Prosím o log

Zpráva

blai · #16 Příspěvek od **blai** » 12 úno 2012 14:56

Jen otázečka.

Trvá to už půl hodiny.Je to v pořádku?A log vyskočí sám nebo ho mám hledat?

blai · #17 Příspěvek od **blai** » 12 úno 2012 16:15

Nechal jsem projet dvakrát tím antivirákem, ale pokaždé se to seklo na 98%.Ale našlo to nějaký virus.Nejde léčit, ale já stím programem neumím.Pokud jsem to dobře pochopil

tak teď mám dát nový log?
Tady je-v nejhorším to smáznem

Logfile of random's system information tool 1.09 (written by random/random)
Run by Krotil at 2012-02-12 16:08:55
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 638 GB (67%) free of 954 GB
Total RAM: 3327 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:09:12, on 12.2.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\Krotil\AppData\Local\temp\RarSFX0\6324704.exe
C:\Users\Krotil\AppData\Local\temp\7394148\6324704.exe
C:\Users\Krotil\Desktop\RSIT.exe
C:\Program Files\trend micro\Krotil.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: _uninst_53949120.lnk = C:\Users\Krotil\AppData\Local\temp\_uninst_53949120.bat
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nwprovau.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

--
End of file - 6861 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2011-05-13 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-10 342128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-10 342128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2010-02-10 1713152]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"NBAgent"=C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-09-28 1406248]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2010-08-16 2736128]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-10-06 39408]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-10-13 17351304]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Image Transfer.lnk]
C:\PROGRA~1\SONYCO~1\IMAGET~1\SonyTray.exe [2002-10-16 73728]

C:\Users\Krotil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
_uninst_53949120.lnk - C:\Users\Krotil\AppData\Local\temp\_uninst_53949120.bat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-05-17 203776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.siren"=sirenacm.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-02-12 14:26:01 ----D---- C:\ProgramData\Kaspersky Lab
2012-02-12 14:25:12 ----A---- C:\Windows\system32\drivers\74644211.sys
2012-02-11 23:38:54 ----A---- C:\ComboFix.txt
2012-02-11 23:34:24 ----D---- C:\$RECYCLE.BIN
2012-02-11 23:21:38 ----A---- C:\Windows\system32\drivers\serial.sys
2012-02-11 21:29:02 ----D---- C:\Windows\temp
2012-02-11 21:11:47 ----A---- C:\Windows\system32\drivers\netbt.sys
2012-02-11 21:11:01 ----A---- C:\Windows\zip.exe
2012-02-11 21:11:01 ----A---- C:\Windows\SWSC.exe
2012-02-11 21:11:01 ----A---- C:\Windows\SWREG.exe
2012-02-11 21:11:01 ----A---- C:\Windows\sed.exe
2012-02-11 21:11:01 ----A---- C:\Windows\PEV.exe
2012-02-11 21:11:01 ----A---- C:\Windows\NIRCMD.exe
2012-02-11 21:11:01 ----A---- C:\Windows\MBR.exe
2012-02-11 21:11:01 ----A---- C:\Windows\grep.exe
2012-02-11 18:57:19 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-02-11 18:57:19 ----D---- C:\Program Files\Spybot - Search & Destroy
2012-02-11 18:27:37 ----A---- C:\Windows\system32\drivers\dfsc.sys
2012-02-11 18:04:01 ----A---- C:\Windows\gmer.ini
2012-02-11 18:03:58 ----A---- C:\Windows\gmer_uninstall.cmd
2012-02-11 18:03:58 ----A---- C:\Windows\gmer.exe
2012-02-11 18:03:58 ----A---- C:\Windows\gmer.dll
2012-02-09 19:40:50 ----D---- C:\Windows\ERDNT
2012-02-09 19:38:14 ----D---- C:\Qoobox
2012-02-09 19:00:54 ----D---- C:\Program Files\trend micro
2012-02-09 19:00:53 ----D---- C:\rsit
2012-02-05 16:55:19 ----ASH---- C:\Windows\system32\dds_trash_log.cmd
2012-02-01 10:55:33 ----A---- C:\Windows\ntbtlog.txt
2012-01-25 18:56:26 ----A---- C:\Windows\system32\webio.dll
2012-01-25 18:56:26 ----A---- C:\Windows\system32\sspisrv.dll
2012-01-25 18:56:26 ----A---- C:\Windows\system32\sspicli.dll
2012-01-25 18:56:26 ----A---- C:\Windows\system32\schannel.dll
2012-01-25 18:56:26 ----A---- C:\Windows\system32\secur32.dll
2012-01-25 18:56:26 ----A---- C:\Windows\system32\lsass.exe
2012-01-25 18:56:26 ----A---- C:\Windows\system32\lsasrv.dll
2012-01-25 18:56:26 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-01-25 18:56:26 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-01-25 18:56:26 ----A---- C:\Windows\system32\drivers\cng.sys
2012-01-19 14:08:54 ----D---- C:\Program Files\TeamViewer

