zavirovaný PC, chyba 80072EFD a 80240016

[Vincent]

Dobrý den, mám zavirovaný PC, z nejhoršího jsem ho dostal scanem ESS a programem Malwarebytes, přesto však se mi hlásí chyba 80072EFD při updatu windows. Zřejmě tedy ještě něco zůstalo. Prosím o radu a přikládám log. Díky

Logfile of random's system information tool 1.06 (written by random/random)
Run by Honza at 2009-05-22 13:15:00
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 280 GB (60%) free of 467 GB
Total RAM: 3069 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:15:02, on 22.5.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\mobsync.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Honza\Documents\RSIT.exe
C:\Program Files\trend micro\Honza.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - (no file)
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1400W STD] C:\Windows\system32\MSTMON_Y.EXE STARTUP
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Hledání panelu &AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\cs-CZ\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: ABBYY FineReader 9.0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c98f484d9f520) (gupdate1c98f484d9f520) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10715 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachine.job
C:\Windows\tasks\User_Feed_Synchronization-{EAE89F15-6917-47E6-9672-600F1902C115}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-12-09 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-09-18 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-04-07 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar BHO - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-02-03 1185120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
Burn4Free Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-03-10 2079256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-02-03 1185120]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-12-10 929224]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-12-09 333192]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-03-10 2079256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02 75008]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-04-07 132760]
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-03-09 37888]
"KONICA MINOLTA PagePro 1400W STD"=C:\Windows\system32\MSTMON_Y.EXE [2005-08-22 184320]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2007-12-21 1443072]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2009-02-27 38768]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2009-02-27 640376]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-03-27 24103720]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="acaptuser32.dll"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{241c12c8-c4f2-11dd-9cde-002185580cbc}]
shell\AutoRun\command - J:\flash.exe F:\
shell\Explore\command - J:\flash.exe F:\
shell\Open\command - J:\flash.exe F:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac7a17ce-1543-11de-9d34-002185580cbc}]
shell\AutoRun\command - J:\Autoplay.exe -auto


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-05-21 21:35:15 ----D---- C:\Program Files\trend micro
2009-05-21 21:35:14 ----D---- C:\rsit
2009-05-21 19:00:10 ----D---- C:\Users\Honza\AppData\Roaming\Malwarebytes
2009-05-21 19:00:05 ----D---- C:\ProgramData\Malwarebytes
2009-05-21 19:00:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-14 09:15:57 ----RA---- C:\Windows\system32\AdobePDFUI.dll
2009-05-09 10:08:23 ----D---- C:\Program Files\Elecard
2009-05-03 08:39:03 ----D---- C:\ProgramData\Apple Computer
2009-05-03 08:39:03 ----D---- C:\Program Files\QuickTime
2009-04-28 09:08:38 ----HDC---- C:\ProgramData\{1CFDD724-D742-4A0A-A374-89DBFF6ECA5F}
2009-04-26 11:51:11 ----D---- C:\Users\Honza\AppData\Roaming\ABBYY
2009-04-26 11:45:58 ----D---- C:\ProgramData\ABBYY
2009-04-26 11:45:58 ----D---- C:\Program Files\ABBYY FineReader 9.0
2009-04-26 11:43:13 ----D---- C:\temp
2009-04-24 14:35:45 ----D---- C:\Program Files\Conduit
2009-04-24 14:35:45 ----D---- C:\Program Files\BS_Player

