---- C:\WINDOWS\system32\Restore
2009-08-07 11:10:19 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-08-07 11:10:19 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-08-07 11:10:19 ----A---- C:\WINDOWS\system32\srclient.dll
2009-08-07 11:10:19 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-08-07 11:10:18 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-08-07 11:10:18 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-08-07 11:10:18 ----A---- C:\WINDOWS\system32\ils.dll
2009-08-07 11:10:17 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-08-07 11:10:17 ----A---- C:\WINDOWS\system32\msconf.dll
2009-08-07 11:10:17 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-08-07 11:10:14 ----D---- C:\Program Files\NetMeeting
2009-08-07 11:10:14 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-08-07 11:10:14 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-08-07 11:10:13 ----A---- C:\WINDOWS\system32\inetres.dll
2009-08-07 11:10:13 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-08-07 11:10:11 ----D---- C:\Program Files\Outlook Express
2009-08-07 11:10:11 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-08-07 11:10:10 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-08-07 11:10:10 ----A---- C:\WINDOWS\system32\mstask.dll
2009-08-07 11:10:10 ----A---- C:\WINDOWS\system32\isign32.dll
2009-08-07 11:10:10 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-08-07 11:10:10 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-08-07 11:10:10 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-08-07 11:10:03 ----D---- C:\Program Files\Common Files\System
2009-08-07 11:09:58 ----D---- C:\Program Files\Internet Explorer
2009-08-07 11:09:46 ----D---- C:\Program Files\ComPlus Applications
2009-08-07 11:09:44 ----A---- C:\WINDOWS\vbaddin.ini
2009-08-07 11:09:44 ----A---- C:\WINDOWS\vb.ini
2009-08-07 11:09:39 ----D---- C:\WINDOWS\Registration
2009-08-07 11:09:09 ----D---- C:\Program Files\Windows Media Player
2009-08-07 11:09:04 ----D---- C:\Program Files\Messenger
2009-08-07 11:08:59 ----D---- C:\Program Files\MSN Gaming Zone
2009-08-07 11:08:59 ----A---- C:\WINDOWS\system32\write.exe
2009-08-07 11:08:48 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-08-07 11:08:48 ----A---- C:\WINDOWS\system32\hticons.dll
2009-08-07 11:08:48 ----A---- C:\WINDOWS\system32\avwav.dll
2009-08-07 11:08:48 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-08-07 11:08:48 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-08-07 11:08:47 ----A---- C:\WINDOWS\system32\winchat.exe
2009-08-07 11:08:40 ----A---- C:\WINDOWS\system32\getuname.dll
2009-08-07 11:08:39 ----A---- C:\WINDOWS\system32\winmine.exe
2009-08-07 11:08:39 ----A---- C:\WINDOWS\system32\sol.exe
2009-08-07 11:08:39 ----A---- C:\WINDOWS\system32\charmap.exe
2009-08-07 11:08:39 ----A---- C:\WINDOWS\system32\calc.exe
2009-08-07 11:08:38 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-08-07 11:08:38 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-08-07 11:08:38 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-08-07 11:08:38 ----A---- C:\WINDOWS\system32\tskill.exe
2009-08-07 11:08:38 ----A---- C:\WINDOWS\system32\reset.exe
2009-08-07 11:08:38 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-08-07 11:08:38 ----A---- C:\WINDOWS\system32\freecell.exe
2009-08-07 11:08:37 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-08-07 11:08:37 ----A---- C:\WINDOWS\system32\tscon.exe
2009-08-07 11:08:37 ----A---- C:\WINDOWS\system32\shadow.exe
2009-08-07 11:08:37 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-08-07 11:08:37 ----A---- C:\WINDOWS\system32\regini.exe
2009-08-07 11:08:37 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-08-07 11:08:37 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-08-07 11:08:37 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-08-07 11:08:37 ----A---- C:\WINDOWS\system32\msg.exe
2009-08-07 11:08:37 ----A---- C:\WINDOWS\system32\logoff.exe
2009-08-07 11:08:37 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-08-07 11:08:36 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-08-07 11:08:30 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-08-07 11:08:29 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-08-07 11:08:29 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-08-07 11:08:29 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-08-07 11:08:28 ----D---- C:\Program Files\Windows NT
2009-08-07 11:08:28 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-08-07 11:08:28 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-08-07 11:08:27 ----A---- C:\WINDOWS\system32\spider.exe
2009-08-07 11:08:26 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-08-07 11:08:26 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-08-07 11:08:26 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-08-07 11:08:26 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-08-07 11:08:25 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-08-07 11:08:25 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-08-07 11:08:24 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-08-07 11:08:24 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-08-07 11:08:24 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-08-07 11:08:24 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-08-07 11:08:24 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-08-07 11:08:24 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-08-07 11:08:24 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-08-07 11:08:24 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-08-07 11:08:24 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-08-07 11:08:24 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-08-07 11:08:23 ----D---- C:\WINDOWS\system32\MsDtc
2009-08-07 11:08:23 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-08-07 11:08:23 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-08-07 11:08:23 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-08-07 11:08:23 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-08-07 11:08:23 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-08-07 11:08:22 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-08-07 11:08:22 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-08-07 11:08:22 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-08-07 11:08:22 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-08-07 11:08:21 ----D---- C:\WINDOWS\system32\Com
2009-08-07 11:08:21 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-08-07 11:08:21 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-08-07 11:08:21 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-08-07 11:08:21 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-08-07 11:08:21 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-08-07 11:08:21 ----A---- C:\WINDOWS\system32\colbact.dll
2009-08-07 11:08:20 ----A---- C:\WINDOWS\system32\stclient.dll
2009-08-07 11:08:20 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-08-07 11:08:20 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-08-07 11:08:20 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-08-07 11:08:20 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-08-07 11:08:20 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-08-07 11:08:19 ----A---- C:\WINDOWS\system32\comuid.dll
2009-08-07 11:08:19 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-08-07 11:08:19 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-08-07 11:08:18 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-08-07 11:08:13 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-08-07 11:08:13 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-08-07 11:08:13 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-08-07 11:08:12 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2009-08-31 19:02:26 ----A---- C:\WINDOWS\system.ini
2009-08-25 10:48:42 ----A---- C:\WINDOWS\win.ini
2009-08-05 11:01:14 ----A---- C:\WINDOWS\system32\mswebdvd.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Amfilter;Compatible Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2007-04-19 8704]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2008-08-22 64000]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 NTPCI;NTPCI; \??\C:\WINDOWS\system32\drivers\ntpci.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-08-13 11904]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2007-04-19 14336]
R3 Amusbprt;Compatible HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2007-04-19 14336]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
R3 MGHwCtrl;MGHwCtrl; \??\C:\WINDOWS\system32\drivers\MGHwCtrl.sys []
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2009-03-04 4202496]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-06-09 6584160]
R3 O2MDRDR;O2MDRDR; C:\WINDOWS\system32\DRIVERS\o2media.sys [2008-04-15 51160]
R3 O2SDRDR;O2SDRDR; C:\WINDOWS\system32\DRIVERS\o2sd.sys [2008-04-08 43736]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-05-31 96896]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2008-03-25 41472]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 aa7zgjk0;aa7zgjk0; C:\WINDOWS\system32\drivers\aa7zgjk0.sys []
S3 Cam5603D;BisonCam, NB Pro; C:\WINDOWS\System32\Drivers\BisonCam.sys [2007-08-20 783272]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2008-10-06 137984]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2008-08-27 74240]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2008-12-11 54272]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2009-01-15 42880]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-02-27 870672]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-04 354840]
R2 NishService;SCM Driver Daemon; C:\Program Files\System Control Manager\edd.exe [2006-03-22 40960]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-06-09 159812]
R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [2007-02-12 65536]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-02-27 473360]
R2 S24EventMonitor;Intel(R) PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2009-02-27 909312]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2008-10-10 132456]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-16 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-08-25 72704]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-14 20680]

