Dobrý den, zadal jsem z nudy tento příkaz a vyjelo mi:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x851E11F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x851e11f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
Myslíte, že by byl vhodný log z RSIT?
Děkuji za odpověď.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
cmd /c mbr.exe -t >log.txt&start log.txt
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: cmd /c mbr.exe -t >log.txt&start log.txt
Zdravim,
RSIT i GMER - logy z obou.
RSIT i GMER - logy z obou.
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: cmd /c mbr.exe -t >log.txt&start log.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by Torrentino at 2010-01-10 19:46:20
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 12 GB (33%) free of 38 GB
Total RAM: 447 MB (19% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46:47, on 10. 1. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Torrentino\Plocha\Programy\Komunikátory\QIP Infium bz™Pack\inf.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\(Crimson) FF Fight Flash Animation\DreamCom\DreamCom.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Torrentino\Plocha\gmer\gmer.exe
C:\Documents and Settings\Torrentino\Plocha\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Torrentino.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Applications Driver] svohost.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [Applications Driver] svohost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: ICQ Service - Unknown owner - C:\PROGRA~1\ICQ6TO~1\ICQSER~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 7351 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\ParetoLogic Registration.job
C:\WINDOWS\tasks\ParetoLogic Update Version2.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-14 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-08-29 161096]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"=C:\Program Files\VIAudioi\SBADeck\ADeck.exe [2005-03-04 512000]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2009-06-18 53248]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-11-18 1800464]
"Applications Driver"=svohost.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-11-18 1800464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"Nová hodnota #1"=
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoResolveSearch"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\UnrealTournament\System\UnrealTournament.exe"="C:\Program Files\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ace Translator\AceTrans.exe"="C:\Program Files\Ace Translator\AceTrans.exe:*:Enabled:Ace Translator"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe"
======List of files/folders created in the last 1 months======
2010-01-10 19:46:20 ----D---- C:\rsit
2010-01-10 14:00:14 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\Nitro PDF
2010-01-10 13:58:30 ----A---- C:\WINDOWS\system32\nitrolocalui.dll
2010-01-10 13:58:30 ----A---- C:\WINDOWS\system32\nitrolocalmon.dll
2010-01-10 13:57:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nitro PDF
2010-01-10 13:57:56 ----D---- C:\Program Files\Common Files\Nitro PDF
2010-01-10 13:56:12 ----D---- C:\Program Files\Nitro PDF
2010-01-10 13:54:17 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\Downloaded Installations
2010-01-09 13:25:30 ----D---- C:\Program Files\ICQ6.5
2010-01-09 12:56:56 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\ICQ
2010-01-09 12:20:03 ----D---- C:\Program Files\Adobe
2010-01-08 18:11:01 ----D---- C:\Program Files\ICQ6Toolbar
2010-01-08 10:59:08 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\Screaming Bee
2010-01-08 10:57:32 ----D---- C:\Program Files\Screaming Bee
2010-01-08 10:57:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Screaming Bee
2010-01-08 10:47:00 ----D---- C:\vcs5BGEffects
2010-01-08 10:45:28 ----D---- C:\Program Files\AV Vcs 6.0 DIAMOND
2010-01-04 20:41:57 ----A---- C:\WINDOWS\system32\wpcap.dll
2010-01-04 20:41:57 ----A---- C:\WINDOWS\system32\packet.dll
2010-01-04 20:15:10 ----D---- C:\Program Files\thriXXX
2010-01-04 16:55:13 ----D---- C:\Program Files\Vegas Strip
2010-01-04 15:47:25 ----D---- C:\Program Files\Digamour
2010-01-03 22:20:45 ----D---- C:\Program Files\Windows Installer Clean Up
2009-12-29 19:10:07 ----D---- C:\Program Files\Utherverse Digital Inc
2009-12-29 18:11:57 ----D---- C:\WINDOWS\Lhsp
2009-12-29 18:10:36 ----D---- C:\WINDOWS\speech
2009-12-29 17:27:54 ----D---- C:\Program Files\iWisoft Flash SWF Downloader
2009-12-29 17:21:36 ----A---- C:\WINDOWS\Louis.INI
2009-12-29 17:20:49 ----D---- C:\Program Files\GOZTUN
2009-12-29 17:20:22 ----A---- C:\WINDOWS\system32\ActivaCOM.dll
2009-12-29 17:20:18 ----D---- C:\Program Files\SWFlash Vampires
2009-12-29 15:09:22 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\GRETECH
2009-12-29 15:07:10 ----D---- C:\Program Files\GRETECH
2009-12-29 15:00:55 ----A---- C:\WINDOWS\RemShutdown.INI
2009-12-29 14:35:35 ----D---- C:\Program Files\Nsauditor
2009-12-29 14:23:28 ----D---- C:\Program Files\Nsasoft
2009-12-27 14:28:43 ----D---- C:\Program Files\RODX
2009-12-27 09:55:07 ----AD---- C:\vir_pepa
2009-12-27 09:38:13 ----D---- C:\sys
2009-12-26 14:20:06 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\skypePM
2009-12-26 13:36:45 ----D---- C:\Program Files\Common Files\Skype
2009-12-26 13:36:39 ----RD---- C:\Program Files\Skype
2009-12-25 23:15:29 ----D---- C:\Lyrics
2009-12-25 22:39:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\BVRP Software
2009-12-25 22:13:22 ----A---- C:\WINDOWS\system32\irmon.dll
2009-12-25 22:13:21 ----A---- C:\WINDOWS\system32\irftp.exe
2009-12-25 22:13:20 ----A---- C:\WINDOWS\system32\wshirda.dll
2009-12-21 13:15:12 ----D---- C:\Program Files\OLYMPUS
2009-12-21 13:14:52 ----D---- C:\Program Files\MSXML 4.0
2009-12-21 12:42:28 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\Skype
2009-12-21 12:22:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2009-12-21 11:35:03 ----D---- C:\Program Files\MSECACHE
2009-12-21 01:29:37 ----D---- C:\Program Files\WPMP150
2009-12-20 17:27:59 ----D---- C:\Program Files\Minilyrics
2009-12-19 20:32:22 ----D---- C:\Program Files\SuperScan
2009-12-19 16:37:00 ----D---- C:\Program Files\LopeSoft
2009-12-19 16:19:01 ----D---- C:\Program Files\CAVU Software
2009-12-19 16:14:42 ----A---- C:\Documents and Settings\Torrentino\Data aplikací\OpenXX.ini
2009-12-19 16:14:38 ----D---- C:\Program Files\OpenXX
2009-12-19 16:01:06 ----D---- C:\Program Files\Fast Explorer
2009-12-19 15:34:55 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\StudioZai Menu Organizer
2009-12-18 15:18:53 ----D---- C:\Program Files\Vertus Play With Pictures
2009-12-17 11:16:02 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\CosmeticGuide
2009-12-16 10:11:06 ----A---- C:\WINDOWS\system32\NLSSRV32.EXE
2009-12-15 21:40:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Hitman Pro
2009-12-13 22:05:42 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\OCS
2009-12-12 19:56:49 ----SHD---- C:\RECYCLER
2009-12-11 10:45:08 ----A---- C:\WINDOWS\system32\kcpp.dll
======List of files/folders modified in the last 1 months======
2010-01-10 15:56:18 ----D---- C:\WINDOWS\temp
2010-01-10 14:00:02 ----AD---- C:\WINDOWS
2010-01-10 13:58:34 ----SHD---- C:\WINDOWS\Installer
2010-01-10 13:58:30 ----D---- C:\WINDOWS\system32
2010-01-10 13:57:56 ----D---- C:\Program Files\Common Files
2010-01-10 13:56:12 ----D---- C:\Program Files
2010-01-10 12:58:58 ----D---- C:\Program Files\Mozilla Thunderbird
2010-01-10 11:51:32 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-09 13:30:59 ----D---- C:\WINDOWS\security
2010-01-09 13:24:56 ----A---- C:\WINDOWS\ODBCINST.INI
2010-01-09 13:24:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-09 12:20:30 ----D---- C:\Program Files\Common Files\Adobe
2010-01-09 12:20:24 ----D---- C:\WINDOWS\WinSxS
2010-01-09 12:20:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-01-08 18:47:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-01-08 10:58:01 ----D---- C:\WINDOWS\system32\drivers
2010-01-08 10:57:47 ----HD---- C:\WINDOWS\inf
2010-01-08 10:43:06 ----D---- C:\Program Files\SUPERAntiSpyware
2010-01-08 09:56:11 ----D---- C:\Program Files\SpeedFan
2010-01-06 12:20:28 ----D---- C:\Program Files\Mozilla Firefox
2010-01-04 20:42:05 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-01-04 14:08:20 ----D---- C:\WINDOWS\Downloaded Installations
2010-01-04 13:02:37 ----D---- C:\WINDOWS\Prefetch
2010-01-04 12:43:38 ----SHD---- C:\System Volume Information
2010-01-04 12:43:24 ----D---- C:\WINDOWS\system32\Restore
2010-01-03 22:45:22 ----D---- C:\Program Files\JDownloader
2010-01-03 22:42:08 ----SD---- C:\WINDOWS\Tasks
2010-01-03 22:09:19 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-03 22:07:22 ----D---- C:\Program Files\IObit
2009-12-29 18:12:11 ----RSD---- C:\WINDOWS\Fonts
2009-12-29 14:47:12 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\GetRightToGo
2009-12-28 07:51:12 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\SUPERAntiSpyware.com
2009-12-28 07:50:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-27 09:56:59 ----A---- C:\WINDOWS\SumitSoft.ini
2009-12-26 14:19:31 ----A---- C:\WINDOWS\system32\guard32.dll
2009-12-26 14:13:54 ----A---- C:\WINDOWS\cfplogvw.INI
2009-12-26 13:35:49 ----A---- C:\WINDOWS\system.ini
2009-12-26 12:58:09 ----D---- C:\Program Files\Miranda IM KP v5.0.8.5
2009-12-25 22:41:19 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2009-12-25 22:32:32 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-25 22:24:33 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-25 22:15:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-21 00:50:42 ----D---- C:\Program Files\COMODO
2009-12-21 00:48:13 ----D---- C:\WINDOWS\system32\config