======List of files/folders modified in the last 1 months======

2009-05-22 13:15:02 ----D---- C:\Windows\Prefetch
2009-05-22 13:14:57 ----D---- C:\Windows\Temp
2009-05-22 13:08:04 ----D---- C:\Users\Honza\AppData\Roaming\Skype
2009-05-22 11:43:10 ----D---- C:\Windows\Tasks
2009-05-22 10:09:11 ----D---- C:\Windows
2009-05-22 10:07:27 ----RD---- C:\Program Files
2009-05-22 10:06:08 ----D---- C:\Program Files\Mozilla Firefox
2009-05-22 09:25:11 ----D---- C:\ProgramData\Google Updater
2009-05-22 09:16:21 ----D---- C:\Users\Honza\AppData\Roaming\MxBoost
2009-05-22 09:05:03 ----D---- C:\Windows\System32
2009-05-22 09:05:03 ----D---- C:\Windows\inf
2009-05-22 09:05:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-21 19:51:04 ----D---- C:\Windows\system32\drivers
2009-05-21 19:00:05 ----HD---- C:\ProgramData
2009-05-21 18:28:08 ----D---- C:\Windows\Minidump
2009-05-21 17:05:59 ----D---- C:\Program Files\Maxthon2
2009-05-19 09:35:16 ----SHD---- C:\Windows\Installer
2009-05-17 13:24:45 ----D---- C:\Windows\system32\catroot2
2009-05-09 10:06:22 ----D---- C:\Users\Honza\AppData\Roaming\BSplayer
2009-05-07 11:13:15 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-07 11:13:07 ----D---- C:\Program Files\Common Files
2009-05-07 11:11:51 ----D---- C:\Program Files\Common Files\InstallShield
2009-05-03 08:39:18 ----D---- C:\Program Files\Internet Explorer
2009-04-25 15:35:09 ----SD---- C:\Users\Honza\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdi;epfwtdi; C:\Windows\system32\DRIVERS\epfwtdi.sys [2007-12-21 53768]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090113.002\IDSvix86.sys [2008-10-03 270384]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2008-06-13 24112]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2007-12-21 71176]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-05-15 3691520]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2007-12-21 30728]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-03 2152088]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 118784]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-01-09 124464]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [2004-09-10 84064]
S3 afnf1jt7;afnf1jt7; C:\Windows\system32\drivers\afnf1jt7.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service; C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [2007-09-24 566560]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-05-15 679936]
R2 Automatic LiveUpdate Scheduler;Plánovač automatické aktualizace LiveUpdate; c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-02 94208]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 LiveUpdate Notice;LiveUpdate Notice; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 SentinelProtectionServer;SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2004-09-10 189536]
R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-09-18 1245064]
S2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-09 234888]
S2 gupdate1c98f484d9f520;Služba Google Update (gupdate1c98f484d9f520); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-15 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-01-21 33800]
S3 comHost;COM Host; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-21 55640]
S3 EHttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2007-12-21 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-09 651720]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-09-05 3220856]

-----------------EOF-----------------

[motji]

Dobrý večer
Máte dva bezpečnostní balíky, jeden odinstalujte

Přes přidat/odebrat programy odinstalujte Askbar, a toolbary,které nepoužíváte

fixněte v přejmenovaném HJT C:\Program Files\trend micro\Honza.exe

O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O13 - Gopher Prefix:

z mého podpisu stáhněte Ccleaner, vyčištěte pc, i registry

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem

[Vincent]

Tak jsem udělal všechny kroky, ale update windows stále nejde a stále ukazuje totéž číslo chyby. Přikládám log z combofixu.

ComboFix 09-05-22.07 - Honza 23.05.2009 13:27.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3069.1951 [GMT 2:00]
Spuštěný z: c:\users\Honza\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: ESET Smart Security 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
c:\windows\system32\drivers\ovfsthxuoatvfmi.sys
c:\windows\system32\drivers\ovfsthxvxiijosf.sys
c:\windows\system32\ovfsthxdfwxxinn.dll
c:\windows\system32\ovfsthxhmtehyro.dat
c:\windows\system32\ovfsthxibpqqlyc.dat
c:\windows\system32\ovfsthxncxtpnsw.dll
c:\windows\system32\ovfsthxpmommavt.dat
c:\windows\system32\ovfsthxprdbnqij.dll
c:\windows\system32\ovfsthxqkdwknxb.dll
c:\windows\system32\ovfsthxriqcnlot.dll
c:\windows\system32\ovfsthxrmveqfcc.dll
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthxbexdrepw
-------\Service_ovfsthxdpbsyixi


((((((((((((((((((((((((( Soubory vytvořené od 2009-04-23 do 2009-05-23 )))))))))))))))))))))))))))))))
.