-----------------EOF-----------------

[pitimir]

OK,teraz este nas5 k MWAVu. Prvych niekolko poloziek je neplatnych (asi vyliecene infekcie zabudnute v registroch). Tie nas nezaujimaju. Dalsich par su poskodene (?) subory, takze zase nic. Avsak ten posledny je zaujimavy z 2 dovodov - je v kosi a tam sa zvykne ukryvat autorun infektor (preto ten bod c.1, vytvori nove autorun.inf na vsetkych jednotkych) - ale toto je malo pravdepodobne, slo len o krok "pre istotu". Skor nas zaujima preto, lebo mal pozitivnu detekciu. Takze nasledovny krok:

Stiahni Avenger. Spust ho a suhlas s podmienkami atd.
Do bieleho pola v strede programu vloz skript:

Kód: Vybrat vše

Files to delete:
D:\RECYCLER\S-1-5-21-1757981266-630328440-1417001333-1004\Dd1\Universal Crack_Reflexive Games\Reflexorator v1.2.exe

Stlac "Execute -> "Yes". Restart a vloz log.

[bluu]

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "D:\RECYCLER\S-1-5-21-1757981266-630328440-1417001333-1004\Dd1\Universal Crack_Reflexive Games\Reflexorator v1.2.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[pitimir]

Vyborne. Predpokladam ale, ze spomalenie PC nezmizlo, mam pravdu?

[bluu]

presne tak, start systemu i spousteni je stale pomale jako predtim

[pitimir]

Njn, ideme dalej:

1) Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.

Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!


2) Pojdes sem a nechas si spravit scan. Tu je navod (by sundavis):

[bluu]

omlouvám se za spoždění
Kaspersky:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, September 3, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, September 03, 2009 15:51:28
Records in database: 2742526
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: no
Scan e-mail databases: no

Scan area - My Computer:
C:\
D:\
E:\
G:\
W:\

Scan statistics:
Objects scanned: 82299
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 00:37:26

No threats found. Scanned area is clean.

Selected area has been scanned.

Combofix:

ComboFix 09-08-31.04 - majmo 01.09.2009 21:12.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2489 [GMT 2:00]
Spuštěný z: c:\documents and settings\majmo\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\majmo\Dokumenty\cc_20090812_194557.reg
c:\documents and settings\majmo\Dokumenty\cc_20090825_134305.reg
c:\windows\regedit.com
c:\windows\system32\ieuinit.inf
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-01 do 2009-09-01 )))))))))))))))))))))))))))))))
.