2009-12-20 23:39:19 ----D---- C:\Program Files\Windows Media Connect 2
2009-12-20 23:37:50 ----D---- C:\Program Files\Trezor
2009-12-20 22:28:24 ----D---- C:\Program Files\Zoner
2009-12-20 21:54:29 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\smc
2009-12-20 21:47:42 ----D---- C:\temp
2009-12-20 21:43:10 ----D---- C:\Program Files\Common Files\GTK
2009-12-20 21:40:11 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\Comodo
2009-12-20 21:17:41 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2009-12-20 21:15:12 ----D---- C:\Program Files\Common Files\Totem Shared
2009-12-14 11:13:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-14 09:39:30 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\Eltima Software
2009-12-14 09:39:00 ----D---- C:\Program Files\CCleaner
2009-12-14 09:36:38 ----A---- C:\WINDOWS\wininit.ini
2009-12-12 23:09:28 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\uTorrent
2009-12-12 20:28:18 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\Trillian
2009-12-12 19:42:52 ----D---- C:\WINDOWS\AppPatch
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Ovladač procesoru AMD Athlon64; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 38400]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-12-26 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-11-18 25160]
R1 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 ioperm;ioperm support for Cygwin driver; \??\C:\Documents and Settings\Torrentino\Plocha\cmospwd\cmospwd-4.6\windows\ioperm.sys []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 bbcap;bbcap; C:\WINDOWS\system32\DRIVERS\bbcap.sys [2009-11-22 4096]
R3 btnetBUs;Bluetooth PAN Bus Service; C:\WINDOWS\System32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2009-06-18 42496]
R3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-07-02 26248]
R3 ncfvsbus;NCF Virtual Serial Bus Enumerator; C:\WINDOWS\system32\DRIVERS\ncfvsbus.sys [2004-11-26 25088]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
R3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2009-11-26 34384]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-02 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-03-02 20480]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2009-06-18 283904]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2007-06-27 207488]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 a9954xsq;a9954xsq; C:\WINDOWS\system32\drivers\a9954xsq.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-03-02 60800]
S3 ASFWHide;ASFWHide; \??\C:\Documents and Settings\Torrentino\Local Settings\TEMP\ASFWHide []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\TORREN~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 fwdoyfow;fwdoyfow; \??\C:\DOCUME~1\TORREN~1\LOCALS~1\Temp\fwdoyfow.sys []
S3 HidBth;Miniport Bluetooth HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2004-08-17 25600]
S3 mbr;mbr; \??\C:\DOCUME~1\TORREN~1\LOCALS~1\Temp\mbr.sys []
S3 mcdevice;mcdevice; C:\WINDOWS\system32\DRIVERS\mcdevice.sys [2007-12-05 15872]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-03-02 61824]
S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys [2010-01-04 42512]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-07-28 47360]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS); C:\WINDOWS\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); C:\WINDOWS\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2006-03-02 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 Tosrfcom;Tosrfcom; C:\WINDOWS\system32\drivers\Tosrfcom.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-03-02 29184]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XScanPF;XScanPF; \??\C:\Documents and Settings\Torrentino\Plocha\X-Scan-v3.3-en\X-Scan-v3.3\dat\xpf.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2006-03-02 73344]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-11-18 723632]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe [2009-12-16 188736]
R2 nlsX86cc;NLS Service; C:\WINDOWS\system32\NLSSRV32.EXE [2009-12-16 65856]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-08-16 604416]
S2 ICQ Service;ICQ Service; C:\PROGRA~1\ICQ6TO~1\ICQSER~1.EXE [2009-08-16 222968]
S2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2006-03-02 14336]
S3 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 BlueSoleilCS;BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2009-02-27 850432]
S3 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2009-02-27 98407]
S3 BsMobileCS;BsMobileCS; C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467]
S3 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe -d -f C:\Program Files\WinPcap\rpcapd.ini []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-08-16 361216]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
S4 astcc;AST Service; C:\WINDOWS\system32\ASTSRV.EXE [2009-12-01 57344]
S4 HitmanPro35Crusader;Hitman Pro 3.5 Crusader; C:\Documents and Settings\Torrentino\Plocha\Hitman_Pro_3.5.3.80\Hitman Pro 3.5.3.80\HitmanPro35.exe /crusader []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
log z GMER dodám až to doskenuje... už sem začal scanovat asi před padesati minutama.. sem zapoměl vymazat cahce prohlížečů... tak to trvá dýl...
Run by Torrentino at 2010-01-10 19:46:20
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 12 GB (33%) free of 38 GB
Total RAM: 447 MB (19% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46:47, on 10. 1. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Torrentino\Plocha\Programy\Komunikátory\QIP Infium bz™Pack\inf.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\(Crimson) FF Fight Flash Animation\DreamCom\DreamCom.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Torrentino\Plocha\gmer\gmer.exe
C:\Documents and Settings\Torrentino\Plocha\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Torrentino.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Applications Driver] svohost.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [Applications Driver] svohost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: ICQ Service - Unknown owner - C:\PROGRA~1\ICQ6TO~1\ICQSER~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 7351 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\ParetoLogic Registration.job
C:\WINDOWS\tasks\ParetoLogic Update Version2.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-14 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-08-29 161096]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"=C:\Program Files\VIAudioi\SBADeck\ADeck.exe [2005-03-04 512000]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2009-06-18 53248]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-11-18 1800464]
"Applications Driver"=svohost.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-11-18 1800464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"Nová hodnota #1"=
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoResolveSearch"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\UnrealTournament\System\UnrealTournament.exe"="C:\Program Files\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ace Translator\AceTrans.exe"="C:\Program Files\Ace Translator\AceTrans.exe:*:Enabled:Ace Translator"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe"
======List of files/folders created in the last 1 months======
2010-01-10 19:46:20 ----D---- C:\rsit
2010-01-10 14:00:14 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\Nitro PDF
2010-01-10 13:58:30 ----A---- C:\WINDOWS\system32\nitrolocalui.dll
2010-01-10 13:58:30 ----A---- C:\WINDOWS\system32\nitrolocalmon.dll
2010-01-10 13:57:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nitro PDF
2010-01-10 13:57:56 ----D---- C:\Program Files\Common Files\Nitro PDF
2010-01-10 13:56:12 ----D---- C:\Program Files\Nitro PDF
2010-01-10 13:54:17 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\Downloaded Installations
2010-01-09 13:25:30 ----D---- C:\Program Files\ICQ6.5
2010-01-09 12:56:56 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\ICQ
2010-01-09 12:20:03 ----D---- C:\Program Files\Adobe
2010-01-08 18:11:01 ----D---- C:\Program Files\ICQ6Toolbar
2010-01-08 10:59:08 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\Screaming Bee
2010-01-08 10:57:32 ----D---- C:\Program Files\Screaming Bee
2010-01-08 10:57:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Screaming Bee
2010-01-08 10:47:00 ----D---- C:\vcs5BGEffects
2010-01-08 10:45:28 ----D---- C:\Program Files\AV Vcs 6.0 DIAMOND
2010-01-04 20:41:57 ----A---- C:\WINDOWS\system32\wpcap.dll
2010-01-04 20:41:57 ----A---- C:\WINDOWS\system32\packet.dll
2010-01-04 20:15:10 ----D---- C:\Program Files\thriXXX
2010-01-04 16:55:13 ----D---- C:\Program Files\Vegas Strip
2010-01-04 15:47:25 ----D---- C:\Program Files\Digamour
2010-01-03 22:20:45 ----D---- C:\Program Files\Windows Installer Clean Up
2009-12-29 19:10:07 ----D---- C:\Program Files\Utherverse Digital Inc
2009-12-29 18:11:57 ----D---- C:\WINDOWS\Lhsp
2009-12-29 18:10:36 ----D---- C:\WINDOWS\speech
2009-12-29 17:27:54 ----D---- C:\Program Files\iWisoft Flash SWF Downloader
2009-12-29 17:21:36 ----A---- C:\WINDOWS\Louis.INI
2009-12-29 17:20:49 ----D---- C:\Program Files\GOZTUN
2009-12-29 17:20:22 ----A---- C:\WINDOWS\system32\ActivaCOM.dll
2009-12-29 17:20:18 ----D---- C:\Program Files\SWFlash Vampires
2009-12-29 15:09:22 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\GRETECH
2009-12-29 15:07:10 ----D---- C:\Program Files\GRETECH
2009-12-29 15:00:55 ----A---- C:\WINDOWS\RemShutdown.INI
2009-12-29 14:35:35 ----D---- C:\Program Files\Nsauditor
2009-12-29 14:23:28 ----D---- C:\Program Files\Nsasoft
2009-12-27 14:28:43 ----D---- C:\Program Files\RODX
2009-12-27 09:55:07 ----AD---- C:\vir_pepa
2009-12-27 09:38:13 ----D---- C:\sys