======List of files/folders modified in the last 1 month======

2012-02-12 16:08:37 ----D---- C:\Windows\System32
2012-02-12 16:08:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-02-12 15:33:37 ----D---- C:\Users\Krotil\AppData\Roaming\Skype
2012-02-12 15:33:01 ----D---- C:\Windows\system32\drivers
2012-02-12 15:32:33 ----D---- C:\Windows
2012-02-12 14:26:06 ----SHD---- C:\System Volume Information
2012-02-12 14:26:01 ----D---- C:\ProgramData
2012-02-12 14:21:20 ----D---- C:\Windows\inf
2012-02-11 23:38:10 ----D---- C:\Windows\Tasks
2012-02-11 23:34:28 ----A---- C:\Windows\system.ini
2012-02-11 23:34:21 ----D---- C:\Windows\system32\drivers\etc
2012-02-11 23:32:09 ----D---- C:\Windows\system32\config
2012-02-11 23:29:49 ----D---- C:\Windows\AppPatch
2012-02-11 23:29:48 ----D---- C:\Program Files\Common Files
2012-02-11 23:23:42 ----A---- C:\Windows\system32\cscsvc.dll
2012-02-11 21:54:01 ----D---- C:\ProgramData\AVG2012
2012-02-11 21:54:01 ----D---- C:\Config.Msi
2012-02-11 21:53:11 ----D---- C:\ProgramData\MFAData
2012-02-11 21:52:21 ----SHD---- C:\Windows\Installer
2012-02-11 21:50:45 ----RD---- C:\Program Files
2012-02-11 21:50:40 ----D---- C:\Windows\system32\drivers\AVG
2012-02-11 21:45:53 ----D---- C:\Windows\system32\NDF
2012-02-11 21:39:27 ----D---- C:\Windows\system32\DriverStore
2012-02-11 21:39:27 ----D---- C:\Windows\system32\catroot
2012-02-11 21:37:31 ----D---- C:\Program Files\AVG
2012-02-11 21:37:26 ----D---- C:\Windows\system32\Tasks
2012-02-11 21:37:26 ----AD---- C:\ProgramData\TEMP
2012-02-11 21:13:50 ----D---- C:\Windows\Prefetch
2012-02-11 20:37:26 ----D---- C:\Windows\Minidump
2012-02-11 19:47:10 ----D---- C:\AVGTemp
2012-02-11 19:25:19 ----D---- C:\Windows\system32\catroot2
2012-02-10 10:57:32 ----HD---- C:\Windows\system32\GroupPolicy
2012-01-26 09:57:55 ----D---- C:\Windows\winsxs
2012-01-24 14:53:38 ----A---- C:\Windows\NeroDigital.ini
2012-01-24 14:44:23 ----D---- C:\zaloha