2009-09-01 18:37 . 1998-05-11 18:01 240944 ----a-w- c:\windows\system32\RICHED.DLL
2009-09-01 18:34 . 2009-09-01 18:34 -------- d-----w- c:\program files\Palm
2009-09-01 15:26 . 2009-09-01 15:27 -------- d-----w- C:\rsit
2009-09-01 12:59 . 2009-09-01 12:59 -------- d---a-w- c:\windows\system32\runouce.exe
2009-09-01 12:59 . 2009-09-01 12:59 -------- d---a-w- c:\windows\rundll16.exe
2009-09-01 12:59 . 2009-09-01 12:59 -------- d---a-w- c:\windows\rundl132.dll
2009-09-01 12:59 . 2009-09-01 12:59 -------- d---a-w- c:\windows\logo1_.exe
2009-09-01 12:52 . 2009-09-01 12:52 632064 ----a-w- c:\windows\system32\msvcr80.dll
2009-09-01 12:52 . 2009-09-01 12:52 554240 ----a-w- c:\windows\system32\msvcp80.dll
2009-09-01 12:52 . 2009-09-01 12:52 34048 ----a-w- c:\windows\system32\eEmpty.exe
2009-09-01 12:52 . 2008-04-14 12:00 147968 ----a-w- c:\windows\R.COM
2009-09-01 12:52 . 2008-04-14 12:00 137216 ----a-w- c:\windows\system32\T.COM
2009-09-01 12:52 . 2009-09-01 12:52 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-08-26 20:43 . 2009-03-30 18:01 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-08-26 20:43 . 2009-03-30 18:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-08-26 20:43 . 2009-08-26 20:43 -------- d-----w- c:\program files\ffdshow
2009-08-25 11:20 . 2009-08-25 11:20 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-08-24 11:54 . 2008-04-13 22:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-08-24 11:53 . 2008-04-13 22:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-08-24 11:52 . 2003-04-07 21:07 217088 ----a-w- c:\windows\system32\ReWire.dll
2009-08-24 11:51 . 2009-08-25 10:23 -------- d-----w- c:\program files\Tracktion2
2009-08-22 10:48 . 2009-08-31 15:43 -------- d-----w- c:\program files\Fraps
2009-08-22 10:36 . 2007-10-29 07:41 25600 ----a-w- c:\windows\system32\drivers\rig3avs.sys
2009-08-22 10:36 . 2007-10-29 07:40 186368 ----a-w- c:\windows\system32\drivers\rig3usb.sys
2009-08-22 10:34 . 2009-08-22 10:34 -------- d-----w- c:\program files\Common Files\Native Instruments
2009-08-22 10:34 . 2009-08-22 10:34 -------- d-----w- c:\program files\Common Files\Digidesign
2009-08-22 10:33 . 2009-08-22 10:36 -------- d-----w- c:\program files\Native Instruments
2009-08-20 18:25 . 2009-08-20 18:25 -------- d-----w- c:\windows\system32\AGEIA
2009-08-20 18:25 . 2009-08-20 18:26 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-20 18:25 . 2009-08-20 18:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-20 09:43 . 2009-09-01 15:27 -------- d-----w- c:\program files\Trend Micro
2009-08-19 16:01 . 2009-08-25 11:41 -------- d-----w- c:\program files\Acoustica Beatcraft
2009-08-18 19:19 . 2009-08-19 17:30 -------- d-----w- c:\program files\Common Files\BinarySense
2009-08-18 14:38 . 2009-08-18 14:38 -------- d-----w- c:\program files\Oldgames
2009-08-17 20:31 . 2007-06-23 07:09 1667072 ----a-w- c:\windows\PS_MatrixScreensaver.scr
2009-08-17 20:26 . 2005-01-06 20:48 49152 ----a-w- c:\windows\MATRIX.scr
2009-08-16 18:52 . 2009-08-18 15:05 -------- d-----w- c:\program files\Doomsday
2009-08-16 17:33 . 2009-08-16 17:34 -------- d-----w- c:\program files\Google
2009-08-16 11:31 . 2009-01-15 12:01 42880 ----a-w- c:\windows\system32\drivers\tosrfusb.sys
2009-08-16 11:31 . 2008-10-06 15:56 137984 ----a-w- c:\windows\system32\drivers\tosrfbd.sys
2009-08-16 11:31 . 2008-08-27 16:01 74240 ----a-w- c:\windows\system32\drivers\Tosrfhid.sys
2009-08-16 11:31 . 2007-11-29 07:45 36608 ----a-w- c:\windows\system32\drivers\tosrfbnp.sys
2009-08-16 11:31 . 2008-12-11 16:02 54272 ----a-w- c:\windows\system32\drivers\TosRfSnd.sys
2009-08-16 11:31 . 2005-01-07 03:42 18612 ----a-w- c:\windows\system32\drivers\tosrfnds.sys
2009-08-16 11:31 . 2008-08-22 11:50 64000 ----a-w- c:\windows\system32\drivers\tosrfcom.sys
2009-08-16 11:31 . 2008-03-25 11:54 41472 ----a-w- c:\windows\system32\drivers\tosporte.sys
2009-08-16 11:30 . 2009-08-16 11:30 -------- d-----w- c:\program files\Toshiba
2009-08-15 12:44 . 2009-08-15 12:44 -------- d--h--w- c:\windows\PIF
2009-08-14 11:10 . 2009-08-14 11:10 -------- d-----w- c:\program files\Mp3tag
2009-08-13 19:45 . 2009-08-13 21:41 68932 ----a-w- c:\windows\War3Unin.dat
2009-08-13 19:45 . 2009-08-13 20:02 2829 ----a-w- c:\windows\War3Unin.pif
2009-08-13 19:45 . 2009-08-13 20:02 139264 ----a-w- c:\windows\War3Unin.exe
2009-08-12 15:05 . 2009-08-12 15:05 -------- d-----w- c:\program files\ACD
