ComboFix 07-10-30.5 - S 2007-10-31 15:33:05.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.165 [GMT 1:00]
Running from: C:\Documents and Settings\S\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\S\Desktop\CFScript.txt.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Kaspersky Lab
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\ah.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\ah.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\as.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\bb.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\cf.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\credits.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\hints.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\main.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\mc.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\oas.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\prot.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\report.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\sc.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\scan.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\service.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\settings.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\spy.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\updater.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\layout\main.ini
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\layout\report.ini
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\layout\scan.ini
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\layout\settings.ini
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\AVPCCCfg.log
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\AVPCCServ.log
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\AVPCCUser.log
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\BACKUP\AvpM.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\INSTALL.LOG
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\Report\avp32.rpt
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\Report\avpm.rpt
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\Report\avpupd.rep
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\lambda.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\ahzal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\aszal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\bbzal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\cfzal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\creditszal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\hintszal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\mainzal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\mczal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\oaszal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\protzal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\reportzal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\scanzal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\sczal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\servicezal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\settingszal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\spyzal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\updaterzal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\kis7_eng_75.jpg
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\lambda.txt
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\Thumbs.db
C:\Program Files\Panda Security
C:\WINDOWS\BDOSCAN8
C:\WINDOWS\BDOSCAN8\avxdisk.dll
C:\WINDOWS\BDOSCAN8\avxs.dll
C:\WINDOWS\BDOSCAN8\avxt.dll
C:\WINDOWS\BDOSCAN8\bdcore.dll
C:\WINDOWS\BDOSCAN8\bdoscan.ini
C:\WINDOWS\BDOSCAN8\bdoscan.log
C:\WINDOWS\BDOSCAN8\bdupd.dll
C:\WINDOWS\BDOSCAN8\bdupd.dll.updpnd
C:\WINDOWS\BDOSCAN8\boot.xmd
C:\WINDOWS\BDOSCAN8\ipsupd.dll
C:\WINDOWS\BDOSCAN8\lang.ini
C:\WINDOWS\BDOSCAN8\libfn.dll
C:\WINDOWS\BDOSCAN8\librtvr.dll
C:\WINDOWS\BDOSCAN8\live.ini
C:\WINDOWS\BDOSCAN8\oscan8.ocx
C:\WINDOWS\BDOSCAN8\oscan82.ocx
C:\WINDOWS\BDOSCAN8\plugins.htm
C:\WINDOWS\BDOSCAN8\plugins\7zip.xmd
C:\WINDOWS\BDOSCAN8\plugins\access.xmd
C:\WINDOWS\BDOSCAN8\plugins\ace.xmd
C:\WINDOWS\BDOSCAN8\plugins\adsntfs.xmd
C:\WINDOWS\BDOSCAN8\plugins\alz.xmd
C:\WINDOWS\BDOSCAN8\plugins\arc.xmd
C:\WINDOWS\BDOSCAN8\plugins\arj.xmd
C:\WINDOWS\BDOSCAN8\plugins\bach.xmd
C:\WINDOWS\BDOSCAN8\plugins\boot.xmd
C:\WINDOWS\BDOSCAN8\plugins\bzip2.xmd
C:\WINDOWS\BDOSCAN8\plugins\cab.xmd
C:\WINDOWS\BDOSCAN8\plugins\ceva_dll.cvd
C:\WINDOWS\BDOSCAN8\plugins\ceva_emu.cvd
C:\WINDOWS\BDOSCAN8\plugins\ceva_vfs.cvd
C:\WINDOWS\BDOSCAN8\plugins\ceva_vfs.ivd
C:\WINDOWS\BDOSCAN8\plugins\cevakrnl.cvd
C:\WINDOWS\BDOSCAN8\plugins\cevakrnl.ivd
C:\WINDOWS\BDOSCAN8\plugins\cevakrnl.rvd
C:\WINDOWS\BDOSCAN8\plugins\cevakrnl.xmd
C:\WINDOWS\BDOSCAN8\plugins\cpio.xmd
C:\WINDOWS\BDOSCAN8\plugins\cran.cvd
C:\WINDOWS\BDOSCAN8\plugins\cran.ivd
C:\WINDOWS\BDOSCAN8\plugins\cran.xmd
C:\WINDOWS\BDOSCAN8\plugins\dbx.xmd
C:\WINDOWS\BDOSCAN8\plugins\docfile.xmd
C:\WINDOWS\BDOSCAN8\plugins\emalware.cvd
C:\WINDOWS\BDOSCAN8\plugins\emalware.i01
C:\WINDOWS\BDOSCAN8\plugins\emalware.i02
C:\WINDOWS\BDOSCAN8\plugins\emalware.i03
C:\WINDOWS\BDOSCAN8\plugins\emalware.i04
C:\WINDOWS\BDOSCAN8\plugins\emalware.i05
C:\WINDOWS\BDOSCAN8\plugins\emalware.i06
C:\WINDOWS\BDOSCAN8\plugins\emalware.i07
C:\WINDOWS\BDOSCAN8\plugins\emalware.i08
C:\WINDOWS\BDOSCAN8\plugins\emalware.i09
C:\WINDOWS\BDOSCAN8\plugins\emalware.i10
C:\WINDOWS\BDOSCAN8\plugins\emalware.i11
C:\WINDOWS\BDOSCAN8\plugins\emalware.i12
C:\WINDOWS\BDOSCAN8\plugins\emalware.i13
C:\WINDOWS\BDOSCAN8\plugins\emalware.i14
C:\WINDOWS\BDOSCAN8\plugins\emalware.i15
C:\WINDOWS\BDOSCAN8\plugins\emalware.i16
C:\WINDOWS\BDOSCAN8\plugins\emalware.i17
C:\WINDOWS\BDOSCAN8\plugins\emalware.i18
C:\WINDOWS\BDOSCAN8\plugins\emalware.i19
C:\WINDOWS\BDOSCAN8\plugins\emalware.i20
C:\WINDOWS\BDOSCAN8\plugins\emalware.i21
C:\WINDOWS\BDOSCAN8\plugins\emalware.i22
C:\WINDOWS\BDOSCAN8\plugins\emalware.i23
C:\WINDOWS\BDOSCAN8\plugins\emalware.i24
