Prevence Vyřešeno

[phpbb]

prosim o preventivní kontrolu Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:50:30, on 8. 11. 2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\QIP Infium JadrisPack\infium.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IStray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FriendSea Presenter] C:\Documents and Settings\tom\Local Settings\Apps\2.0\44B1XRO7.J0H\7D6D1ANH.5OQ\pres..tion_52c63c2ab491981b_0001.0002_05a35518c9a715d1\Presenter.exe
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [3CXPhone] C:\Program Files\3CX VoIP
O4 - HKCU\..\Run: [PoivY] "C:\Program Files\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 5618 bytes

[Reklama]

[pitimir]

Ahoj, ake mas problemy?

Stiahni RSIT. Spust, klik na "Continue". Po dokoneceni by se ti mal otvorit textovy subor. Ten skopiruj sem.
Pokial by sa nieco stalo, najdes ho aj na adrese "C:\rsit\log.txt".

[phpbb]

No nevim,jestli to sou problémy.Ale zdá se mi hodně zbržděnej explorer a IObit mi dycky najde nějakej spyware,smaže a furt dokola ten stejnej.Ale ted si nevzpomenu,jak se jmenuje.
Logfile of random's system information tool 1.06 (written by random/random)
Run by tom at 2009-11-08 18:35:34
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 6 GB (15%) free of 38 GB
Total RAM: 447 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:35:49, on 8. 11. 2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\QIP Infium JadrisPack\infium.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\The KMPlayer\KMPlayer.exe
C:\Documents and Settings\tom\Plocha\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\tom.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IStray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FriendSea Presenter] C:\Documents and Settings\tom\Local Settings\Apps\2.0\44B1XRO7.J0H\7D6D1ANH.5OQ\pres..tion_52c63c2ab491981b_0001.0002_05a35518c9a715d1\Presenter.exe
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [3CXPhone] C:\Program Files\3CX VoIP
O4 - HKCU\..\Run: [PoivY] "C:\Program Files\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 5783 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\DriverCure.job
C:\WINDOWS\tasks\ParetoLogic Registration.job
C:\WINDOWS\tasks\ParetoLogic Update Version2.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-14 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-08-29 161096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"=C:\Program Files\VIAudioi\SBADeck\ADeck.exe [2005-03-04 512000]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2009-06-18 53248]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-09-15 81000]
"IObit Security 360"=C:\Program Files\IObit\IObit Security 360\IStray.exe [2009-06-08 773392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]
"FriendSea Presenter"=C:\Documents and Settings\tom\Local Settings\Apps\2.0\44B1XRO7.J0H\7D6D1ANH.5OQ\pres..tion_52c63c2ab491981b_0001.0002_05a35518c9a715d1\Presenter.exe [2009-10-14 50688]
"FreeCall"=C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe [2008-09-01 9109296]
"VoipDiscount"=C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe -nosplash -minimized []
"3CXPhone"=C:\Program Files\3CX VoIP []
"PoivY"=C:\Program Files\PoivY.com\PoivY\PoivY.exe [2009-07-08 9167648]

C:\Documents and Settings\tom\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"Nová hodnota #1"=
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoResolveSearch"=
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=
"NoFolderOptions"=
"NoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall"
"C:\Program Files\DreamCom\DreamCom.exe"="C:\Program Files\DreamCom\DreamCom.exe:*:Enabled:DreamCom"
"C:\QIP Infium JadrisPack\infium.exe"="C:\QIP Infium JadrisPack\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\UnrealTournament\System\UnrealTournament.exe"="C:\Program Files\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Clear FTP 2006\clearftp.exe"="C:\Program Files\Clear FTP 2006\clearftp.exe:*:Enabled:clearftp"
"C:\Program Files\Miranda IM KP v4.2\miranda32.exe"="C:\Program Files\Miranda IM KP v4.2\miranda32.exe:*:Enabled:Miranda IM"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Nokia\Devices\Nokia_6131_NFC_SDK_1_1\bin\emulator.exe"="C:\Nokia\Devices\Nokia_6131_NFC_SDK_1_1\bin\emulator.exe:*:Enabled:emulator"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\NCH Swift Sound\Talk\talk.exe"="C:\Program Files\NCH Swift Sound\Talk\talk.exe:*:Enabled:Express Talk"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ace Translator\AceTrans.exe"="C:\Program Files\Ace Translator\AceTrans.exe:*:Enabled:Ace Translator"