2009-08-11 11:10 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-08-11 09:26 . 2009-08-11 09:26 -------- d-----w- c:\program files\RMClock
2009-08-10 15:43 . 2009-08-10 15:44 -------- d-----w- c:\program files\Guitar Pro 5
2009-08-09 10:39 . 2008-04-13 22:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-08-08 17:57 . 2009-08-30 09:48 -------- d-----w- c:\windows\system32\LogFiles
2009-08-08 17:44 . 2001-08-18 04:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-08-08 17:44 . 2001-08-18 04:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-08-08 17:44 . 2001-08-18 04:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-08-08 17:44 . 2001-08-18 04:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-08-08 17:44 . 2001-08-17 20:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-08-08 17:44 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-08-08 17:44 . 2001-08-17 20:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-08-08 17:44 . 2001-08-17 20:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-08-08 17:44 . 2001-08-17 20:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-08-08 17:44 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-08-08 17:44 . 2008-04-14 06:48 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-08-08 17:44 . 2008-04-14 06:48 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-08-08 09:49 . 2009-08-25 10:59 -------- d-----w- C:\Temp
2009-08-08 09:48 . 2009-08-08 09:48 -------- d-----w- c:\program files\MSXML 4.0
2009-08-08 09:43 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-08-08 09:43 . 2008-06-14 17:35 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-08-08 09:42 . 2009-02-09 11:26 2191232 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-08 09:42 . 2009-02-09 11:26 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-08 09:42 . 2009-02-09 11:26 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-08 09:41 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-08-08 09:31 . 2007-07-27 08:41 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-08-08 09:31 . 2009-08-12 18:47 -------- d--h--w- c:\windows\$hf_mig$
2009-08-08 00:03 . 2009-08-08 00:03 -------- d-----w- c:\program files\Last.fm
2009-08-07 22:38 . 2009-08-21 20:25 -------- d-----w- c:\program files\Microsoft Bootvis
2009-08-07 20:22 . 2009-08-29 17:09 -------- d-----w- C:\Games
2009-08-07 12:03 . 2009-08-07 12:06 -------- d-----w- c:\windows\system32\NtmsData
2009-08-07 11:25 . 2001-10-24 09:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-08-07 11:25 . 2001-10-24 09:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-08-07 11:24 . 2008-04-13 22:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-08-07 11:24 . 2008-04-13 22:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-08-07 11:13 . 2009-08-07 11:15 -------- d-----w- c:\program files\Common Files\Nero
2009-08-07 11:13 . 2009-08-07 11:13 -------- d-----w- c:\program files\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-01 18:34 . 2009-08-07 09:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-01 18:34 . 2009-08-07 09:40 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-31 18:11 . 2009-08-07 09:42 82171 ----a-w- c:\windows\system32\nvModes.dat
2009-08-31 10:51 . 2009-08-07 10:29 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-25 11:20 . 2009-08-07 10:25 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-24 09:28 . 2009-08-07 10:39 -------- d-----w- c:\program files\The KMPlayer
2009-08-21 20:26 . 2008-04-14 12:00 46394 ----a-w- c:\windows\system32\perfc005.dat
2009-08-21 20:26 . 2008-04-14 12:00 310228 ----a-w- c:\windows\system32\perfh005.dat
2009-08-13 14:31 . 2009-08-07 10:38 -------- d-----w- c:\program files\Winamp
2009-08-09 10:29 . 2009-08-07 09:12 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-09 10:29 . 2009-08-07 09:12 2378 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-08-09 10:28 . 2009-08-07 09:12 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-08-07 10:54 . 2009-08-07 10:34 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-08-07 10:52 . 2009-08-07 10:52 -------- d-----w- c:\program files\Mouse
2009-08-07 10:47 . 2009-08-07 10:47 -------- d-----w- c:\program files\CCleaner
2009-08-07 10:45 . 2009-08-07 10:45 -------- d-----w- c:\program files\Vypress Chat
2009-08-07 10:44 . 2009-08-07 10:44 -------- d-----w- c:\program files\CPUID
2009-08-07 10:36 . 2009-08-07 10:36 -------- d-----w- c:\program files\MozBackup