C:\WINDOWS\BDOSCAN8\plugins\emalware.i25
C:\WINDOWS\BDOSCAN8\plugins\emalware.i26
C:\WINDOWS\BDOSCAN8\plugins\emalware.i27
C:\WINDOWS\BDOSCAN8\plugins\emalware.i28
C:\WINDOWS\BDOSCAN8\plugins\emalware.i29
C:\WINDOWS\BDOSCAN8\plugins\emalware.i30
C:\WINDOWS\BDOSCAN8\plugins\emalware.i31
C:\WINDOWS\BDOSCAN8\plugins\emalware.i32
C:\WINDOWS\BDOSCAN8\plugins\emalware.i33
C:\WINDOWS\BDOSCAN8\plugins\emalware.i34
C:\WINDOWS\BDOSCAN8\plugins\emalware.i35
C:\WINDOWS\BDOSCAN8\plugins\emalware.i36
C:\WINDOWS\BDOSCAN8\plugins\emalware.i37
C:\WINDOWS\BDOSCAN8\plugins\emalware.i38
C:\WINDOWS\BDOSCAN8\plugins\emalware.i39
C:\WINDOWS\BDOSCAN8\plugins\emalware.i40
C:\WINDOWS\BDOSCAN8\plugins\emalware.i41
C:\WINDOWS\BDOSCAN8\plugins\emalware.i42
C:\WINDOWS\BDOSCAN8\plugins\emalware.i43
C:\WINDOWS\BDOSCAN8\plugins\emalware.i44
C:\WINDOWS\BDOSCAN8\plugins\emalware.i45
C:\WINDOWS\BDOSCAN8\plugins\emalware.i46
C:\WINDOWS\BDOSCAN8\plugins\emalware.i47
C:\WINDOWS\BDOSCAN8\plugins\emalware.i48
C:\WINDOWS\BDOSCAN8\plugins\emalware.i49
C:\WINDOWS\BDOSCAN8\plugins\emalware.i50
C:\WINDOWS\BDOSCAN8\plugins\emalware.i51
C:\WINDOWS\BDOSCAN8\plugins\emalware.i52
C:\WINDOWS\BDOSCAN8\plugins\emalware.i53
C:\WINDOWS\BDOSCAN8\plugins\emalware.i54
C:\WINDOWS\BDOSCAN8\plugins\emalware.i55
C:\WINDOWS\BDOSCAN8\plugins\emalware.i56
C:\WINDOWS\BDOSCAN8\plugins\emalware.i57
C:\WINDOWS\BDOSCAN8\plugins\emalware.i58
C:\WINDOWS\BDOSCAN8\plugins\emalware.i59
C:\WINDOWS\BDOSCAN8\plugins\emalware.i60
C:\WINDOWS\BDOSCAN8\plugins\emalware.i61
C:\WINDOWS\BDOSCAN8\plugins\emalware.i62
C:\WINDOWS\BDOSCAN8\plugins\emalware.i63
C:\WINDOWS\BDOSCAN8\plugins\emalware.i64
C:\WINDOWS\BDOSCAN8\plugins\emalware.i65
C:\WINDOWS\BDOSCAN8\plugins\emalware.i66
C:\WINDOWS\BDOSCAN8\plugins\emalware.i67
C:\WINDOWS\BDOSCAN8\plugins\emalware.i68
C:\WINDOWS\BDOSCAN8\plugins\emalware.i69
C:\WINDOWS\BDOSCAN8\plugins\emalware.i70
C:\WINDOWS\BDOSCAN8\plugins\emalware.i71
C:\WINDOWS\BDOSCAN8\plugins\emalware.i72
C:\WINDOWS\BDOSCAN8\plugins\emalware.i73
C:\WINDOWS\BDOSCAN8\plugins\emalware.i74
C:\WINDOWS\BDOSCAN8\plugins\emalware.i75
C:\WINDOWS\BDOSCAN8\plugins\emalware.i76
C:\WINDOWS\BDOSCAN8\plugins\emalware.i77
C:\WINDOWS\BDOSCAN8\plugins\emalware.i78
C:\WINDOWS\BDOSCAN8\plugins\emalware.i79
C:\WINDOWS\BDOSCAN8\plugins\emalware.i80
C:\WINDOWS\BDOSCAN8\plugins\emalware.i81
C:\WINDOWS\BDOSCAN8\plugins\emalware.i82
C:\WINDOWS\BDOSCAN8\plugins\emalware.i83
C:\WINDOWS\BDOSCAN8\plugins\emalware.i84
C:\WINDOWS\BDOSCAN8\plugins\emalware.i85
C:\WINDOWS\BDOSCAN8\plugins\emalware.i86
C:\WINDOWS\BDOSCAN8\plugins\emalware.i87
C:\WINDOWS\BDOSCAN8\plugins\emalware.i88
C:\WINDOWS\BDOSCAN8\plugins\emalware.i89
C:\WINDOWS\BDOSCAN8\plugins\emalware.i90
C:\WINDOWS\BDOSCAN8\plugins\emalware.i91
C:\WINDOWS\BDOSCAN8\plugins\emalware.i92
C:\WINDOWS\BDOSCAN8\plugins\emalware.i93
C:\WINDOWS\BDOSCAN8\plugins\emalware.i94
C:\WINDOWS\BDOSCAN8\plugins\emalware.i95
C:\WINDOWS\BDOSCAN8\plugins\emalware.i96
C:\WINDOWS\BDOSCAN8\plugins\emalware.i97
C:\WINDOWS\BDOSCAN8\plugins\emalware.i98