2009-12-26 14:20:06 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\skypePM
2009-12-26 13:36:45 ----D---- C:\Program Files\Common Files\Skype
2009-12-26 13:36:39 ----RD---- C:\Program Files\Skype
2009-12-25 23:15:29 ----D---- C:\Lyrics
2009-12-25 22:39:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\BVRP Software
2009-12-25 22:13:22 ----A---- C:\WINDOWS\system32\irmon.dll
2009-12-25 22:13:21 ----A---- C:\WINDOWS\system32\irftp.exe
2009-12-25 22:13:20 ----A---- C:\WINDOWS\system32\wshirda.dll
2009-12-21 13:15:12 ----D---- C:\Program Files\OLYMPUS
2009-12-21 13:14:52 ----D---- C:\Program Files\MSXML 4.0
2009-12-21 12:42:28 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\Skype
2009-12-21 12:22:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2009-12-21 11:35:03 ----D---- C:\Program Files\MSECACHE
2009-12-21 01:29:37 ----D---- C:\Program Files\WPMP150
2009-12-20 17:27:59 ----D---- C:\Program Files\Minilyrics
2009-12-19 20:32:22 ----D---- C:\Program Files\SuperScan
2009-12-19 16:37:00 ----D---- C:\Program Files\LopeSoft
2009-12-19 16:19:01 ----D---- C:\Program Files\CAVU Software
2009-12-19 16:14:42 ----A---- C:\Documents and Settings\Torrentino\Data aplikací\OpenXX.ini
2009-12-19 16:14:38 ----D---- C:\Program Files\OpenXX
2009-12-19 16:01:06 ----D---- C:\Program Files\Fast Explorer
2009-12-19 15:34:55 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\StudioZai Menu Organizer
2009-12-18 15:18:53 ----D---- C:\Program Files\Vertus Play With Pictures
2009-12-17 11:16:02 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\CosmeticGuide
2009-12-16 10:11:06 ----A---- C:\WINDOWS\system32\NLSSRV32.EXE
2009-12-15 21:40:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Hitman Pro
2009-12-13 22:05:42 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\OCS
2009-12-12 19:56:49 ----SHD---- C:\RECYCLER
2009-12-11 10:45:08 ----A---- C:\WINDOWS\system32\kcpp.dll
======List of files/folders modified in the last 1 months======
2010-01-10 15:56:18 ----D---- C:\WINDOWS\temp
2010-01-10 14:00:02 ----AD---- C:\WINDOWS
2010-01-10 13:58:34 ----SHD---- C:\WINDOWS\Installer
2010-01-10 13:58:30 ----D---- C:\WINDOWS\system32
2010-01-10 13:57:56 ----D---- C:\Program Files\Common Files
2010-01-10 13:56:12 ----D---- C:\Program Files
2010-01-10 12:58:58 ----D---- C:\Program Files\Mozilla Thunderbird
2010-01-10 11:51:32 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-09 13:30:59 ----D---- C:\WINDOWS\security
2010-01-09 13:24:56 ----A---- C:\WINDOWS\ODBCINST.INI
2010-01-09 13:24:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-09 12:20:30 ----D---- C:\Program Files\Common Files\Adobe
2010-01-09 12:20:24 ----D---- C:\WINDOWS\WinSxS
2010-01-09 12:20:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-01-08 18:47:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-01-08 10:58:01 ----D---- C:\WINDOWS\system32\drivers
2010-01-08 10:57:47 ----HD---- C:\WINDOWS\inf
2010-01-08 10:43:06 ----D---- C:\Program Files\SUPERAntiSpyware
2010-01-08 09:56:11 ----D---- C:\Program Files\SpeedFan
2010-01-06 12:20:28 ----D---- C:\Program Files\Mozilla Firefox
2010-01-04 20:42:05 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-01-04 14:08:20 ----D---- C:\WINDOWS\Downloaded Installations
2010-01-04 13:02:37 ----D---- C:\WINDOWS\Prefetch
2010-01-04 12:43:38 ----SHD---- C:\System Volume Information
2010-01-04 12:43:24 ----D---- C:\WINDOWS\system32\Restore
2010-01-03 22:45:22 ----D---- C:\Program Files\JDownloader
2010-01-03 22:42:08 ----SD---- C:\WINDOWS\Tasks
2010-01-03 22:09:19 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-03 22:07:22 ----D---- C:\Program Files\IObit
2009-12-29 18:12:11 ----RSD---- C:\WINDOWS\Fonts
2009-12-29 14:47:12 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\GetRightToGo
2009-12-28 07:51:12 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\SUPERAntiSpyware.com
2009-12-28 07:50:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-27 09:56:59 ----A---- C:\WINDOWS\SumitSoft.ini
2009-12-26 14:19:31 ----A---- C:\WINDOWS\system32\guard32.dll
2009-12-26 14:13:54 ----A---- C:\WINDOWS\cfplogvw.INI
2009-12-26 13:35:49 ----A---- C:\WINDOWS\system.ini
2009-12-26 12:58:09 ----D---- C:\Program Files\Miranda IM KP v5.0.8.5
2009-12-25 22:41:19 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2009-12-25 22:32:32 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-25 22:24:33 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-25 22:15:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-21 00:50:42 ----D---- C:\Program Files\COMODO
2009-12-21 00:48:13 ----D---- C:\WINDOWS\system32\config
2009-12-20 23:39:19 ----D---- C:\Program Files\Windows Media Connect 2
2009-12-20 23:37:50 ----D---- C:\Program Files\Trezor
2009-12-20 22:28:24 ----D---- C:\Program Files\Zoner
2009-12-20 21:54:29 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\smc
2009-12-20 21:47:42 ----D---- C:\temp
2009-12-20 21:43:10 ----D---- C:\Program Files\Common Files\GTK
2009-12-20 21:40:11 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\Comodo
2009-12-20 21:17:41 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2009-12-20 21:15:12 ----D---- C:\Program Files\Common Files\Totem Shared
2009-12-14 11:13:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-14 09:39:30 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\Eltima Software
2009-12-14 09:39:00 ----D---- C:\Program Files\CCleaner
2009-12-14 09:36:38 ----A---- C:\WINDOWS\wininit.ini
2009-12-12 23:09:28 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\uTorrent
2009-12-12 20:28:18 ----D---- C:\Documents and Settings\Torrentino\Data aplikací\Trillian
2009-12-12 19:42:52 ----D---- C:\WINDOWS\AppPatch
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Ovladač procesoru AMD Athlon64; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 38400]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-12-26 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-11-18 25160]
R1 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 ioperm;ioperm support for Cygwin driver; \??\C:\Documents and Settings\Torrentino\Plocha\cmospwd\cmospwd-4.6\windows\ioperm.sys []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 bbcap;bbcap; C:\WINDOWS\system32\DRIVERS\bbcap.sys [2009-11-22 4096]
R3 btnetBUs;Bluetooth PAN Bus Service; C:\WINDOWS\System32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2009-06-18 42496]
R3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-07-02 26248]
R3 ncfvsbus;NCF Virtual Serial Bus Enumerator; C:\WINDOWS\system32\DRIVERS\ncfvsbus.sys [2004-11-26 25088]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
R3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2009-11-26 34384]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-02 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-03-02 20480]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2009-06-18 283904]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2007-06-27 207488]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 a9954xsq;a9954xsq; C:\WINDOWS\system32\drivers\a9954xsq.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-03-02 60800]
S3 ASFWHide;ASFWHide; \??\C:\Documents and Settings\Torrentino\Local Settings\TEMP\ASFWHide []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\TORREN~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 fwdoyfow;fwdoyfow; \??\C:\DOCUME~1\TORREN~1\LOCALS~1\Temp\fwdoyfow.sys []
S3 HidBth;Miniport Bluetooth HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2004-08-17 25600]
S3 mbr;mbr; \??\C:\DOCUME~1\TORREN~1\LOCALS~1\Temp\mbr.sys []
S3 mcdevice;mcdevice; C:\WINDOWS\system32\DRIVERS\mcdevice.sys [2007-12-05 15872]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-03-02 61824]
S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys [2010-01-04 42512]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-07-28 47360]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS); C:\WINDOWS\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); C:\WINDOWS\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2006-03-02 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 Tosrfcom;Tosrfcom; C:\WINDOWS\system32\drivers\Tosrfcom.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-03-02 29184]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XScanPF;XScanPF; \??\C:\Documents and Settings\Torrentino\Plocha\X-Scan-v3.3-en\X-Scan-v3.3\dat\xpf.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2006-03-02 73344]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-11-18 723632]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe [2009-12-16 188736]
R2 nlsX86cc;NLS Service; C:\WINDOWS\system32\NLSSRV32.EXE [2009-12-16 65856]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-08-16 604416]
S2 ICQ Service;ICQ Service; C:\PROGRA~1\ICQ6TO~1\ICQSER~1.EXE [2009-08-16 222968]
S2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2006-03-02 14336]
S3 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 BlueSoleilCS;BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2009-02-27 850432]
S3 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2009-02-27 98407]
S3 BsMobileCS;BsMobileCS; C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467]
S3 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe -d -f C:\Program Files\WinPcap\rpcapd.ini []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-08-16 361216]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
S4 astcc;AST Service; C:\WINDOWS\system32\ASTSRV.EXE [2009-12-01 57344]
S4 HitmanPro35Crusader;Hitman Pro 3.5 Crusader; C:\Documents and Settings\Torrentino\Plocha\Hitman_Pro_3.5.3.80\Hitman Pro 3.5.3.80\HitmanPro35.exe /crusader []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
log z GMER dodám až to doskenuje... už sem začal scanovat asi před padesati minutama.. sem zapoměl vymazat cahce prohlížečů... tak to trvá dýl...