2009-08-07 10:34 . 2009-08-07 10:34 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-08-07 10:30 . 2009-08-07 10:30 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-07 10:29 . 2009-08-07 10:29 0 ----a-w- c:\windows\nsreg.dat
2009-08-07 10:27 . 2009-08-07 10:27 -------- d-----w- c:\program files\ESET
2009-08-07 10:26 . 2009-08-07 10:26 -------- d-----w- c:\program files\Common Files\BitSpirit
2009-08-07 10:26 . 2009-08-07 10:26 -------- d-----w- c:\program files\BitSpirit
2009-08-07 10:24 . 2009-08-07 10:24 -------- d-----w- c:\program files\Sunbelt Software
2009-08-07 10:16 . 2009-08-07 10:16 -------- d-----w- c:\program files\System Control Manager
2009-08-07 10:15 . 2009-08-07 10:15 -------- d-----w- c:\program files\Altap Salamander 2.5
2009-08-07 10:13 . 2009-08-07 10:13 -------- d-----w- c:\program files\O2Micro Flash Memory Card Driver
2009-08-07 10:10 . 2009-08-07 10:10 -------- d-----w- c:\program files\Realtek
2009-08-07 10:09 . 2009-08-07 10:09 315392 ----a-w- c:\windows\HideWin.exe
2009-08-07 10:07 . 2009-08-07 10:07 -------- d-----w- c:\program files\DIFX
2009-08-07 10:04 . 2009-08-07 10:04 -------- d-----w- c:\program files\Common Files\Intel
2009-08-07 10:04 . 2009-08-07 09:21 -------- d-----w- c:\program files\Intel
2009-08-07 09:12 . 2009-08-07 09:12 -------- d-----w- c:\program files\microsoft frontpage
2009-08-07 09:09 . 2009-08-07 09:09 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-05 09:01 . 2008-04-14 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:04 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 10:21 . 2008-04-14 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-26 16:51 . 2008-04-14 12:00 667648 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:51 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 08:27 . 2008-04-14 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2008-04-14 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:27 . 2008-04-14 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:27 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:27 . 2008-04-14 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:27 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2008-04-14 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:40 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:45 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:15 . 2008-04-14 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2009-08-07 09:08 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2008-04-14 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-04 16:43 . 2008-07-22 13:33 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Fraps"="c:\program files\FRAPS\FRAPS.EXE" [2008-01-14 3182248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13537280]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-02-27 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-02-27 1202448]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2007-11-21 180224]
"BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2007-03-15 32768]
"BsMnt"="c:\windows\BisonCam\BsMnt.exe" [2007-03-15 172032]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"WheelMouse"="c:\program files\Mouse\Amoumain.exe" [2007-04-19 196608]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-06-09 1630208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-13 16857600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-8-11 113664]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-1-6 2360648]
Vypress Chat StartUp.lnk - c:\windows\Installer\{32230531-F971-468F-9BD4-7C3369F3468B}\iconVCAdvertised.exe [2009-8-7 12390]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Games\\Unreal Tournament 3\\Binaries\\UT3.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [7.8.2009 12:24 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [7.8.2009 12:16 40960]
R2 NTPCI;NTPCI;c:\windows\system32\drivers\ntpci.sys [7.8.2009 12:13 5632]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [19.4.2007 15:45 14336]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [7.8.2009 12:16 9088]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [7.8.2009 12:13 51160]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [7.8.2009 12:13 43736]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [7.8.2009 12:24 65576]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16.8.2009 19:33 133104]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [7.8.2009 12:44 12672]
.
Obsah adresáře 'Naplánované úlohy'