C:\WINDOWS\BDOSCAN8\plugins\emalware.i99
C:\WINDOWS\BDOSCAN8\plugins\emalware.ivd
C:\WINDOWS\BDOSCAN8\plugins\emalware.xmd
C:\WINDOWS\BDOSCAN8\plugins\epoc.xmd
C:\WINDOWS\BDOSCAN8\plugins\gzip.xmd
C:\WINDOWS\BDOSCAN8\plugins\ha.xmd
C:\WINDOWS\BDOSCAN8\plugins\hlp.xmd
C:\WINDOWS\BDOSCAN8\plugins\hpe.cvd
C:\WINDOWS\BDOSCAN8\plugins\hpe.xmd
C:\WINDOWS\BDOSCAN8\plugins\hqx.xmd
C:\WINDOWS\BDOSCAN8\plugins\html.xmd
C:\WINDOWS\BDOSCAN8\plugins\chm.xmd
C:\WINDOWS\BDOSCAN8\plugins\imp.xmd
C:\WINDOWS\BDOSCAN8\plugins\inno.xmd
C:\WINDOWS\BDOSCAN8\plugins\instyler.xmd
C:\WINDOWS\BDOSCAN8\plugins\iso.xmd
C:\WINDOWS\BDOSCAN8\plugins\java.cvd
C:\WINDOWS\BDOSCAN8\plugins\java.xmd
C:\WINDOWS\BDOSCAN8\plugins\jpeg.xmd
C:\WINDOWS\BDOSCAN8\plugins\lha.xmd
C:\WINDOWS\BDOSCAN8\plugins\lnk.xmd
C:\WINDOWS\BDOSCAN8\plugins\mbox.xmd
C:\WINDOWS\BDOSCAN8\plugins\mbx.xmd
C:\WINDOWS\BDOSCAN8\plugins\mdx.xmd
C:\WINDOWS\BDOSCAN8\plugins\mdx_97.cvd
C:\WINDOWS\BDOSCAN8\plugins\mdx_97.ivd
C:\WINDOWS\BDOSCAN8\plugins\mdx_w95.cvd
C:\WINDOWS\BDOSCAN8\plugins\mdx_x95.cvd
C:\WINDOWS\BDOSCAN8\plugins\mdx_xf.cvd
C:\WINDOWS\BDOSCAN8\plugins\mime.xmd
C:\WINDOWS\BDOSCAN8\plugins\mobmalware.cvd
C:\WINDOWS\BDOSCAN8\plugins\mobmalware.xmd
C:\WINDOWS\BDOSCAN8\plugins\mso.xmd
C:\WINDOWS\BDOSCAN8\plugins\na.cvd
C:\WINDOWS\BDOSCAN8\plugins\na.xmd
C:\WINDOWS\BDOSCAN8\plugins\nelf.cvd
C:\WINDOWS\BDOSCAN8\plugins\nelf.xmd
C:\WINDOWS\BDOSCAN8\plugins\nsis.xmd
C:\WINDOWS\BDOSCAN8\plugins\objd.xmd
C:\WINDOWS\BDOSCAN8\plugins\pdf.xmd
C:\WINDOWS\BDOSCAN8\plugins\pst.xmd
C:\WINDOWS\BDOSCAN8\plugins\rar.xmd
C:\WINDOWS\BDOSCAN8\plugins\rpm.xmd
C:\WINDOWS\BDOSCAN8\plugins\rtf.xmd
C:\WINDOWS\BDOSCAN8\plugins\rup.cvd
C:\WINDOWS\BDOSCAN8\plugins\rup.xmd
C:\WINDOWS\BDOSCAN8\plugins\sdx.cvd
C:\WINDOWS\BDOSCAN8\plugins\sdx.ivd
C:\WINDOWS\BDOSCAN8\plugins\sdx.xmd
C:\WINDOWS\BDOSCAN8\plugins\sfx.xmd
C:\WINDOWS\BDOSCAN8\plugins\swf.xmd
C:\WINDOWS\BDOSCAN8\plugins\tar.xmd
C:\WINDOWS\BDOSCAN8\plugins\td0.xmd
C:\WINDOWS\BDOSCAN8\plugins\thebat.xmd
C:\WINDOWS\BDOSCAN8\plugins\tnef.xmd
C:\WINDOWS\BDOSCAN8\plugins\unpack.cvd
C:\WINDOWS\BDOSCAN8\plugins\unpack.ivd
C:\WINDOWS\BDOSCAN8\plugins\unpack.xmd
C:\WINDOWS\BDOSCAN8\plugins\update.txt
C:\WINDOWS\BDOSCAN8\plugins\uudecode.xmd
C:\WINDOWS\BDOSCAN8\plugins\ve.cvd
C:\WINDOWS\BDOSCAN8\plugins\ve.ivd
C:\WINDOWS\BDOSCAN8\plugins\ve.xmd
C:\WINDOWS\BDOSCAN8\plugins\vedata.cvd
C:\WINDOWS\BDOSCAN8\plugins\viza.xmd
C:\WINDOWS\BDOSCAN8\plugins\wise.xmd
C:\WINDOWS\BDOSCAN8\plugins\xishield.xmd
C:\WINDOWS\BDOSCAN8\plugins\z.xmd
C:\WINDOWS\BDOSCAN8\plugins\zip.xmd
C:\WINDOWS\BDOSCAN8\plugins\zoo.xmd
C:\WINDOWS\BDOSCAN8\rtvr.html
C:\WINDOWS\BDOSCAN8\rtvr2.html
C:\WINDOWS\BDOSCAN8\scanoptions.tsi
C:\WINDOWS\BDOSCAN8\scanoptions.tsk
C:\WINDOWS\BDOSCAN8\scanrep.html
C:\WINDOWS\BDOSCAN8\scanres.html
C:\WINDOWS\BDOSCAN8\scanres2.html
C:\WINDOWS\BDOSCAN8\upd82.bpx
C:\WINDOWS\is-C7ANI.exe
C:\WINDOWS\is-D2HSU.exe
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\systems.txt
C:\WINDOWS\system32\taskmgr.com
.