======List of files/folders created in the last 1 months======

2009-11-08 18:35:34 ----D---- C:\rsit
2009-11-07 20:05:11 ----D---- C:\Program Files\Clone Shareware
2009-11-07 19:26:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\RH_Backups
2009-11-04 20:05:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Egoset
2009-11-04 20:04:41 ----D---- C:\Program Files\MyPlayCity.ru
2009-11-04 15:25:49 ----D---- C:\Program Files\Castle Knatterfels
2009-11-04 11:38:44 ----D---- C:\Program Files\PoivY.com
2009-11-04 10:20:30 ----D---- C:\Documents and Settings\tom\Data aplikací\NCH Swift Sound
2009-11-01 14:02:38 ----AD---- C:\WINDOWS\VDLL.DLL
2009-11-01 14:02:38 ----AD---- C:\WINDOWS\RUNDL132.EXE
2009-11-01 14:02:38 ----AD---- C:\WINDOWS\logo_1.exe
2009-10-29 13:14:34 ----D---- C:\Documents and Settings\tom\Data aplikací\JonDo
2009-10-18 21:06:13 ----D---- C:\Documents and Settings\tom\Data aplikací\Stardock
2009-10-17 14:54:42 ----A---- C:\WINDOWS\cdsutil.INI
2009-10-17 14:53:55 ----A---- C:\WINDOWS\ndet2000.INI
2009-10-17 14:52:24 ----D---- C:\Program Files\Net Detective
2009-10-16 09:29:18 ----D---- C:\Nokia
2009-10-16 09:28:57 ----HD---- C:\Program Files\Zero G Registry
2009-10-16 09:27:01 ----D---- C:\WINDOWS\system32\Temp
2009-10-16 09:00:33 ----D---- C:\Documents and Settings\tom\Data aplikací\TERMINAL Studio
2009-10-16 09:00:22 ----A---- C:\WINDOWS\system32\bass.dll
2009-10-16 09:00:21 ----D---- C:\Program Files\Free Anti-Smoking Screensaver
2009-10-16 08:31:59 ----D---- C:\Documents and Settings\tom\Data aplikací\DeskSoft
2009-10-15 20:52:00 ----D---- C:\Documents and Settings\tom\Data aplikací\Magic Academy 2
2009-10-15 20:34:24 ----D---- C:\Program Files\Nevosoft
2009-10-15 19:35:12 ----D---- C:\Program Files\Photo Collage Creator
2009-10-14 12:16:42 ----D---- C:\temp
2009-10-14 12:05:46 ----D---- C:\WINDOWS\system32\XPSViewer
2009-10-14 12:05:35 ----D---- C:\WINDOWS\system32\en-US
2009-10-14 12:05:25 ----D---- C:\Program Files\Reference Assemblies
2009-10-14 12:04:59 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-10-14 12:04:59 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-10-14 12:04:58 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-10-14 12:04:58 ----D---- C:\e290aabbdfd3e4a271b2bb
2009-10-14 11:58:47 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-10-11 22:31:07 ----A---- C:\WINDOWS\WaterIllusion.ini
2009-10-11 22:28:10 ----D---- C:\Program Files\Nufsoft
2009-10-11 10:55:20 ----D---- C:\Microsoft
2009-10-10 17:10:47 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2009-10-10 17:10:47 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2009-10-10 17:10:46 ----A---- C:\WINDOWS\system32\msir3jp.dll
2009-10-10 17:10:46 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2009-10-10 17:10:31 ----A---- C:\WINDOWS\system32\c_g18030.dll
2009-10-10 17:10:30 ----A---- C:\WINDOWS\system32\kbd101a.dll
2009-10-10 17:10:20 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2009-10-10 17:10:20 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2009-10-10 17:10:20 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2009-10-10 17:10:20 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2009-10-10 17:10:20 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2009-10-10 17:10:20 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2009-10-10 17:10:20 ----A---- C:\WINDOWS\system32\kbdax2.dll
2009-10-10 17:10:20 ----A---- C:\WINDOWS\system32\kbd106n.dll
2009-10-10 17:10:20 ----A---- C:\WINDOWS\system32\kbd101.dll
2009-10-10 17:10:20 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2009-10-10 17:10:04 ----A---- C:\WINDOWS\system32\c_is2022.dll
2009-10-10 17:09:07 ----A---- C:\WINDOWS\system32\uniime.dll
2009-10-10 17:09:00 ----A---- C:\WINDOWS\system32\imjp81k.dll