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 74644211;74644211; C:\Windows\system32\DRIVERS\74644211.sys [2012-02-12 133208]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-08-23 14392]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2009-08-04 11296]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 13216]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-11-17 232448]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2010-01-11 1119232]
S1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
S3 .avgldx86;.avgldx86; \? []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-11-18 100352]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-13 4194816]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 catchme;catchme; \??\C:\Users\Krotil\AppData\Local\Temp\catchme.sys []
S3 CFcatchme;CFcatchme; \??\C:\Users\Krotil\AppData\Local\Temp\CFcatchme.sys []
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-22 39272]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 PROCEXP151;PROCEXP151; \??\C:\Windows\system32\Drivers\PROCEXP151.SYS []
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-11-24 172032]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2010-08-16 73728]
R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2011-07-22 690472]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-05-21 615528]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 compaq_rba;Rxfilter; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 TeamViewer7;TeamViewer 7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2011-05-13 1492840]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-10-06 182768]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-27 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------

#18 Příspěvek od **Rudy** » 12 úno 2012 17:29

Zajímalo by mne, kde a jaký virus to našlo?

blai · #19 Příspěvek od **blai** » 12 úno 2012 17:47

Virus.Win32.ZAccess.c

c:\Windows\System32\drivers\cdrom.sys

Stačí takto?

#20 Příspěvek od **Rudy** » 12 úno 2012 18:16

Stáhněte odtud cdrom.sys: http://www.uloz.to/xG3yykd/cdrom-sys a rozbalte ho na plochu. Pak se vraťte k ComboFixu a spusťte jej vytvořeným skriptem:

FCopy::
c:\users\Krotil\plocha\cdrom.sys | c:\Windows\System32\drivers\cdrom.sys

blai · #21 Příspěvek od **blai** » 12 úno 2012 19:23

Provedl jsem, ale log nemohu najít.hledal jsem ho na C:\ComboFix.txt

#22 Příspěvek od **Rudy** » 12 úno 2012 19:36

Zjistěte antivirem, zda je tam ještě nějaká nákazy, zejména pak otestujte ten nově nakopírovaný soubor.

blai · #23 Příspěvek od **blai** » 12 úno 2012 19:43

Vir je tam stále...Žádný jiný škodlivý program to nezjistilo.Ovšem je to zaseklé zase na 98%...

#24 Příspěvek od **Rudy** » 12 úno 2012 21:08

Opět ve stejném souboru?

blai · #25 Příspěvek od **blai** » 12 úno 2012 21:11

Rudy píše:Opět ve stejném souboru?

Přesně tak.Nejde smazat, léčit prostě má z nás strašnou srandu.

#26 Příspěvek od **Rudy** » 12 úno 2012 21:17

Udělejte sken GMER: http://forum.viry.cz/viewtopic.php?f=29&t=62878 a dejte oba logy.

blai · #27 Příspěvek od **blai** » 12 úno 2012 22:08

První log, který jsem našel byl tento druhý scan ješte jede...
Obnovilo se mi připojení k netu

- to je tou předešlkou opravou?

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-12 22:31:11
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EARS-00Y5B1 rev.80.00A80
Running: gmer.exe; Driver: C:\Users\Krotil\AppData\Local\Temp\pwdiipow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----