Re: cmd /c mbr.exe -t >log.txt&start log.txt
Takže bohužel.. u GMERu mi to dvakrát spadlo...
Re: cmd /c mbr.exe -t >log.txt&start log.txt
Bohužel nemám čas čekat možná na několikadení odpověď, protože rootkit není žádná sranda a já používám internet banking... takže teď jdu použít combofix.
Re: cmd /c mbr.exe -t >log.txt&start log.txt
Zde je postup,stejne by na nej zrejme doslo.
CTETE POZORNE NAVOD,TENTO SOFT NETOLERUJE CHYBY V POSTUPU APLIKOVANI!
Klidne si nasledujici radky vytisknete,at vite,co se bude na obrazovce odehravat.
Budte prihlasen na pc s administratorskymi pravy.
stahnete a ulozte nejlepe na plochu ComboFix
v pripade,ze nepujde stranka nacist-stahnete odtud download , popr. nepujde ComboFix spustit - prejmenujte jej na grinder.com a postupujte dale dle instrukci.
hned po startu se zobrazi Zreknuti se prava zaruky na funkcnost software, pokracujte kliknutim na tlacitko Ano:
pote muze nasledovat upozorneni na nainstalovane emulatory CD mechanik,typicky Daemon Tools nebo Alcohol 120
odklepnout OK
Souhlasit s instalaci Recovery console(Konzola pro zotaveni)-nutno funkcni internet
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: upozorneni: Vypnete rezidentni stit u antiviru a antispywaru a zakazte docasne firewall-ComboFix by nemusel fungovat korektne-pokud budete mit stity vypnute a Combofix zahlasi,ze nejsou,pokracujte dal a potvrdte.
po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
CTETE POZORNE NAVOD,TENTO SOFT NETOLERUJE CHYBY V POSTUPU APLIKOVANI!Klidne si nasledujici radky vytisknete,at vite,co se bude na obrazovce odehravat.
Budte prihlasen na pc s administratorskymi pravy.
stahnete a ulozte nejlepe na plochu ComboFix
v pripade,ze nepujde stranka nacist-stahnete odtud download , popr. nepujde ComboFix spustit - prejmenujte jej na grinder.com a postupujte dale dle instrukci.
hned po startu se zobrazi Zreknuti se prava zaruky na funkcnost software, pokracujte kliknutim na tlacitko Ano:
pote muze nasledovat upozorneni na nainstalovane emulatory CD mechanik,typicky Daemon Tools nebo Alcohol 120
odklepnout OK
Souhlasit s instalaci Recovery console(Konzola pro zotaveni)-nutno funkcni internet
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: upozorneni: Vypnete rezidentni stit u antiviru a antispywaru a zakazte docasne firewall-ComboFix by nemusel fungovat korektne-pokud budete mit stity vypnute a Combofix zahlasi,ze nejsou,pokracujte dal a potvrdte.
po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: cmd /c mbr.exe -t >log.txt&start log.txt
ComboFix 10-01-04.01 - Torrentino . 01. 2010 10:55:57.11.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.447.103 [GMT 1:00]
Spuštěný z: c:\documents and settings\Torrentino\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091222-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\wpcap.dll
c:\windows\xobglu16.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-11 do 2010-01-11 )))))))))))))))))))))))))))))))
.
2010-01-10 18:46 . 2010-01-10 18:47 -------- d-----w- C:\rsit
2010-01-10 12:58 . 2009-12-16 08:50 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-01-10 12:58 . 2009-12-16 08:50 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-01-10 12:57 . 2010-01-10 12:57 -------- d-----w- c:\program files\Common Files\Nitro PDF
2010-01-10 12:56 . 2010-01-10 12:56 -------- d-----w- c:\program files\Nitro PDF
2010-01-09 12:25 . 2010-01-11 10:04 -------- d-----w- c:\program files\ICQ6.5
2010-01-08 17:11 . 2010-01-08 17:11 -------- d-----w- c:\program files\ICQ6Toolbar
2010-01-08 09:57 . 2010-01-08 09:57 -------- d-----w- c:\program files\Screaming Bee
2010-01-08 09:47 . 2010-01-08 10:20 -------- d-----w- C:\vcs5BGEffects
2010-01-08 09:45 . 2010-01-08 10:20 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND
2010-01-04 19:15 . 2010-01-04 19:42 -------- d-----w- c:\program files\thriXXX
2010-01-04 15:55 . 2010-01-04 17:00 -------- d-----w- c:\program files\Vegas Strip
2010-01-04 14:47 . 2010-01-04 20:24 -------- d-----w- c:\program files\Digamour
2010-01-03 21:20 . 2010-01-03 21:20 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-12-29 18:22 . 2009-12-29 18:22 -------- d-----w- c:\documents and settings\Torrentino\NabÝdka Start
2009-12-29 18:10 . 2009-12-29 18:10 -------- d-----w- c:\program files\Utherverse Digital Inc
2009-12-29 17:11 . 2009-12-30 00:18 -------- d-----w- c:\windows\Lhsp
2009-12-29 17:10 . 2009-12-29 17:11 -------- d-----w- c:\windows\speech
2009-12-29 16:27 . 2009-12-29 16:27 -------- d-----w- c:\program files\iWisoft Flash SWF Downloader
2009-12-29 16:20 . 2009-12-29 16:20 -------- d-----w- c:\program files\GOZTUN
2009-12-29 16:20 . 2008-10-16 21:58 1650688 ----a-w- c:\windows\system32\ActivaCOM.dll
2009-12-29 16:20 . 2009-12-29 16:20 -------- d-----w- c:\program files\SWFlash Vampires
2009-12-29 14:07 . 2009-12-29 14:07 -------- d-----w- c:\program files\GRETECH
2009-12-29 13:35 . 2009-12-29 13:44 -------- d-----w- c:\program files\Nsauditor
2009-12-29 13:23 . 2010-01-03 21:10 -------- d-----w- c:\program files\Nsasoft
2009-12-27 13:28 . 2009-12-27 13:32 -------- d-----w- c:\program files\RODX
2009-12-27 08:55 . 2010-01-03 21:04 -------- d---a-w- C:\vir_pepa
2009-12-27 08:38 . 2009-12-27 08:38 -------- d-----w- C:\sys
2009-12-26 12:36 . 2009-12-26 12:36 -------- d-----w- c:\program files\Common Files\Skype
2009-12-26 12:36 . 2010-01-03 21:07 -------- d-----r- c:\program files\Skype
2009-12-26 11:38 . 2009-12-26 11:38 -------- d-----w- c:\documents and settings\LocalService\Plocha
2009-12-25 22:15 . 2009-12-25 22:15 -------- d-----w- C:\Lyrics
2009-12-25 21:29 . 2008-01-09 10:28 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2009-12-25 21:27 . 2008-10-21 09:22 109736 ----a-w- c:\windows\system32\drivers\s0017unic.sys
2009-12-25 21:27 . 2008-10-21 09:22 10792 ----a-w- c:\windows\system32\drivers\s0017cr.sys
2009-12-25 21:27 . 2008-10-21 09:22 108328 ----a-w- c:\windows\system32\drivers\s0017mgmt.sys
2009-12-25 21:27 . 2008-10-21 09:22 104616 ----a-w- c:\windows\system32\drivers\s0017obex.sys
2009-12-25 21:27 . 2008-10-21 09:22 26024 ----a-w- c:\windows\system32\drivers\s0017nd5.sys
2009-12-25 21:27 . 2008-10-21 09:22 15016 ----a-w- c:\windows\system32\drivers\s0017mdfl.sys
2009-12-25 21:27 . 2008-10-21 09:22 12200 ----a-w- c:\windows\system32\drivers\s0017cmnt.sys
2009-12-25 21:27 . 2008-10-21 09:22 12200 ----a-w- c:\windows\system32\drivers\s0017cm.sys
2009-12-25 21:27 . 2008-10-21 09:22 114600 ----a-w- c:\windows\system32\drivers\s0017mdm.sys
2009-12-25 21:27 . 2008-10-21 09:22 86824 ----a-w- c:\windows\system32\drivers\s0017bus.sys
2009-12-25 21:27 . 2008-10-21 09:22 12200 ----a-w- c:\windows\system32\drivers\s0017whnt.sys
2009-12-25 21:27 . 2008-10-21 09:22 12200 ----a-w- c:\windows\system32\drivers\s0017wh.sys
2009-12-25 21:18 . 2001-10-24 10:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-12-25 21:18 . 2001-10-24 10:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-12-25 21:18 . 2004-08-17 14:45 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-12-25 21:18 . 2004-08-17 14:45 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-12-25 21:18 . 2001-08-17 21:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-12-25 21:18 . 2001-08-17 21:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-12-25 21:18 . 2004-08-17 14:44 25600 -c--a-w- c:\windows\system32\dllcache\hidbth.sys
2009-12-25 21:18 . 2004-08-17 14:44 25600 ----a-w- c:\windows\system32\drivers\hidbth.sys
2009-12-25 21:17 . 2004-08-03 22:10 38016 -c--a-w- c:\windows\system32\dllcache\bthmodem.sys
2009-12-25 21:17 . 2004-08-03 22:10 38016 ----a-w- c:\windows\system32\drivers\bthmodem.sys
2009-12-21 12:15 . 2009-12-21 12:15 -------- d-----w- c:\program files\OLYMPUS
2009-12-21 12:14 . 2009-12-21 12:14 -------- d-----w- c:\program files\MSXML 4.0
2009-12-21 10:35 . 2010-01-03 21:20 -------- d-----w- c:\program files\MSECACHE
2009-12-21 09:29 . 2009-12-21 09:29 1010688 ----a-w- C:\oko.msi