======List of files/folders modified in the last 1 months======

2009-11-08 18:35:42 ----D---- C:\WINDOWS\Prefetch
2009-11-08 16:39:15 ----D---- C:\WINDOWS\temp
2009-11-08 12:28:05 ----A---- C:\WINDOWS\system32\bscs.ini
2009-11-08 00:04:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-07 21:56:31 ----D---- C:\Program Files\(Crimson) FF Fight Flash Animation
2009-11-07 21:55:48 ----D---- C:\Program Files\DreamCom
2009-11-07 20:11:37 ----RD---- C:\Program Files
2009-11-07 20:09:24 ----SD---- C:\Documents and Settings\tom\Data aplikací\Microsoft
2009-11-07 20:06:14 ----AD---- C:\WINDOWS
2009-11-07 20:06:05 ----D---- C:\WINDOWS\system32\ShellExt
2009-11-06 08:47:53 ----D---- C:\Program Files\SpeedFan
2009-11-05 13:14:23 ----D---- C:\Program Files\Mozilla Firefox
2009-11-05 00:09:48 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-04 20:49:26 ----A---- C:\WINDOWS\winsc32.ini
2009-11-04 10:59:27 ----SHD---- C:\WINDOWS\Installer
2009-11-04 10:59:27 ----D---- C:\WINDOWS\system32
2009-10-31 18:54:34 ----D---- C:\Program Files\UnrealTournament
2009-10-29 14:43:14 ----D---- C:\Program Files\Opera
2009-10-25 13:45:09 ----D---- C:\Documents and Settings\tom\Data aplikací\dvdcss
2009-10-25 13:24:23 ----D---- C:\Program Files\FreeRapid-0.82
2009-10-25 11:11:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-24 13:36:52 ----D---- C:\Documents and Settings\tom\Data aplikací\Skype
2009-10-20 17:28:05 ----D---- C:\Documents and Settings\tom\Data aplikací\skypePM
2009-10-18 21:32:45 ----D---- C:\Program Files\Stardock
2009-10-18 21:32:39 ----RSD---- C:\WINDOWS\assembly
2009-10-18 09:19:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-17 18:52:58 ----D---- C:\Program Files\Zoner
2009-10-17 18:52:09 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-10-17 16:28:26 ----D---- C:\WINDOWS\system32\drivers
2009-10-17 16:20:16 ----D---- C:\Documents and Settings\tom\Data aplikací\Thinstall
2009-10-16 09:39:14 ----D---- C:\Program Files\Flash Player Pro
2009-10-16 09:30:37 ----HD---- C:\WINDOWS\inf
2009-10-16 09:27:34 ----D---- C:\WTK20
2009-10-16 09:27:01 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-14 13:07:26 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-14 12:07:32 ----D---- C:\WINDOWS\WinSxS
2009-10-14 12:05:38 ----D---- C:\Program Files\MSBuild
2009-10-14 12:05:32 ----RSD---- C:\WINDOWS\Fonts
2009-10-14 12:05:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-14 12:01:38 ----D---- C:\WINDOWS\system32\mui
2009-10-14 12:01:29 ----D---- C:\Program Files\Internet Explorer
2009-10-13 13:44:59 ----A---- C:\WINDOWS\ULEAD32.INI
2009-10-13 13:43:58 ----D---- C:\Program Files\phenomedia
2009-10-13 13:43:28 ----D---- C:\Program Files\Rainlendar2
2009-10-13 13:42:53 ----A---- C:\WINDOWS\QIII.INI
2009-10-13 13:42:51 ----D---- C:\Program Files\Quake III Arena
2009-10-13 13:42:11 ----D---- C:\Program Files\MyPlayCity.com
2009-10-13 13:40:23 ----D---- C:\Program Files\Evolution
2009-10-13 13:38:56 ----D---- C:\Program Files\Bomberic 2
2009-10-10 17:10:46 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-09-15 27408]
R1 AmdK8;Ovladač procesoru AMD Athlon64; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 38400]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-09-15 52368]
R1 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-09-15 23152]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-03-05 34576]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 btnetBUs;Bluetooth PAN Bus Service; C:\WINDOWS\System32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2009-06-18 42496]
R3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-07-02 26248]
R3 ncfvsbus;NCF Virtual Serial Bus Enumerator; C:\WINDOWS\system32\DRIVERS\ncfvsbus.sys [2004-11-26 25088]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-02 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-02 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-03-02 20480]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2009-06-18 283904]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2005-02-01 176128]
S3 ags6ka8e;ags6ka8e; C:\WINDOWS\system32\drivers\ags6ka8e.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-03-02 60800]
S3 ASFWHide;ASFWHide; \??\C:\Documents and Settings\tom\Local Settings\TEMP\ASFWHide []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-03-05 39184]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 mbr;mbr; \??\C:\DOCUME~1\TORREN~1\LOCALS~1\Temp\mbr.sys []
S3 mcdevice;mcdevice; C:\WINDOWS\system32\DRIVERS\mcdevice.sys [2007-12-05 15872]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-03-02 61824]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2003-04-04 30336]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-07-28 47360]
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2006-03-02 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-03-02 29184]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XScanPF;XScanPF; \??\C:\Documents and Settings\tom\Plocha\X-Scan-v3.3-en\X-Scan-v3.3\dat\xpf.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2006-03-02 73344]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-09-15 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-09-15 138680]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2009-02-27 850432]
R2 BsMobileCS;BsMobileCS; C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-08-16 604416]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-09-15 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-09-15 352920]
R3 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2009-02-27 98407]
S2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2006-03-02 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2003-04-04 77824]
S3 Start BT in service;Start BT in service; C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-21 52080]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-08-16 361216]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
S4 ISservice;ISservice; C:\Program Files\IObit\IObit Security 360\ISsrv.exe [2009-06-08 214800]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[pitimir]

Vidim pouzity MWAV - co nasiel?