2009-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 17:33]

2009-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 17:33]
.
.
------- Doplňkový sken -------
.
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
FF - ProfilePath - c:\documents and settings\majmo\Data aplikací\Mozilla\Firefox\Profiles\glizjzlj.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-01 21:20
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1456)
c:\windows\system32\netprovcredman.dll
.
Celkový čas: 2009-09-01 21:22
ComboFix-quarantined-files.txt 2009-09-01 19:22

Před spuštěním: Volných bajtů: 54 602 412 032
Po spuštění: Volných bajtů: 54 937 047 040

260 --- E O F --- 2009-08-26 07:23

[pitimir]

:/

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
DDS::
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)

Folder::
c:\program files\DAEMON Tools Toolbar

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.



Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

[bluu]

udělal jsem jak jsi psal, Windows nabootoval hned ale pak hnedka naskočil firewall a tak jsem musel povolovat, nakonec se snažil CF něco vytvořit a tak jsem firewall musel vypnout přes správce úloh

[pitimir]

Dalej sa pozrieme na rootkity:

Stiahni GMER, rozbal ho na plochu a spust. Program automaticky zacne scan (po jeho skonceni vloz log c. 1) - pokial pri scanovani nieco najde (=vyskoci nejake upozornenie), klik na "NO" a vpravo zafajknes vsetky polozky OKREM:

• Sections
• IAT/EAT
• Registry
• nesystemovych diskov a particii (system je zvycajne na "C:\" - takze nezaskrtnute nechas "D:\", "E:\"...atd.)
• Show All

Klik na "Scan". Po scane klik na "Save" a log c. 2 vloz sem.

Ak nic nenajde (=nevyskoci nic), zaskrtaj vpravo vsetko a spusti scan. Po jeho ukonceni klik na "Copy" a vloz log c. 2.