((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-31 )))))))))))))))))))))))))))))))
.
2007-10-31 14:53 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-29 15:12 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-10-28 20:22 <DIR> d-------- C:\Program Files\Common Files\Agnitum Shared
2007-10-28 20:22 <DIR> d-------- C:\Program Files\Agnitum
2007-10-27 19:20 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-27 19:20 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-10-27 19:20 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-27 19:20 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-27 19:20 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-27 19:20 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-27 19:20 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-19 16:45 <DIR> d-------- C:\Program Files\Hamachi
2007-10-16 19:28 <DIR> d-------- C:\Program Files\TDK
2007-10-08 19:49 <DIR> d-------- C:\Program Files\LookInMyPC
2007-09-28 12:27 980 --a------ C:\WINDOWS\eReg.dat
2007-09-23 20:44 <DIR> d-------- C:\Hudba
2007-09-22 17:02 <DIR> d-------- C:\TTDX
2007-09-21 18:32 <DIR> d-------- C:\Program Files\Inkscape
2007-09-21 17:50 <DIR> d-------- C:\Documents and Settings\S\Application Data\mojosoft
2007-09-05 12:08 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-05 12:08 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-31 14:38 --------- d-----w C:\Documents and Settings\S\Application Data\Hamachi
2007-10-31 11:16 --------- d-----w C:\Documents and Settings\S\Application Data\Skype
2007-10-31 11:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-31 10:56 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-10-30 19:40 --------- d-----w C:\Program Files\ICQLite
2007-10-26 12:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-25 18:10 --------- d-----w C:\Documents and Settings\S\Application Data\Azureus
2007-10-22 15:51 --------- d-----w C:\Program Files\HiDownload
2007-10-21 10:18 --------- d-----w C:\Program Files\Azureus
2007-10-19 15:45 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-02 15:55 --------- d-----w C:\Program Files\EA GAMES
2007-09-27 17:13 --------- d-----w C:\Documents and Settings\S\Application Data\gtk-2.0
2007-09-27 16:35 --------- d-----w C:\Program Files\VirtualDJ
2007-09-25 11:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-08 10:28 --------- d-----w C:\Program Files\SiteAdvisor
2007-09-06 12:12 --------- d-----w C:\Documents and Settings\S\Application Data\Ahead
2007-08-29 14:40 --------- d-----w C:\Program Files\FootballArena
.
((((((((((((((((((((((((((((( snapshot@2007-10-31_14.58.19,12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-31 14:37:56 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_59c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 11:23 C:\WINDOWS\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 18:38]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 16:20]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12]
"ZipTorrent"="C:\Program Files\ZipTorrent\ZipTorrent.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" []
"Live MSN"="C:\Documents and Settings\S\Desktop\kur_setup.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 12:12]
"PVR"="C:\Program Files\XemiComputers\Pocket Voice Recorder\PVR.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" []
"BitComet Acceleration Patch"="C:\Documents and Settings\All Users\Start Menu\Programs\BitComet Acceleration Patch\BitComet Acceleration Patch.lnk" []
"SpyEmergency"="C:\Program Files\Netgate\Spy Emergency 2006\SpyEmergency.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -trayboot
C:\Documents and Settings\S\Start Menu\Programs\Startup\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2007-10-19 16:45:03]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-04-04 11:59:00]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]
QuickTV.lnk - C:\Program Files\AVerTV\QuickTV.exe [2005-02-16 10:34:32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys
R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys
R1 VFILT;Outpost Firewall Kernel Driver;\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe -s
R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL
R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\ARP.DLL
R3 Cap7134;AVerMedia, AVerTV WDM Video Capture (Silicon);C:\WINDOWS\system32\DRIVERS\Cap7134.sys
R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\CONTENT.DLL
R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe -s
R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL
R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL
R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL
R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL
R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL
R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL
R3 PhTVTune;Cap7134 TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL
R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\PROTECT.DLL
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\SECRET.DLL
S4 SandBox;Outpost Firewall Sandbox Driver;\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS
.
Contents of the 'Scheduled Tasks' folder
"2007-08-28 05:22:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-10-31 15:38:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-31 15:40:21 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-31 14:59
.
--- E O F ---
Toto mi vypisalo