1) Prezen masinou SAS - co najde, zmaz. Vloz log (najdes ho v Statistike/Zaznamoch) a mozes odinstalovat.


2) Otestuj subor(y) na >>VIRUSTOTALe<<:

Kód: Vybrat vše

C:\Documents and Settings\tom\Local Settings\Apps\2.0\44B1XRO7.J0H\7D6D1ANH.5OQ\pres..tion_52c63c2ab491981b_0001.0002_05a35518c9a715d1\Presenter.exe

Ak vypise, ze subor uz bol testovany, daj ho otestovat znovu. Vysledok posli ako LINK.

[phpbb]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/08/2009 at 08:27 PM

Application Version : 4.29.1004

Core Rules Database Version : 4247
Trace Rules Database Version: 2138

Scan type : Quick Scan
Total Scan Time : 00:21:17

Memory items scanned : 477
Memory threats detected : 0
Registry items scanned : 432
Registry threats detected : 0
File items scanned : 7105
File threats detected : 5

Adware.Tracking Cookie
C:\Documents and Settings\TOM\Cookies\TOM@toplist[1].txt

Trojan.SVCHost/Fake
C:\DOCUMENTS AND SETTINGS\TOM\DATA APLIKACí\THINSTALL\DRIVER GENIUS PROFESSIONAL EDITION\1000000600002I\SVCHOST.EXE

Trojan.Dropper/SVCHost-Fake
C:\DOCUMENTS AND SETTINGS\TOM\LOCAL SETTINGS\DATA APLIKACí\THINSTALL\CACHE\STUBS\99611C6D9E9BA32FC6B648BEB5EE199C46D3BB4\SVCHOST.EXE

Trojan.Agent/Gen
C:\DOCUMENTS AND SETTINGS\TOM\PLOCHA\EXEHELPER.COM

NotHarmful.Sysinternals Bluescreen Screen Saver
C:\DOCUMENTS AND SETTINGS\TOM\PLOCHA\PROGRAMY\OSTATNí-PROGRAMY\SYSINTERNALSBLUESCREEN.SCR

virustotal : čisto /nestihl sem odkaz,protože se restartoval PC 0/40

MWAV co našel si nepamatuju,ale byli to jen tracking cookies a nějakej spyware.

[pitimir]

Ten exeHelper si stiahol kde?

Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.

Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!

[phpbb]

Z toho odkazu nejde stáhnou a jinak sem stáhl odjinud už dva a každej ukazuje platnost vypršela a možnost spustit v omezenem režimu.

[phpbb]

Už zas odkaz jde.
ComboFix 09-11-09.02 - tom . 11. 2009 17:24.8.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.447.147 [GMT 1:00]
Spuštěný z: c:\documents and settings\tom\Plocha\vvv.exe
AV: avast! antivirus 4.8.1356 [VPS 091111-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Microsoft
c:\microsoft\IMJP8_1\imjp81u.dic
c:\program files\Search Settings
c:\program files\Search Settings\kb128\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\regedit.com
c:\windows\system32\drivers\npf.sys
c:\windows\system32\MSN
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\taskmgr.com
c:\windows\system32\wfxhelp22.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Soubory vytvořené od 2009-10-11 do 2009-11-11 )))))))))))))))))))))))))))))))
.