2009-12-21 00:29 . 2009-12-21 00:29 -------- d-----w- c:\program files\WPMP150
2009-12-20 16:27 . 2009-12-20 16:35 -------- d-----w- c:\program files\Minilyrics
2009-12-19 19:32 . 2009-12-19 19:33 -------- d-----w- c:\program files\SuperScan
2009-12-19 15:37 . 2009-12-19 15:37 -------- d-----w- c:\program files\LopeSoft
2009-12-19 15:19 . 2009-12-20 20:10 2048 ----a-w- c:\windows\asilft.dat
2009-12-19 15:19 . 2009-12-20 20:10 -------- d-----w- c:\program files\CAVU Software
2009-12-19 15:14 . 2009-12-19 15:14 -------- d-----w- c:\program files\OpenXX
2009-12-19 15:01 . 2010-01-03 21:02 -------- d-----w- c:\program files\Fast Explorer
2009-12-18 14:18 . 2009-12-18 14:21 -------- d-----w- c:\program files\Vertus Play With Pictures
2009-12-16 09:11 . 2009-12-16 09:11 65856 ----a-w- c:\windows\system32\NLSSRV32.EXE
2009-12-15 20:40 . 2009-12-15 20:40 13952 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 23:34 . 2009-06-29 23:51 -------- d-----w- c:\program files\SpeedFan
2010-01-10 11:58 . 2009-11-18 00:30 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-09 11:20 . 2009-07-12 20:14 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-08 09:43 . 2009-11-30 12:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-03 21:45 . 2009-12-02 15:57 -------- d-----w- c:\program files\JDownloader
2010-01-03 21:07 . 2009-06-17 07:34 -------- d-----w- c:\program files\IObit
2009-12-28 06:50 . 2009-05-25 14:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-26 13:19 . 2009-11-12 10:00 171552 ----a-w- c:\windows\system32\guard32.dll
2009-12-26 13:19 . 2009-11-12 10:00 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-12-26 11:58 . 2009-12-02 17:16 -------- d-----w- c:\program files\Miranda IM KP v5.0.8.5
2009-12-25 21:24 . 2009-05-02 14:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-25 21:15 . 2006-03-02 12:00 79242 ----a-w- c:\windows\system32\perfc005.dat
2009-12-25 21:15 . 2006-03-02 12:00 432278 ----a-w- c:\windows\system32\perfh005.dat
2009-12-20 23:50 . 2009-11-12 10:00 -------- d-----w- c:\program files\COMODO
2009-12-20 22:39 . 2009-08-17 08:45 -------- d-----w- c:\program files\Windows Media Connect 2
2009-12-20 22:37 . 2009-08-09 16:19 -------- d-----w- c:\program files\Trezor
2009-12-20 21:28 . 2009-07-11 00:21 -------- d-----w- c:\program files\Zoner
2009-12-20 20:43 . 2009-08-03 21:18 -------- d-----w- c:\program files\Common Files\GTK
2009-12-20 20:17 . 2009-07-06 11:44 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-12-20 20:15 . 2009-05-16 16:32 -------- d-----w- c:\program files\Common Files\Totem Shared
2009-12-14 08:39 . 2009-07-16 13:07 -------- d-----w- c:\program files\CCleaner
2009-12-11 09:45 . 2009-12-11 09:45 774144 ----a-w- c:\windows\system32\kcpp.dll
2009-12-07 06:44 . 2009-11-21 21:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-06 19:04 . 2009-05-11 06:30 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-12-06 13:14 . 2009-07-01 20:01 -------- d-----w- c:\program files\Digital Video Converter
2009-12-04 19:38 . 2009-07-03 12:48 -------- d-----w- c:\program files\FreeCommander
2009-12-03 15:14 . 2009-11-21 21:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-11-21 21:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 16:27 . 2009-12-01 16:27 57344 ----a-w- c:\windows\system32\ASTSRV.EXE
2009-11-30 10:36 . 2009-11-30 10:36 456167 ----a-w- c:\windows\Natura Sound Therapy Uninstaller.exe
2009-11-30 10:36 . 2009-11-30 10:36 -------- d-----w- c:\program files\Natura Sound Therapy
2009-11-28 15:20 . 2009-11-28 15:20 -------- d-----w- c:\program files\Microsoft SDKs
2009-11-28 08:24 . 2009-11-27 13:18 -------- d-----w- c:\program files\Common Files\Reallusion
2009-11-27 13:09 . 2009-11-27 13:05 -------- d-----w- c:\program files\ASCII Art Maker 1.7
2009-11-25 23:06 . 2009-11-25 23:06 34384 ----a-w- c:\windows\system32\drivers\ScreamingBAudio.sys
2009-11-24 23:54 . 2009-07-30 08:11 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-07-30 08:12 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-07-30 08:12 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-07-30 08:12 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-07-30 08:12 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-07-30 08:12 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-24 15:44 . 2009-05-11 07:07 -------- d-----w- c:\program files\Opera
2009-11-24 07:46 . 2009-11-24 07:46 -------- d-----w- c:\program files\VDMSound
2009-11-24 07:33 . 2009-07-05 16:10 -------- d-----w- c:\program files\DOSBox-0.72
2009-11-22 21:07 . 2009-11-22 21:07 4608 ----a-w- c:\windows\system32\bbchlp.dll
2009-11-22 21:07 . 2009-11-22 21:07 4096 ----a-w- c:\windows\system32\drivers\bbcap.sys
2009-11-22 21:07 . 2009-11-22 21:07 30720 ----a-w- c:\windows\system32\bbcap.dll
2009-11-22 21:06 . 2009-11-22 21:06 -------- d-----w- c:\program files\Common Files\Blueberry Software
2009-11-20 11:16 . 2009-11-20 11:16 89 ----a-w- c:\windows\rafazon.bat
2009-11-19 16:29 . 2009-11-19 16:29 -------- d-----w- c:\program files\NCS Z-tools.he
2009-11-19 09:23 . 2009-11-19 09:12 -------- d-----w- c:\program files\ABBYY FineReader 9.0
2009-11-19 09:16 . 2009-11-19 09:16 -------- d-----w- c:\program files\Common Files\ABBYY
2009-11-18 10:10 . 2009-11-12 10:00 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-11-18 10:10 . 2009-11-12 10:00 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-11-13 23:55 . 2009-11-13 23:55 -------- d-----w- c:\program files\Realtek
2009-11-13 23:55 . 2009-11-13 23:55 319488 ----a-w- c:\windows\HideWin.exe
2009-11-13 21:15 . 2009-11-13 21:15 720896 ----a-w- c:\windows\iun6002.exe
2009-10-16 07:31 . 2009-10-16 07:31 102400 ----a-w- c:\windows\EarthView.scr
2009-06-04 07:40 . 2009-05-25 15:23 0 -csha-w- c:\windows\system32\sys_drv.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2005-03-04 512000]
"VTTimer"="VTTimer.exe" [2009-06-18 53248]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-11-18 1800464]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODDRMBS\0autocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
2009-11-18 10:09 1800464 ----a-w- c:\program files\COMODO\COMODO Internet Security\cfp.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"AutoSizer"="c:\program files\AutoSizer\AutoSizer.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"FriendSea Presenter"=c:\documents and settings\Torrentino\Local Settings\Apps\2.0\44B1XRO7.J0H\7D6D1ANH.5OQ\pres..tion_52c63c2ab491981b_0001.0002_05a35518c9a715d1\Presenter.exe
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"VTTrayp"=VTtrayp.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SDaemon"=c:\windows\sdaemon.exe
"SWd"=c:\windows\winwd.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"IMJPMIG8.1"=c:\windows\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe"
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\UnrealTournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31. 7. 2008 19:45 20744]
R0 mcctl;mcctl;c:\windows\system32\drivers\mcctl.sys [4. 7. 2009 23:45 4864]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8. 6. 2009 13:24 721904]
R0 WINSEC;WINSEC;c:\windows\system32\drivers\winsec.sys [18. 4. 2005 22:57 20352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30. 7. 2009 9:12 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [12. 11. 2009 11:00 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [12. 11. 2009 11:00 25160]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [29. 6. 2009 17:45 18152]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [16. 12. 2009 16:26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [16. 12. 2009 16:26 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30. 7. 2009 9:12 20560]
R2 ICQ Service;ICQ Service;c:\progra~1\ICQ6TO~1\ICQSER~1.EXE [8. 1. 2010 18:11 222968]