Process PING.EXE (*** hidden *** ) 3932

---- EOF - GMER 1.0.15 ----

DRUHÝ LOG:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-12 22:26:45
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EARS-00Y5B1 rev.80.00A80
Running: gmer.exe; Driver: C:\Users\Krotil\AppData\Local\Temp\pwdiipow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwAdjustPrivilegesToken [0xAA37CE36]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwAlpcConnectPort [0xAA37F074]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwAlpcCreatePort [0xAA37F2EE]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwAlpcSendWaitReceivePort [0xAA37F564]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwClose [0xAA37D74A]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwConnectPort [0xAA37E57E]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwCreateEvent [0xAA37EAC8]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwCreateFile [0xAA37DA26]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwCreateMutant [0xAA37E9AE]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwCreateNamedPipeFile [0xAA37CA24]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwCreatePort [0xAA37E882]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwCreateSection [0xAA37CBCC]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwCreateSemaphore [0xAA37EBE8]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwCreateThread [0xAA37D3D0]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwCreateThreadEx [0xAA37D4CE]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwCreateUserProcess [0xAA37F7AE]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwCreateWaitablePort [0xAA37E918]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwDebugActiveProcess [0xAA3802D6]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwDeviceIoControlFile [0xAA37DEA8]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwDuplicateObject [0xAA3814E4]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwFsControlFile [0xAA37DCB6]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwLoadDriver [0xAA3803C8]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwMapViewOfSection [0xAA380B30]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwOpenEvent [0xAA37EB5E]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwOpenFile [0xAA37D7CC]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwOpenMutant [0xAA37EA3E]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwOpenProcess [0xAA37D074]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwOpenSection [0xAA3808CA]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwOpenSemaphore [0xAA37EC7E]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwOpenThread [0xAA37CF64]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwQueryDirectoryObject [0xAA37F868]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwQuerySection [0xAA380E6A]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwQueueApcThread [0xAA38075C]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwReplaceKey [0xAA37B6DE]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwReplyPort [0xAA37EFE2]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwReplyWaitReceivePort [0xAA37EEA8]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwRequestWaitReplyPort [0xAA380070]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwRestoreKey [0xAA37BA56]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwResumeThread [0xAA381386]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwSaveKey [0xAA37B676]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwSecureConnectPort [0xAA37E2C4]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwSetContextThread [0xAA37D5EC]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwSetInformationToken [0xAA37F90A]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwSetSecurityObject [0xAA380566]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwSetSystemInformation [0xAA380FBA]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwSuspendProcess [0xAA3810AC]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwSuspendThread [0xAA3811E6]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwSystemDebugControl [0xAA3801FA]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwTerminateProcess [0xAA37D21A]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwTerminateThread [0xAA37D170]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwUnmapViewOfSection [0xAA380D0E]
SSDT \SystemRoot\system32\DRIVERS\6324704drv.sys ZwWriteVirtualMemory [0xAA37D306]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82E54369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E8DD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 82E94D8C 4 Bytes [36, CE, 37, AA]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82E94DB4 8 Bytes [74, F0, 37, AA, EE, F2, 37, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 82E94DF8 4 Bytes [64, F5, 37, AA]
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 82E94E24 4 Bytes [4A, D7, 37, AA] {DEC EDX; XLATB ; AAA ; STOSB }
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82E94E48 4 Bytes [7E, E5, 37, AA] {JLE 0xffffffffffffffe7; AAA ; STOSB }
.text ...
? system32\DRIVERS\55685608.sys Systém nemůže nalézt uvedenou cestu. !
? system32\DRIVERS\cdrom.sys Systém nemůže nalézt uvedenou cestu. !
? system32\DRIVERS\6324704drv.sys Systém nemůže nalézt uvedenou cestu. !
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 B8633000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 B8633123 629 Bytes [E5, 62, B8, FE, 05, 34, E5, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 B8633399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F B86333FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B B86334AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[956] ntdll.dll!NtProtectVirtualMemory 77245F18 5 Bytes JMP 0090000A
.text C:\Windows\system32\svchost.exe[956] ntdll.dll!NtWriteVirtualMemory 77246A98 5 Bytes JMP 009B000A
.text C:\Windows\system32\svchost.exe[956] ntdll.dll!KiUserExceptionDispatcher 77246FE8 5 Bytes JMP 003E000A
? C:\Windows\system32\svchost.exe[956] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch;