2009-11-10 21:27 . 2009-11-10 21:27 -------- d-----w- c:\program files\XdN Software
2009-11-09 19:19 . 2009-11-09 19:19 -------- d-----w- C:\stepup
2009-11-08 17:35 . 2009-11-08 17:35 -------- d-----w- C:\rsit
2009-11-07 19:05 . 2009-11-07 19:05 -------- d-----w- c:\program files\Clone Shareware
2009-11-04 19:04 . 2009-11-04 19:04 -------- d-----w- c:\program files\MyPlayCity.ru
2009-11-04 14:25 . 2009-11-04 14:33 -------- d-----w- c:\program files\Castle Knatterfels
2009-11-04 10:38 . 2009-11-04 10:38 -------- d-----w- c:\program files\PoivY.com
2009-11-01 13:02 . 2009-11-01 13:02 -------- d---a-w- c:\windows\VDLL.DLL
2009-11-01 13:02 . 2009-11-01 13:02 -------- d---a-w- c:\windows\RUNDL132.EXE
2009-11-01 13:02 . 2009-11-01 13:02 -------- d---a-w- c:\windows\logo_1.exe
2009-10-17 13:52 . 2009-10-17 13:58 -------- d-----w- c:\program files\Net Detective
2009-10-16 08:29 . 2004-11-26 09:15 25088 ----a-w- c:\windows\system32\drivers\ncfvsbus.sys
2009-10-16 08:29 . 2004-11-26 09:15 12288 ----a-w- c:\windows\system32\drivers\ncfvcom.sys
2009-10-16 08:29 . 2009-10-16 08:29 -------- d-----w- c:\documents and settings\tom\.Nokia
2009-10-16 08:29 . 2009-10-16 08:29 -------- d-----w- C:\Nokia
2009-10-16 08:28 . 2009-10-16 08:30 -------- d--h--w- c:\program files\Zero G Registry
2009-10-16 08:28 . 2009-10-16 08:28 -------- d--h--w- c:\documents and settings\tom\InstallAnywhere
2009-10-16 08:27 . 2009-10-16 08:27 -------- d-----w- c:\windows\system32\Temp
2009-10-16 08:00 . 2008-02-14 15:57 8126464 ----a-w- c:\windows\system32\Free Anti-Smoking Screensaver.scr
2009-10-16 08:00 . 2006-02-15 14:26 92216 ----a-w- c:\windows\system32\bass.dll
2009-10-16 08:00 . 2009-10-16 08:00 -------- d-----w- c:\program files\Free Anti-Smoking Screensaver
2009-10-16 07:31 . 2009-10-16 07:31 102400 ----a-w- c:\windows\EarthView.scr
2009-10-15 19:34 . 2009-10-15 19:34 -------- d-----w- c:\program files\Nevosoft
2009-10-15 18:35 . 2009-10-15 18:35 -------- d-----w- c:\program files\Photo Collage Creator
2009-10-14 11:16 . 2009-10-14 13:22 -------- d-----w- C:\temp
2009-10-14 11:05 . 2009-10-14 11:05 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-14 11:05 . 2009-10-14 11:05 -------- d-----w- c:\program files\Reference Assemblies
2009-10-14 11:04 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-14 11:04 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-14 11:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-14 11:04 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-14 11:04 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-14 11:04 . 2009-10-14 11:05 -------- d-----w- C:\e290aabbdfd3e4a271b2bb
2009-10-14 11:04 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-14 11:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-10 11:03 . 2009-07-09 14:27 -------- d-----w- c:\program files\FreeRapid-0.82
2009-11-10 07:03 . 2009-06-29 23:51 -------- d-----w- c:\program files\SpeedFan
2009-11-08 19:02 . 2009-07-30 07:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-08 19:02 . 2009-05-25 14:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-07 20:56 . 2009-05-11 08:29 -------- d-----w- c:\program files\(Crimson) FF Fight Flash Animation
2009-11-07 20:55 . 2009-05-19 22:05 -------- d-----w- c:\program files\DreamCom
2009-11-07 16:48 . 2009-07-28 14:28 -------- d-----w- c:\program files\Zwangi
2009-10-31 17:54 . 2009-06-14 12:34 -------- d-----w- c:\program files\UnrealTournament
2009-10-29 13:43 . 2009-05-11 07:07 -------- d-----w- c:\program files\Opera
2009-10-25 10:11 . 2006-03-02 12:00 79242 ----a-w- c:\windows\system32\perfc005.dat
2009-10-25 10:11 . 2006-03-02 12:00 432278 ----a-w- c:\windows\system32\perfh005.dat
2009-10-18 20:32 . 2009-09-10 15:59 -------- d-----w- c:\program files\Stardock
2009-10-18 08:19 . 2009-05-13 11:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-17 17:52 . 2009-07-11 00:21 -------- d-----w- c:\program files\Zoner
2009-10-16 08:39 . 2009-05-11 09:31 -------- d-----w- c:\program files\Flash Player Pro
2009-10-16 08:27 . 2009-05-02 14:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-14 11:05 . 2009-09-01 15:22 -------- d-----w- c:\program files\MSBuild
2009-10-13 12:43 . 2009-05-11 16:50 -------- d-----w- c:\program files\phenomedia
2009-10-13 12:43 . 2009-09-18 08:35 -------- d-----w- c:\program files\Rainlendar2
2009-10-13 12:42 . 2009-06-08 13:05 -------- d-----w- c:\program files\Quake III Arena