R2 ioperm;ioperm support for Cygwin driver;\??\c:\documents and settings\Torrentino\Plocha\cmospwd\cmospwd-4.6\windows\ioperm.sys --> c:\documents and settings\Torrentino\Plocha\cmospwd\cmospwd-4.6\windows\ioperm.sys [?]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [16. 12. 2009 10:09 188736]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [16. 12. 2009 10:11 65856]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [22. 11. 2009 22:07 4096]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7. 12. 2008 11:44 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2. 7. 2008 13:58 26248]
R3 ncfvsbus;NCF Virtual Serial Bus Enumerator;c:\windows\system32\drivers\ncfvsbus.sys [16. 10. 2009 9:29 25088]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [26. 11. 2009 0:06 34384]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [25. 12. 2009 22:29 27632]
S3 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6. 12. 2007 19:03 660768]
S3 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [27. 2. 2009 15:40 143467]
S3 mcdevice;mcdevice;c:\windows\system32\drivers\mcdevice.sys [4. 7. 2009 23:45 15872]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [25. 12. 2009 22:27 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [25. 12. 2009 22:27 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [25. 12. 2009 22:27 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [25. 12. 2009 22:27 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [25. 12. 2009 22:27 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [25. 12. 2009 22:27 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [25. 12. 2009 22:27 109736]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16. 12. 2009 16:27 7408]
S3 XScanPF;XScanPF;\??\c:\documents and settings\Torrentino\Plocha\X-Scan-v3.3-en\X-Scan-v3.3\dat\xpf.sys --> c:\documents and settings\Torrentino\Plocha\X-Scan-v3.3-en\X-Scan-v3.3\dat\xpf.sys [?]
S4 HitmanPro35Crusader;Hitman Pro 3.5 Crusader;"c:\documents and settings\Torrentino\Plocha\Hitman_Pro_3.5.3.80\Hitman Pro 3.5.3.80\HitmanPro35.exe" /crusader --> c:\documents and settings\Torrentino\Plocha\Hitman_Pro_3.5.3.80\Hitman Pro 3.5.3.80\HitmanPro35.exe [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-04 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]
2009-12-29 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
2010-01-03 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = socks=
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
FF - ProfilePath - c:\documents and settings\Torrentino\Data aplikací\Mozilla\Firefox\Profiles\p00u9z8c.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-Applications Driver - svohost.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 11:09
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x84D721F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf76d3fc3
\Driver\ACPI -> ACPI.sys @ 0xf742dcb8
\Driver\atapi -> 0x84d721f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\documents and settings\Torrentino\Local Settings\TEMP\ASFWHide"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(708)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(2524)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\VTTimer.exe
.
**************************************************************************
.
Celkový čas: 2010-01-11 11:16:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-11 10:16
Před spuštěním: Volných bajtů: 13 485 764 608
Po spuštění: Volných bajtů: 13 466 824 704
- - End Of File - - AE99ED0F19011E7EBC4E7285910AC4F4
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.447.103 [GMT 1:00]
Spuštěný z: c:\documents and settings\Torrentino\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091222-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\wpcap.dll
c:\windows\xobglu16.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-11 do 2010-01-11 )))))))))))))))))))))))))))))))
.
2010-01-10 18:46 . 2010-01-10 18:47 -------- d-----w- C:\rsit
2010-01-10 12:58 . 2009-12-16 08:50 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-01-10 12:58 . 2009-12-16 08:50 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-01-10 12:57 . 2010-01-10 12:57 -------- d-----w- c:\program files\Common Files\Nitro PDF
2010-01-10 12:56 . 2010-01-10 12:56 -------- d-----w- c:\program files\Nitro PDF
2010-01-09 12:25 . 2010-01-11 10:04 -------- d-----w- c:\program files\ICQ6.5
2010-01-08 17:11 . 2010-01-08 17:11 -------- d-----w- c:\program files\ICQ6Toolbar
2010-01-08 09:57 . 2010-01-08 09:57 -------- d-----w- c:\program files\Screaming Bee
2010-01-08 09:47 . 2010-01-08 10:20 -------- d-----w- C:\vcs5BGEffects
2010-01-08 09:45 . 2010-01-08 10:20 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND
2010-01-04 19:15 . 2010-01-04 19:42 -------- d-----w- c:\program files\thriXXX
2010-01-04 15:55 . 2010-01-04 17:00 -------- d-----w- c:\program files\Vegas Strip
2010-01-04 14:47 . 2010-01-04 20:24 -------- d-----w- c:\program files\Digamour
2010-01-03 21:20 . 2010-01-03 21:20 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-12-29 18:22 . 2009-12-29 18:22 -------- d-----w- c:\documents and settings\Torrentino\NabÝdka Start
2009-12-29 18:10 . 2009-12-29 18:10 -------- d-----w- c:\program files\Utherverse Digital Inc
2009-12-29 17:11 . 2009-12-30 00:18 -------- d-----w- c:\windows\Lhsp
2009-12-29 17:10 . 2009-12-29 17:11 -------- d-----w- c:\windows\speech
2009-12-29 16:27 . 2009-12-29 16:27 -------- d-----w- c:\program files\iWisoft Flash SWF Downloader
2009-12-29 16:20 . 2009-12-29 16:20 -------- d-----w- c:\program files\GOZTUN
2009-12-29 16:20 . 2008-10-16 21:58 1650688 ----a-w- c:\windows\system32\ActivaCOM.dll
2009-12-29 16:20 . 2009-12-29 16:20 -------- d-----w- c:\program files\SWFlash Vampires
2009-12-29 14:07 . 2009-12-29 14:07 -------- d-----w- c:\program files\GRETECH
2009-12-29 13:35 . 2009-12-29 13:44 -------- d-----w- c:\program files\Nsauditor
2009-12-29 13:23 . 2010-01-03 21:10 -------- d-----w- c:\program files\Nsasoft
2009-12-27 13:28 . 2009-12-27 13:32 -------- d-----w- c:\program files\RODX
2009-12-27 08:55 . 2010-01-03 21:04 -------- d---a-w- C:\vir_pepa
2009-12-27 08:38 . 2009-12-27 08:38 -------- d-----w- C:\sys
2009-12-26 12:36 . 2009-12-26 12:36 -------- d-----w- c:\program files\Common Files\Skype
2009-12-26 12:36 . 2010-01-03 21:07 -------- d-----r- c:\program files\Skype
2009-12-26 11:38 . 2009-12-26 11:38 -------- d-----w- c:\documents and settings\LocalService\Plocha
2009-12-25 22:15 . 2009-12-25 22:15 -------- d-----w- C:\Lyrics
2009-12-25 21:29 . 2008-01-09 10:28 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2009-12-25 21:27 . 2008-10-21 09:22 109736 ----a-w- c:\windows\system32\drivers\s0017unic.sys
2009-12-25 21:27 . 2008-10-21 09:22 10792 ----a-w- c:\windows\system32\drivers\s0017cr.sys
2009-12-25 21:27 . 2008-10-21 09:22 108328 ----a-w- c:\windows\system32\drivers\s0017mgmt.sys
2009-12-25 21:27 . 2008-10-21 09:22 104616 ----a-w- c:\windows\system32\drivers\s0017obex.sys
2009-12-25 21:27 . 2008-10-21 09:22 26024 ----a-w- c:\windows\system32\drivers\s0017nd5.sys
2009-12-25 21:27 . 2008-10-21 09:22 15016 ----a-w- c:\windows\system32\drivers\s0017mdfl.sys
2009-12-25 21:27 . 2008-10-21 09:22 12200 ----a-w- c:\windows\system32\drivers\s0017cmnt.sys
2009-12-25 21:27 . 2008-10-21 09:22 12200 ----a-w- c:\windows\system32\drivers\s0017cm.sys
2009-12-25 21:27 . 2008-10-21 09:22 114600 ----a-w- c:\windows\system32\drivers\s0017mdm.sys
2009-12-25 21:27 . 2008-10-21 09:22 86824 ----a-w- c:\windows\system32\drivers\s0017bus.sys
2009-12-25 21:27 . 2008-10-21 09:22 12200 ----a-w- c:\windows\system32\drivers\s0017whnt.sys
2009-12-25 21:27 . 2008-10-21 09:22 12200 ----a-w- c:\windows\system32\drivers\s0017wh.sys
2009-12-25 21:18 . 2001-10-24 10:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-12-25 21:18 . 2001-10-24 10:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-12-25 21:18 . 2004-08-17 14:45 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-12-25 21:18 . 2004-08-17 14:45 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-12-25 21:18 . 2001-08-17 21:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-12-25 21:18 . 2001-08-17 21:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-12-25 21:18 . 2004-08-17 14:44 25600 -c--a-w- c:\windows\system32\dllcache\hidbth.sys