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeHeap] 83EC8B55
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeUnicodeString] 458D74EC
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!DbgPrintEx] 15FF50F8
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUpcaseUnicodeChar] [00AEF014] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtClose] 01FC7531
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationFile] 458DF875
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenFile] 15FF508C
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationFile] [00AEF004] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCompareUnicodeString] 458D086A
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAppendUnicodeStringToString] 458D50F8
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAllocateHeap] 15FF508C
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnicodeStringToInteger] [00AEF000] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreatePagingFile] 508C458D
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!_alldiv] F00815FF
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQuerySystemInformation] 458B00AE
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!_allmul] E84533E4
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtFlushKey] 33EC4533
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDeleteValueKey] C3C9F045
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetValueKey] 8BEC8B55
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateKey] EC833040
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCompareMemory] 57565314
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDeviceIoControlFile] D98B388B
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitUnicodeStringEx] EB04708D
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlExtendedIntegerMultiply] 46B70F20
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryVolumeInformationFile] 30448D1A
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationProcess] F0F0681C
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAppendUnicodeToString] 4F5000AE
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitUnicodeString] 00DCAFE8
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetSystemInformation] 85595900
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDosPathNameToNtPathName_U] 811374C0
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlExpandEnvironmentStrings_U] 00011CC6
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryValueKey] [75FF8500] C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateFile] 5FC033DC
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenKey] C2C95B5E
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!_vsnwprintf] 468B0008
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventWrite] F4458908
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventEnabled] 8B0C468B
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetSecurityObject] 45890473
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetOwnerSecurityDescriptor] 74F685F0
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetDaclSecurityDescriptor] D8BB8D77
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAddAccessAllowedAce] 57000000
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateAcl] AF015068
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateSecurityDescriptor] 8D426A00
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAllocateAndInitializeSid] 4E50FC45
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateUnicodeString] F0E015FF
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtReadFile] C08500AE
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!_chkstk] 458D537C
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtMakeTemporaryObject] 046A50EC
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateSymbolicLinkObject] 50F8458D
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenDirectoryObject] [75FF096A] C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAnsiStringToUnicodeString] DC15FFFC
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitAnsiString] 8500AEF0
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!_stricmp] 8B317CC0
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!qsort] 452BF845
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlRandomEx] F0453BF4
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!LdrVerifyImageMatchesChecksumEx] 006A2673
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateDirectoryObject] FFFC75FF
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlEqualUnicodeString] AEF0D415
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!memcpy] 7CC08500
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!_wcsicmp] 0C4D8B17
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetEnvironmentVariable] 1F8B018B
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!iswspace] 8908558B
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlQueryEnvironmentVariable_U] 5F8BC21C
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFindSetBits] C25C8904
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInterlockedSetBitRun] 01894004
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlTestBit] FFFC75FF
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnlockBootStatusData] AEF0D815
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlGetSetBootStatusData] 40C78300
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlLockBootStatusData] 8F75F685
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetSaclSecurityDescriptor] E940C033
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAddMandatoryAce] FFFFFF67
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlLengthSid] 51EC8B55
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlGetAce] 0173A051
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlPrefixUnicodeString] 565300AF
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQuerySymbolicLinkObject] C0BE0F57
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenSymbolicLinkObject] 7D89FF33
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryDirectoryObject] DC2AE8F8
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlTimeToTimeFields] DC8B0000
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSerializeBoot] 45C7F633
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!memset] 001000FC
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtMapViewOfSection] FC458B00
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateSection] 0F73F83B
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlQueryRegistryValues] 11E8C72B
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDosSearchPath_U] 8B0000DC
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtResumeThread] 2BC38BF4
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWaitForSingleObject] 8DF88BC6
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtTerminateProcess] 5750FC45
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDestroyProcessParameters] FF056A56
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateUserProcess] AEF0D015
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateProcessParametersEx] 00043D00
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDisplayString] D574C000
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWriteFile] 047DC085
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!_wcsupr] 60EBC033
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAdjustPrivilege] F003C033
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtInitializeRegistry] 468D016A
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!TpReleaseWork] 18685038
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!TpPostWork] FF00AEF1