2009-10-13 12:42 . 2009-08-01 09:10 -------- d-----w- c:\program files\MyPlayCity.com
2009-10-13 12:40 . 2009-07-24 18:24 -------- d-----w- c:\program files\Evolution
2009-10-13 12:38 . 2009-05-15 12:29 -------- d-----w- c:\program files\Bomberic 2
2009-10-11 21:28 . 2009-10-11 21:28 -------- d-----w- c:\program files\Nufsoft
2009-10-05 12:39 . 2009-07-03 12:48 -------- d-----w- c:\program files\FreeCommander
2009-10-04 16:00 . 2009-10-04 16:00 -------- d-----w- c:\program files\PSPad editor
2009-10-04 10:46 . 2009-10-04 10:46 -------- d-----w- c:\program files\Truster
2009-10-03 14:30 . 2009-10-03 14:29 -------- d-----w- c:\program files\Dlužníci - Úpadci
2009-09-29 20:26 . 2009-09-29 20:26 -------- d-----w- c:\program files\softendo.com
2009-09-29 15:50 . 2009-09-29 15:50 705850 ----a-w- C:\phprs_v2-8-1_cz.zip
2009-09-29 13:01 . 2009-06-09 20:36 -------- d-----w- c:\program files\IrfanView
2009-09-29 11:27 . 2009-09-29 11:25 -------- d-----w- c:\program files\NetMeter
2009-09-29 10:50 . 2009-09-29 10:50 -------- d-----w- c:\program files\Ashampoo
2009-09-28 11:15 . 2009-09-28 11:15 -------- d-----w- c:\program files\ZJSoftware
2009-09-26 10:31 . 2009-09-26 10:31 -------- d-----r- c:\program files\Skype
2009-09-26 10:31 . 2009-09-26 10:31 -------- d-----w- c:\program files\Common Files\Skype
2009-09-22 14:56 . 2009-09-09 16:48 -------- d-----w- c:\program files\AV Vcs 4.0 DIAMOND
2009-09-22 01:57 . 2009-09-15 12:59 -------- d-----w- c:\program files\Common Files\BinarySense
2009-09-21 15:40 . 2009-09-21 14:25 -------- d-----w- c:\program files\Clear FTP 2006
2009-09-18 08:45 . 2009-09-18 08:45 -------- d-----w- c:\program files\Poedit
2009-09-18 08:21 . 2009-09-18 08:21 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-09-18 08:21 . 2009-09-18 08:21 -------- d-----w- c:\program files\ParetoLogic
2009-09-17 14:18 . 2009-06-26 12:43 -------- d-----w- c:\program files\OperaBlocks
2009-09-15 13:50 . 2009-09-15 13:50 -------- d-----w- c:\program files\Extreme EXE
2009-09-15 10:59 . 2009-07-30 08:11 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2009-07-30 08:12 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:56 . 2009-07-30 08:12 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2009-07-30 08:12 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-07-30 08:12 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:54 . 2009-07-30 08:12 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2009-07-30 08:12 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2009-07-30 08:12 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 10:53 . 2009-07-30 08:12 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-10 15:02 . 2009-09-10 15:02 160 ----a-w- c:\windows\LearsyShare.dat
2009-09-10 12:54 . 2009-05-13 11:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-05-13 11:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-31 10:26 . 2009-08-31 10:24 4492090 ----a-w- c:\windows\REGBK00.ZIP
2009-08-31 09:53 . 2009-08-31 09:53 632064 ----a-w- c:\windows\system32\msvcr80.dll
2009-08-31 09:53 . 2009-08-31 09:53 554240 ----a-w- c:\windows\system32\msvcp80.dll
2009-08-31 09:53 . 2009-08-31 09:53 34048 ----a-w- c:\windows\system32\eEmpty.exe
2009-08-30 11:42 . 2009-08-30 11:35 8129 ----a-w- c:\windows\mozver.dat
2009-08-30 11:36 . 2009-04-30 10:05 335 ----a-w- c:\windows\nsreg.dat
2009-08-29 15:11 . 2009-08-29 14:48 4 ----a-w- c:\windows\info147.sys
2009-08-16 17:58 . 2009-08-16 17:58 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-08-16 17:58 . 2009-08-16 17:58 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-04 12:20 . 2009-06-04 12:20 29 ----a-w- c:\program files\hdtv.sys
2009-06-04 12:20 . 2009-06-04 12:20 23 ----a-w- c:\program files\hfkud16.sys
2009-06-04 07:40 . 2009-05-25 15:23 0 --sha-w- c:\windows\system32\sys_drv.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FriendSea Presenter"="c:\documents and settings\tom\Local Settings\Apps\2.0\44B1XRO7.J0H\7D6D1ANH.5OQ\pres..tion_52c63c2ab491981b_0001.0002_05a35518c9a715d1\Presenter.exe" [2009-10-14 50688]
"FreeCall"="c:\program files\FreeCall.com\FreeCall\FreeCall.exe" [2008-09-01 9109296]
"PoivY"="c:\program files\PoivY.com\PoivY\PoivY.exe" [2009-07-08 9167648]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2005-03-04 512000]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IStray.exe" [2009-06-08 773392]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2009-06-18 53248]