2009-12-25 21:18 . 2004-08-17 14:44 25600 ----a-w- c:\windows\system32\drivers\hidbth.sys
2009-12-25 21:17 . 2004-08-03 22:10 38016 -c--a-w- c:\windows\system32\dllcache\bthmodem.sys
2009-12-25 21:17 . 2004-08-03 22:10 38016 ----a-w- c:\windows\system32\drivers\bthmodem.sys
2009-12-21 12:15 . 2009-12-21 12:15 -------- d-----w- c:\program files\OLYMPUS
2009-12-21 12:14 . 2009-12-21 12:14 -------- d-----w- c:\program files\MSXML 4.0
2009-12-21 10:35 . 2010-01-03 21:20 -------- d-----w- c:\program files\MSECACHE
2009-12-21 09:29 . 2009-12-21 09:29 1010688 ----a-w- C:\oko.msi
2009-12-21 00:29 . 2009-12-21 00:29 -------- d-----w- c:\program files\WPMP150
2009-12-20 16:27 . 2009-12-20 16:35 -------- d-----w- c:\program files\Minilyrics
2009-12-19 19:32 . 2009-12-19 19:33 -------- d-----w- c:\program files\SuperScan
2009-12-19 15:37 . 2009-12-19 15:37 -------- d-----w- c:\program files\LopeSoft
2009-12-19 15:19 . 2009-12-20 20:10 2048 ----a-w- c:\windows\asilft.dat
2009-12-19 15:19 . 2009-12-20 20:10 -------- d-----w- c:\program files\CAVU Software
2009-12-19 15:14 . 2009-12-19 15:14 -------- d-----w- c:\program files\OpenXX
2009-12-19 15:01 . 2010-01-03 21:02 -------- d-----w- c:\program files\Fast Explorer
2009-12-18 14:18 . 2009-12-18 14:21 -------- d-----w- c:\program files\Vertus Play With Pictures
2009-12-16 09:11 . 2009-12-16 09:11 65856 ----a-w- c:\windows\system32\NLSSRV32.EXE
2009-12-15 20:40 . 2009-12-15 20:40 13952 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 23:34 . 2009-06-29 23:51 -------- d-----w- c:\program files\SpeedFan
2010-01-10 11:58 . 2009-11-18 00:30 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-09 11:20 . 2009-07-12 20:14 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-08 09:43 . 2009-11-30 12:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-03 21:45 . 2009-12-02 15:57 -------- d-----w- c:\program files\JDownloader
2010-01-03 21:07 . 2009-06-17 07:34 -------- d-----w- c:\program files\IObit
2009-12-28 06:50 . 2009-05-25 14:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-26 13:19 . 2009-11-12 10:00 171552 ----a-w- c:\windows\system32\guard32.dll
2009-12-26 13:19 . 2009-11-12 10:00 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-12-26 11:58 . 2009-12-02 17:16 -------- d-----w- c:\program files\Miranda IM KP v5.0.8.5
2009-12-25 21:24 . 2009-05-02 14:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-25 21:15 . 2006-03-02 12:00 79242 ----a-w- c:\windows\system32\perfc005.dat
2009-12-25 21:15 . 2006-03-02 12:00 432278 ----a-w- c:\windows\system32\perfh005.dat
2009-12-20 23:50 . 2009-11-12 10:00 -------- d-----w- c:\program files\COMODO
2009-12-20 22:39 . 2009-08-17 08:45 -------- d-----w- c:\program files\Windows Media Connect 2
2009-12-20 22:37 . 2009-08-09 16:19 -------- d-----w- c:\program files\Trezor
2009-12-20 21:28 . 2009-07-11 00:21 -------- d-----w- c:\program files\Zoner
2009-12-20 20:43 . 2009-08-03 21:18 -------- d-----w- c:\program files\Common Files\GTK
2009-12-20 20:17 . 2009-07-06 11:44 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-12-20 20:15 . 2009-05-16 16:32 -------- d-----w- c:\program files\Common Files\Totem Shared
2009-12-14 08:39 . 2009-07-16 13:07 -------- d-----w- c:\program files\CCleaner
2009-12-11 09:45 . 2009-12-11 09:45 774144 ----a-w- c:\windows\system32\kcpp.dll
2009-12-07 06:44 . 2009-11-21 21:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-06 19:04 . 2009-05-11 06:30 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-12-06 13:14 . 2009-07-01 20:01 -------- d-----w- c:\program files\Digital Video Converter
2009-12-04 19:38 . 2009-07-03 12:48 -------- d-----w- c:\program files\FreeCommander
2009-12-03 15:14 . 2009-11-21 21:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-11-21 21:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 16:27 . 2009-12-01 16:27 57344 ----a-w- c:\windows\system32\ASTSRV.EXE
2009-11-30 10:36 . 2009-11-30 10:36 456167 ----a-w- c:\windows\Natura Sound Therapy Uninstaller.exe
2009-11-30 10:36 . 2009-11-30 10:36 -------- d-----w- c:\program files\Natura Sound Therapy
2009-11-28 15:20 . 2009-11-28 15:20 -------- d-----w- c:\program files\Microsoft SDKs
2009-11-28 08:24 . 2009-11-27 13:18 -------- d-----w- c:\program files\Common Files\Reallusion
2009-11-27 13:09 . 2009-11-27 13:05 -------- d-----w- c:\program files\ASCII Art Maker 1.7
2009-11-25 23:06 . 2009-11-25 23:06 34384 ----a-w- c:\windows\system32\drivers\ScreamingBAudio.sys
2009-11-24 23:54 . 2009-07-30 08:11 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-07-30 08:12 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-07-30 08:12 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-07-30 08:12 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-07-30 08:12 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-07-30 08:12 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-24 15:44 . 2009-05-11 07:07 -------- d-----w- c:\program files\Opera
2009-11-24 07:46 . 2009-11-24 07:46 -------- d-----w- c:\program files\VDMSound
2009-11-24 07:33 . 2009-07-05 16:10 -------- d-----w- c:\program files\DOSBox-0.72
2009-11-22 21:07 . 2009-11-22 21:07 4608 ----a-w- c:\windows\system32\bbchlp.dll
2009-11-22 21:07 . 2009-11-22 21:07 4096 ----a-w- c:\windows\system32\drivers\bbcap.sys
2009-11-22 21:07 . 2009-11-22 21:07 30720 ----a-w- c:\windows\system32\bbcap.dll
2009-11-22 21:06 . 2009-11-22 21:06 -------- d-----w- c:\program files\Common Files\Blueberry Software
2009-11-20 11:16 . 2009-11-20 11:16 89 ----a-w- c:\windows\rafazon.bat
2009-11-19 16:29 . 2009-11-19 16:29 -------- d-----w- c:\program files\NCS Z-tools.he
2009-11-19 09:23 . 2009-11-19 09:12 -------- d-----w- c:\program files\ABBYY FineReader 9.0
2009-11-19 09:16 . 2009-11-19 09:16 -------- d-----w- c:\program files\Common Files\ABBYY
2009-11-18 10:10 . 2009-11-12 10:00 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-11-18 10:10 . 2009-11-12 10:00 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-11-13 23:55 . 2009-11-13 23:55 -------- d-----w- c:\program files\Realtek
2009-11-13 23:55 . 2009-11-13 23:55 319488 ----a-w- c:\windows\HideWin.exe
2009-11-13 21:15 . 2009-11-13 21:15 720896 ----a-w- c:\windows\iun6002.exe
2009-10-16 07:31 . 2009-10-16 07:31 102400 ----a-w- c:\windows\EarthView.scr
2009-06-04 07:40 . 2009-05-25 15:23 0 -csha-w- c:\windows\system32\sys_drv.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2005-03-04 512000]
"VTTimer"="VTTimer.exe" [2009-06-18 53248]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-11-18 1800464]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODDRMBS\0autocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
2009-11-18 10:09 1800464 ----a-w- c:\program files\COMODO\COMODO Internet Security\cfp.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"AutoSizer"="c:\program files\AutoSizer\AutoSizer.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"FriendSea Presenter"=c:\documents and settings\Torrentino\Local Settings\Apps\2.0\44B1XRO7.J0H\7D6D1ANH.5OQ\pres..tion_52c63c2ab491981b_0001.0002_05a35518c9a715d1\Presenter.exe
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"VTTrayp"=VTtrayp.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SDaemon"=c:\windows\sdaemon.exe
"SWd"=c:\windows\winwd.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"IMJPMIG8.1"=c:\windows\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe"
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\UnrealTournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31. 7. 2008 19:45 20744]
R0 mcctl;mcctl;c:\windows\system32\drivers\mcctl.sys [4. 7. 2009 23:45 4864]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8. 6. 2009 13:24 721904]