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!TpAllocWork] AEF0CC15
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetEvent] [75C08400] C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetCurrentEnvironment] 85068B08
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateEnvironment] EBE375C0
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenEvent] 68006A3C
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetBits] 00040000
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlClearAllBits] F07415FF
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeBitMap] F88B00AE
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcCreatePort] 2974FF85
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationProcess] FF016A57
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateTagHeap] 15FF4476
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleaseSRWLockExclusive] [00AEF020] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquireSRWLockExclusive] 127CC085
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationThread] 8B0C75FF
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationToken] 0875FFCE
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenThreadToken] 81E8C78B
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcImpersonateClientOfPort] 89FFFFFE
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleaseSRWLockShared] FF57F845
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquireSRWLockShared] AEF02415
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!TpSetPoolMinThreads] F8458B00
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcDisconnectPort] 5FEC658D
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeSRWLock] C2C95B5E
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtConnectPort] 8B550008
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!AlpcGetMessageAttribute] 3CEC81EC
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcAcceptConnectPort] 56000002
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcOpenSenderProcess] E856F08B
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcCancelMessage] 0000DB36
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcSendWaitReceivePort] 00803D59
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!AlpcInitializeMessageAttribute] 870F0000
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetThreadIsCritical] 000000AC
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtRequestWaitReplyPort] 0F2E3E80
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDuplicateObject] 0000A384
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateEvent] 858D5600
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlWakeConditionVariable] FFFFFDC8
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlClearBits] AEF12068
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDeleteNoSplay] 15FF5000
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtClearEvent] [00AEF02C] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSleepConditionVariableSRW] FDC8858D
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlWakeAllConditionVariable] 2E6AFFFF
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFindClearBits] DB06E850
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeSid] C4830000
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtRaiseHardError] [74C08514] C:\Windows\system32\schannel.DLL (TLS / SSL Security Provider/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWaitForMultipleObjects] 66C9337B
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!TpAllocAlpcCompletion] C0830889
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!TpAllocPool] F1906802
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetProcessIsCritical] E85000AE
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventRegister] 0000DAF2
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetHeapInformation] C0855959
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeConditionVariable] 858D6275
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDelayExecution] FFFFFDC8
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnicodeStringToAnsiString] CC758D50
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryEvent] 000DFFE8
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleasePrivilege] 19685000
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquirePrivilege] 8D000200
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!LdrQueryImageFileExecutionOptions] FF50FC45
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!wcstoul] AEF03815
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!_wcsnicmp] 7CC08500
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnhandledExceptionFilter] EC458D3F
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnwind] 50106A50
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlNormalizeProcessParams] 2868026A
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlConnectToSm] FF00AEF2
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSendMsgToSm] F633FC75
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] [6CE99832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] [6CE9A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlLockHeap] [6CE994D8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlUnlockHeap] [6CE994E8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] [6CE992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] [6CE99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlDestroyHeap] [6CE994B8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlCreateHeap] [6CE994A8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlExitUserProcess] [6CE9AA9E] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] [6CE99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] [6CE992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] [6CE9A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] [6CE99832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] [6CE992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] [6CE99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [752CFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] [6CE992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] [6CE99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [752CFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] [6CE99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [752CFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] [6CE99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] [6CE992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] [6CE99832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] [6CE99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] [6CE992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] [6CE99832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [752CFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [752CFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] [6CE99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] [6CE992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [752CFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] [6CE99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] [6CE992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] [6CE992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] [6CE99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [752CFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\Iphlpapi.dll [ntdll.dll!RtlFreeHeap] [6CE99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[2596] @ C:\Windows\system32\Iphlpapi.dll [ntdll.dll!RtlAllocateHeap] [6CE992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) 8CD66000-8CD76000 (65536 bytes)