c:\documents and settings\tom\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODDRMBS\0autocheck autochk *

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"FreeCall"="c:\program files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
"Google Update"="c:\documents and settings\tom\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"myweather"="c:\program files\MyFreeWeather\MyWeather.exe" /autorun
"AutoSizer"="c:\program files\AutoSizer\AutoSizer.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"DriverCure"=c:\program files\ParetoLogic\DriverCure\DriverCure.exe -scan
"c:\program files\NetMeter\NetMeter.exe"=c:\program files\NetMeter\NetMeter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"VTTrayp"=VTtrayp.exe
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"IObit Security 360"=c:\program files\IObit\IObit Security 360\IStray.exe
"SeePassword"=c:\program files\SeePassword\SeePassword.exe
"SDaemon"=c:\windows\sdaemon.exe
"SWd"=c:\windows\winwd.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"SearchSettings"=c:\program files\Search Settings\SearchSettings.exe
"Ashampoo FireWall PRO"="c:\program files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" -TRAY
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"IMJPMIG8.1"=c:\windows\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\QIP Infium JadrisPack\\infium.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\UnrealTournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Clear FTP 2006\\clearftp.exe"=
"c:\\Program Files\\Miranda IM KP v4.2\\miranda32.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Nokia\\Devices\\Nokia_6131_NFC_SDK_1_1\\bin\\emulator.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31. 7. 2008 19:45 20744]
R0 mcctl;mcctl;c:\windows\system32\drivers\mcctl.sys [4. 7. 2009 23:45 4864]
R0 WINSEC;WINSEC;c:\windows\system32\drivers\winsec.sys [18. 4. 2005 22:57 20352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30. 7. 2009 9:12 114768]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [29. 6. 2009 17:45 18152]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12. 10. 2009 21:24 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12. 10. 2009 21:24 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30. 7. 2009 9:12 20560]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [27. 2. 2009 15:40 143467]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [16. 8. 2009 18:58 604416]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7. 12. 2008 11:44 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2. 7. 2008 13:58 26248]
R3 ncfvsbus;NCF Virtual Serial Bus Enumerator;c:\windows\system32\drivers\ncfvsbus.sys [16. 10. 2009 9:29 25088]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12. 10. 2009 21:24 7408]
S3 mcdevice;mcdevice;c:\windows\system32\drivers\mcdevice.sys [4. 7. 2009 23:45 15872]
S3 XScanPF;XScanPF;\??\c:\documents and settings\tom\Plocha\X-Scan-v3.3-en\X-Scan-v3.3\dat\xpf.sys --> c:\documents and settings\tom\Plocha\X-Scan-v3.3-en\X-Scan-v3.3\dat\xpf.sys [?]
S4 ISservice;ISservice;c:\program files\IObit\IObit Security 360\ISsrv.exe [6. 7. 2009 11:23 214800]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mbr
.
Obsah adresáře 'Naplánované úlohy'

2009-11-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]

2009-09-21 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-04-26 12:44]

2009-11-10 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2009-11-09 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Doplňkový sken -------
.
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
FF - ProfilePath - c:\documents and settings\tom\Data aplikací\Mozilla\Firefox\Profiles\umdvs8yl.default\
FF - prefs.js: network.proxy.http - 200.65.129.2
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- NASTAVENÍ FIREFOXU ----

FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-11 17:41
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x845891F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x845891f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\documents and settings\tom\Local Settings\TEMP\ASFWHide"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2272)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\msi.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-11-11 17:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-11-11 16:52

Před spuštěním: 7 308 513 280
Po spuštění: 7 216 357 376

- - End Of File - - 3675A63C52A04FDE06826D5ACE84DF81
MBR rootkit ?

[pitimir]

Bola chyba v CF, na par hodin bol odstaveny...
Ten MBR rootkit je nepravdepodobny, avsak pozrieme sa na to:

Stiahni RootRepeal. Spustis program, kliknes na "Report" -> "Scan" a zafajknes vsetky polozky. Stlac "OK" a spusti sa scan. Po jeho dokonceni klik na "Save Report" a vzniknuty log skopiruj sem.