R0 WINSEC;WINSEC;c:\windows\system32\drivers\winsec.sys [18. 4. 2005 22:57 20352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30. 7. 2009 9:12 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [12. 11. 2009 11:00 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [12. 11. 2009 11:00 25160]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [29. 6. 2009 17:45 18152]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [16. 12. 2009 16:26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [16. 12. 2009 16:26 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30. 7. 2009 9:12 20560]
R2 ICQ Service;ICQ Service;c:\progra~1\ICQ6TO~1\ICQSER~1.EXE [8. 1. 2010 18:11 222968]
R2 ioperm;ioperm support for Cygwin driver;\??\c:\documents and settings\Torrentino\Plocha\cmospwd\cmospwd-4.6\windows\ioperm.sys --> c:\documents and settings\Torrentino\Plocha\cmospwd\cmospwd-4.6\windows\ioperm.sys [?]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [16. 12. 2009 10:09 188736]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [16. 12. 2009 10:11 65856]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [22. 11. 2009 22:07 4096]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7. 12. 2008 11:44 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2. 7. 2008 13:58 26248]
R3 ncfvsbus;NCF Virtual Serial Bus Enumerator;c:\windows\system32\drivers\ncfvsbus.sys [16. 10. 2009 9:29 25088]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [26. 11. 2009 0:06 34384]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [25. 12. 2009 22:29 27632]
S3 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6. 12. 2007 19:03 660768]
S3 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [27. 2. 2009 15:40 143467]
S3 mcdevice;mcdevice;c:\windows\system32\drivers\mcdevice.sys [4. 7. 2009 23:45 15872]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [25. 12. 2009 22:27 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [25. 12. 2009 22:27 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [25. 12. 2009 22:27 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [25. 12. 2009 22:27 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [25. 12. 2009 22:27 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [25. 12. 2009 22:27 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [25. 12. 2009 22:27 109736]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16. 12. 2009 16:27 7408]
S3 XScanPF;XScanPF;\??\c:\documents and settings\Torrentino\Plocha\X-Scan-v3.3-en\X-Scan-v3.3\dat\xpf.sys --> c:\documents and settings\Torrentino\Plocha\X-Scan-v3.3-en\X-Scan-v3.3\dat\xpf.sys [?]
S4 HitmanPro35Crusader;Hitman Pro 3.5 Crusader;"c:\documents and settings\Torrentino\Plocha\Hitman_Pro_3.5.3.80\Hitman Pro 3.5.3.80\HitmanPro35.exe" /crusader --> c:\documents and settings\Torrentino\Plocha\Hitman_Pro_3.5.3.80\Hitman Pro 3.5.3.80\HitmanPro35.exe [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-04 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]
2009-12-29 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
2010-01-03 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = socks=
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
FF - ProfilePath - c:\documents and settings\Torrentino\Data aplikací\Mozilla\Firefox\Profiles\p00u9z8c.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-Applications Driver - svohost.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 11:09
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x84D721F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf76d3fc3
\Driver\ACPI -> ACPI.sys @ 0xf742dcb8
\Driver\atapi -> 0x84d721f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\documents and settings\Torrentino\Local Settings\TEMP\ASFWHide"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(708)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(2524)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\VTTimer.exe
.
**************************************************************************
.
Celkový čas: 2010-01-11 11:16:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-11 10:16
Před spuštěním: Volných bajtů: 13 485 764 608
Po spuštění: Volných bajtů: 13 466 824 704
- - End Of File - - AE99ED0F19011E7EBC4E7285910AC4F4
Re: cmd /c mbr.exe -t >log.txt&start log.txt
Klepnete na Tento pocitac-Nastroje-Moznosti slozky-Zobrazeni-a odfajfkujte Skryt chranene soubory operacniho systemu a oznacte Zobrazovat skryte soubory a slozky.Po ukonceni vsech procedur stejnou cestou vratte nastaveni zpet. otestujte na VIRUSTOTALuc:\windows\system32\drivers\hitmanpro35.sys
c:\windows\system32\kcpp.dll
c:\windows\system32\sys_drv.dat
c:\documents and settings\Torrentino\Local Settings\Apps\2.0\44B1XRO7.J0H\7D6D1ANH.5OQ\pres..tion_52c63c2ab491981b_0001.0002_05a35518c9a715d1\Presenter.exe
c:\Windows\System32\drivers\atapi.sys
(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledek sem vlozte)
Pokud skener napíše, že soubor již byl testován, dejte otestovat znovu.c:\windows\system32\drivers\hitmanpro35.sys
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: cmd /c mbr.exe -t >log.txt&start log.txt
http://www.virustotal.com/cs/analisis/4 ... 1263214591
http://www.virustotal.com/cs/analisis/0 ... 1263214645
http://www.virustotal.com/vt/cs/recepci ... b809f38d3d
tady to nejde otestovat, ukazuje to :
0 bytes size received / Se ha recibido un archivo vacio
http://www.virustotal.com/cs/analisis/e ... 1263214901
http://www.virustotal.com/cs/analisis/0 ... 1263214950
http://www.virustotal.com/cs/analisis/0 ... 1263214645
http://www.virustotal.com/vt/cs/recepci ... b809f38d3d
tady to nejde otestovat, ukazuje to :
0 bytes size received / Se ha recibido un archivo vacio
http://www.virustotal.com/cs/analisis/e ... 1263214901
http://www.virustotal.com/cs/analisis/0 ... 1263214950
Re: cmd /c mbr.exe -t >log.txt&start log.txt
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: cmd /c mbr.exe -t >log.txt&start log.txt
PC se chová normálně... předtím sem taky nepozoroval problém.
Šlo jen o ten výpis mbr.
SP3 tedy doinstaluju... je to nutné?
Šlo jen o ten výpis mbr.
SP3 tedy doinstaluju... je to nutné?
Re: cmd /c mbr.exe -t >log.txt&start log.txt
Pokud mate zapnute automaticke aktualizace,tak by se vam stejne ten SP3 mel stahnout.
Ja osobne bych ho doinstaloval ihned.
Jeste pro jistotu toto.
Stahnete MBR
ulozte ho na plochu-spustte - vytvori se log mbr.log, vlozte ho cely sem.
Ja osobne bych ho doinstaloval ihned.
Jeste pro jistotu toto.
Stahnete MBR ulozte ho na plochu-spustte - vytvori se log mbr.log, vlozte ho cely sem.
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: cmd /c mbr.exe -t >log.txt&start log.txt
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
akorát ten příkaz Re: cmd /c mbr.exe -t >log.txt&start log.txt vypisuje furt
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x84D721F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x84d721f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
neznamená to něco? Jinak du na ten SP3
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
akorát ten příkaz Re: cmd /c mbr.exe -t >log.txt&start log.txt vypisuje furt
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x84D721F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x84d721f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
neznamená to něco? Jinak du na ten SP3
Re: cmd /c mbr.exe -t >log.txt&start log.txt
Chápu, že tu třeba není moderátor, co mi radil, ale rád bych znal odpověď na otázku od kohokoliv znalého problému. Děkuji.
Re: cmd /c mbr.exe -t >log.txt&start log.txt
Díky za odpověď.
Teď to ukazuje pouze:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK.
Je tedy vše v pořádku a můžu téma uzavřít?
// jinak PC je nějaký rychlejší... nebo se mi to zdá?
Mohla mít ta úprava vliv?
Teď to ukazuje pouze:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK.
Je tedy vše v pořádku a můžu téma uzavřít?
// jinak PC je nějaký rychlejší... nebo se mi to zdá?
Mohla mít ta úprava vliv?
Přispějete na provoz fóra?