---- Threads - GMER 1.0.15 ----

Thread System [4:1888] B8640F2E

---- Processes - GMER 1.0.15 ----

Process C:\Windows\System32\ping.exe (*** hidden *** ) 3932

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB1865$\2195031452 0 bytes
File C:\Windows\$NtUninstallKB1865$\2195031452\@ 2048 bytes
File C:\Windows\$NtUninstallKB1865$\2195031452\cfg.ini 251 bytes
File C:\Windows\$NtUninstallKB1865$\2195031452\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB1865$\2195031452\L 0 bytes
File C:\Windows\$NtUninstallKB1865$\2195031452\L\xadqgnnk 108544 bytes
File C:\Windows\$NtUninstallKB1865$\2195031452\twl.dll 223744 bytes
File C:\Windows\$NtUninstallKB1865$\2195031452\U 0 bytes
File C:\Windows\$NtUninstallKB1865$\2195031452\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB1865$\2195031452\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB1865$\2195031452\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB1865$\2195031452\U\80000000.@ 66560 bytes
File C:\Windows\$NtUninstallKB1865$\2195031452\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB1865$\2195031452\U\80000032.@ 73216 bytes
File C:\Windows\$NtUninstallKB1865$\2195031452\version 856 bytes
File C:\Windows\$NtUninstallKB1865$\3886658860 0 bytes

---- EOF - GMER 1.0.15 ----

#28 Příspěvek od **Rudy** » 12 úno 2012 22:37

Počkáme ještě na ten druhý a pak napíšu skript.

#29 Příspěvek od **Rudy** » 12 úno 2012 22:48

Spusťte CF tímto skriptem:

Collect::
c:\windows\system32\DRIVERS\55685608.sys
c:\windows\system32\DRIVERS\6324704drv.sys

Driver::
55685608
6324704drv

FCopy::
c:\users\Krotil\plocha\cdrom.sys | c:\windows\system32\DRIVERS\cdrom.sys

blai · #30 Příspěvek od **blai** » 12 úno 2012 23:59

Combofix odinstaluje pokaždé nějaké ovladače na wifi.Jdou opravit jen vyčištěním systému, ale do toho režimu se nemohu nějak dostat

Tady je log :

ComboFix 12-02-11.03 - Krotil 12.02.2012 23:01:44.7.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3327.2492 [GMT 1:00]
Spuštěný z: c:\avgtemp\Combofix\ComboFix.exe
Použité ovládací přepínače :: c:\users\Krotil\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB1865$\2195031452\@
c:\windows\$NtUninstallKB1865$\2195031452\cfg.ini
c:\windows\$NtUninstallKB1865$\2195031452\Desktop.ini
c:\windows\$NtUninstallKB1865$\2195031452\L\xadqgnnk
c:\windows\$NtUninstallKB1865$\2195031452\twl.dll
c:\windows\$NtUninstallKB1865$\2195031452\U\00000001.@
c:\windows\$NtUninstallKB1865$\2195031452\U\00000002.@
c:\windows\$NtUninstallKB1865$\2195031452\U\00000004.@
c:\windows\$NtUninstallKB1865$\2195031452\U\80000000.@
c:\windows\$NtUninstallKB1865$\2195031452\U\80000004.@
c:\windows\$NtUninstallKB1865$\2195031452\U\80000032.@
c:\windows\$NtUninstallKB1865$\2195031452\version
c:\windows\$NtUninstallKB1865$\3886658860
.
---- Předchozí spuštění -------
.
c:\windows\$NtUninstallKB1865$\2195031452\@
c:\windows\$NtUninstallKB1865$\2195031452\cfg.ini
c:\windows\$NtUninstallKB1865$\2195031452\Desktop.ini
c:\windows\$NtUninstallKB1865$\2195031452\L\xadqgnnk
c:\windows\$NtUninstallKB1865$\285007166
.
-- Předchozí spuštění --
.
Nakažená kopie c:\windows\system32\drivers\cdrom.sys byla nalezena a vyléčena.
Obnovena kopie z - The cat found it