[phpbb]

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/11/11 18:21
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\vvv\catchme.sys
Address: 0xF799C000 Size: 31744 File Visible: No Signed: -
Status: -

Name: Combo-Fix.sys
Image Path: Combo-Fix.sys
Address: 0xF768C000 Size: 60416 File Visible: No Signed: -
Status: -

Name: giveio.sys
Image Path: giveio.sys
Address: 0xF7BE4000 Size: 1664 File Visible: No Signed: -
Status: -

Name: PCI_PNP9602
Image Path: \Driver\PCI_PNP9602
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: PROCEXP113.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Address: 0xF7B48000 Size: 7872 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEC6A2000 Size: 49152 File Visible: No Signed: -
Status: -

Name: speedfan.sys
Image Path: speedfan.sys
Address: 0xF7B22000 Size: 5248 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: spwi.sys
Image Path: spwi.sys
Address: 0xF741A000 Size: 1052672 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\tom\Local Settings\Data aplikací\Opera\Opera\icons\http%3A%2F%2Fqip-jadrispack.ic.cz%2Ffavicon.ico
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\tom\Local Settings\Apps\2.0\44B1XRO7.J0H\7D6D1ANH.5OQ\manifests\Presenter.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\tom\Local Settings\Apps\2.0\44B1XRO7.J0H\7D6D1ANH.5OQ\manifests\Presenter.exe.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf573b6b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf573b574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf573ba52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf573b14c

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spwi.sys" at address 0xf7439ca4

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spwi.sys" at address 0xf743a032

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf573b64e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf573b08c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf573b0f0

#: 160 Function Name: NtQueryKey
Status: Hooked by "spwi.sys" at address 0xf743a10a

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf573b76e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf573b72e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf573b8ae

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xf58b90b0

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x845871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x845871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x845871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x845871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x845871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x845871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x845871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x845871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x845871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x845871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x845871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x845871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x845871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x845871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x845871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x845871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x845871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x845871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x845871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x845871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x845871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x845871f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x845891f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x845891f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x845891f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x845891f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x845891f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x845891f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x845891f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x843231f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x843231f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x843231f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x843231f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x843231f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x843231f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x843231f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x843231f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x843231f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x843231f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x843231f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x843d11f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x843d11f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x843d11f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x843d11f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x843d11f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x843d11f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x843d11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8458a1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8458a1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8458a1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8458a1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8458a1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8458a1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8458a1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8458a1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8458a1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8458a1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8458a1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x83f281f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x83f281f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x83f281f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x83f281f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x83f281f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x83f281f8 Size: 121

Object: Hidden Code [Driver: a9px59b4ȅ
瑎䍆ȁᰑ婢萨ȆĀ, IRP_MJ_CREATE]
Process: System Address: 0x842df1f8 Size: 121

Object: Hidden Code [Driver: a9px59b4ȅ
瑎䍆ȁᰑ婢萨ȆĀ, IRP_MJ_CLOSE]
Process: System Address: 0x842df1f8 Size: 121

Object: Hidden Code [Driver: a9px59b4ȅ
瑎䍆ȁᰑ婢萨ȆĀ, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x842df1f8 Size: 121

Object: Hidden Code [Driver: a9px59b4ȅ
瑎䍆ȁᰑ婢萨ȆĀ, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x842df1f8 Size: 121

Object: Hidden Code [Driver: a9px59b4ȅ
瑎䍆ȁᰑ婢萨ȆĀ, IRP_MJ_POWER]
Process: System Address: 0x842df1f8 Size: 121

Object: Hidden Code [Driver: a9px59b4ȅ
瑎䍆ȁᰑ婢萨ȆĀ, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x842df1f8 Size: 121

Object: Hidden Code [Driver: a9px59b4ȅ
瑎䍆ȁᰑ婢萨ȆĀ, IRP_MJ_PNP]
Process: System Address: 0x842df1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x843ba1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x843ba1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x843ba1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x843ba1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x843ba1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x843ba1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x843ba1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x83d751f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_CREATE]
Process: System Address: 0x8423a500 Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_CLOSE]
Process: System Address: 0x8423a500 Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_READ]
Process: System Address: 0x8423a500 Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8423a500 Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8423a500 Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8423a500 Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8423a500 Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8423a500 Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8423a500 Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8423a500 Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8423a500 Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_CLEANUP]
Process: System Address: 0x8423a500 Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_PNP]
Process: System Address: 0x8423a500 Size: 121

==EOF==

[pitimir]

Podla mna CF keca, ziaden MBR nevidim...skus este toto a ak bude nalez nulovy, tak to zabalime s tym, ze je to OK :)
Pouzi:
- Mebroot Fixtool
- EMebRemover

Daj vediet, co najdu.

[phpbb]

Je to čistý,takže jestli můžu uzavřít, tak děkuju za pomoc a doufám,že už ji nebudu v budoucnu potřebovat