c:\windows\system32\drivers\afd.sys chyběl.
Obnovena kopie z - c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
.
c:\windows\system32\drivers\tdx.sys chyběl.
Obnovena kopie z - c:\windows\ERDNT\cache\tdx.sys
.
--------
.
c:\windows\system32\drivers\cdrom.sys chyběl.
Obnovena kopie z - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_55685608
-------\Legacy_6324704DRV
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-12 do 2012-02-12 )))))))))))))))))))))))))))))))
.
.
2012-02-12 22:09 . 2012-02-12 22:12 -------- d-----w- c:\users\Krotil\AppData\Local\temp
2012-02-12 22:09 . 2012-02-12 22:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-12 22:09 . 2010-11-20 08:38 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-02-12 21:43 . 2012-02-12 21:43 -------- d-----w- c:\program files\CCleaner
2012-02-12 18:06 . 2012-01-17 03:39 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1DDCBDA-69B3-4473-9D24-3A85EB062E63}\mpengine.dll
2012-02-12 17:58 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-02-12 13:26 . 2012-02-12 13:26 -------- d-----w- c:\programdata\Kaspersky Lab
2012-02-11 22:21 . 2009-07-13 23:45 83456 ----a-w- c:\windows\system32\drivers\serial.sys
2012-02-11 20:11 . 2012-02-12 14:32 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-11 17:57 . 2012-02-11 18:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-11 17:57 . 2012-02-11 18:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-09 18:00 . 2012-02-12 15:08 -------- d-----w- c:\program files\trend micro
2012-02-09 18:00 . 2012-02-11 18:34 -------- d-----w- C:\rsit
2012-02-05 15:55 . 2012-02-12 22:01 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-01-25 17:56 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-25 17:56 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-25 17:56 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-25 17:56 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-25 17:56 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-25 17:56 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-25 17:56 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-25 17:56 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-25 17:56 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-25 17:56 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-19 13:08 . 2012-01-19 13:08 -------- d-----w- c:\program files\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-12 18:10 . 2011-01-15 08:22 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-08 09:08 . 2011-06-02 10:42 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-02-08 09:08 . 2010-10-22 16:59 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-30 11:12 . 2010-10-22 16:59 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-01-29 04:10 . 2010-10-25 12:45 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-15 13:43 . 2011-11-22 16:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-24 04:25 . 2011-12-15 11:12 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 14:01 . 2012-01-11 11:55 67072 ----a-w- c:\windows\system32\packager.dll
2011-11-17 05:38 . 2012-01-11 11:56 1288472 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 05:34 . 2012-01-25 17:56 224768 ----a-w- c:\windows\system32\schannel.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-06 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2010-02-10 1713152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-09-28 1406248]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Krotil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
_uninst_53949120.lnk - c:\users\Krotil\AppData\Local\temp\_uninst_53949120.bat [N/A]
_uninst_55685608.lnk - c:\users\Krotil\AppData\Local\temp\_uninst_55685608.bat [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Image Transfer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Image Transfer.lnk
backup=c:\windows\pss\Image Transfer.lnk.CommonStartup
backupExtension=.CommonStartup
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
R3 CFcatchme;CFcatchme;c:\users\Krotil\AppData\Local\Temp\CFcatchme.sys [x]
R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-27 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-24 172032]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-07-22 690472]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-17 232448]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-01-11 1119232]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
compaq_rba
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 11:43 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 10.0.18.234 88.86.107.86
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.avgldx86]
"ImagePath"="\?"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\atieclxx.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2012-02-12 23:16:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-12 22:16
ComboFix2.txt 2012-02-11 22:38
ComboFix3.txt 2012-02-11 20:29
.
Před spuštěním: Volných bajtů: 668 151 746 560
Po spuštění: Volných bajtů: 667 952 148 480
.
- - End Of File - - 35DCF02EB0CCBD8F5CA165642D075DF3

VIRY.CZ

Prosím o log

Re: Prosím o log

Re: Prosím o log

Re: Prosím o log

Re: Prosím o log

Re: Prosím o log

Re: Prosím o log

Re: Prosím o log

Re: Prosím o log

Re: Prosím o log

Re: Prosím o log

Re: Prosím o log

Re: Prosím o log

Re: Prosím o log

Re: Prosím o log

Re: Prosím o log