2009-05-23 11:12 . 2009-05-23 11:12 -------- d-----w c:\program files\CCleaner
2009-05-21 19:35 . 2009-05-23 11:10 -------- d-----w c:\program files\trend micro
2009-05-21 19:35 . 2009-05-21 19:35 -------- d-----w C:\rsit
2009-05-21 17:00 . 2009-05-21 17:00 2967799 ----a-w c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-21 17:00 . 2009-05-21 17:00 -------- d-----w c:\users\Honza\AppData\Roaming\Malwarebytes
2009-05-21 17:00 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-21 17:00 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-21 17:00 . 2009-05-21 17:00 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-21 17:00 . 2009-05-21 17:00 -------- d-----w c:\programdata\Malwarebytes
2009-05-14 07:15 . 2008-04-07 03:38 22872 ----a-r c:\windows\system32\AdobePDFUI.dll
2009-05-09 08:08 . 2009-05-09 08:08 -------- d-----w c:\program files\Elecard
2009-05-03 06:39 . 2009-05-03 06:39 -------- d-----w c:\program files\QuickTime
2009-05-03 06:39 . 2009-05-03 06:39 -------- d-----w c:\programdata\Apple Computer
2009-04-26 09:51 . 2009-04-26 09:51 -------- d-----w c:\users\Honza\AppData\Roaming\ABBYY
2009-04-26 09:45 . 2009-04-26 09:49 -------- d-----w c:\program files\ABBYY FineReader 9.0
2009-04-26 09:45 . 2009-04-26 09:45 -------- d-----w c:\users\Honza\AppData\Local\ABBYY
2009-04-26 09:45 . 2009-04-26 09:45 -------- d-----w c:\programdata\ABBYY
2009-04-26 09:43 . 2009-04-26 09:43 -------- d-----w c:\temp\FR90PE
2009-04-26 09:43 . 2009-04-26 09:43 -------- d-----w C:\temp
2009-04-24 12:35 . 2009-04-24 12:35 -------- d-----w c:\program files\BS_Player
2009-04-24 12:35 . 2009-04-24 12:35 -------- d-----w c:\program files\Conduit

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-23 11:32 . 2009-04-14 14:07 -------- d-----w c:\users\Honza\AppData\Roaming\Skype
2009-05-23 11:31 . 2008-11-19 11:04 8224 ----a-w c:\users\Honza\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-23 11:20 . 2009-04-02 16:11 -------- d-----w c:\users\Honza\AppData\Roaming\MxBoost
2009-05-23 11:04 . 2008-09-18 23:31 607288 ----a-w c:\windows\system32\perfh005.dat
2009-05-23 11:04 . 2008-09-18 23:31 119738 ----a-w c:\windows\system32\perfc005.dat
2009-05-23 10:59 . 2008-09-18 14:27 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-23 10:57 . 2008-09-18 14:27 -------- d-----w c:\programdata\Symantec
2009-05-23 08:26 . 2009-02-15 08:32 -------- d-----w c:\programdata\Google Updater
2009-05-21 15:05 . 2009-04-02 16:10 -------- d-----w c:\program files\Maxthon2
2009-05-09 08:06 . 2009-02-08 09:15 -------- d-----w c:\users\Honza\AppData\Roaming\BSplayer
2009-05-07 09:13 . 2008-09-18 14:08 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-07 09:11 . 2008-09-18 14:08 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-28 07:08 . 2009-04-28 07:08 -------- dc-h--w c:\programdata\{1CFDD724-D742-4A0A-A374-89DBFF6ECA5F}
2009-04-24 16:14 . 2008-11-19 11:49 680 ----a-w c:\users\Honza\AppData\Local\d3d9caps.dat
2009-04-15 07:45 . 2009-03-30 08:36 -------- d-----w c:\users\Honza\AppData\Roaming\Trados
2009-04-14 14:17 . 2009-04-14 14:11 -------- d-----w c:\program files\ICQ6.5
2009-04-14 14:17 . 2009-04-14 14:11 -------- d-----w c:\users\Honza\AppData\Roaming\ICQ
2009-04-14 14:12 . 2009-04-14 14:12 -------- d-----w c:\programdata\ICQ
2009-04-14 14:07 . 2009-04-14 14:07 -------- d-----r c:\program files\Skype
2009-04-14 14:07 . 2009-04-14 14:06 -------- d-----w c:\programdata\Skype
2009-04-10 12:24 . 2009-03-28 05:43 -------- d-----w c:\program files\Safari
2009-04-10 12:23 . 2009-04-10 12:23 -------- d-----w c:\program files\Bonjour
2009-04-10 06:53 . 2009-04-10 06:43 -------- d-----w c:\users\Honza\AppData\Roaming\Winamp
2009-04-10 06:43 . 2008-11-27 14:10 -------- d-----w c:\program files\Winamp
2009-04-10 06:43 . 2009-04-10 06:43 -------- d-----w c:\program files\Common Files\PX Storage Engine
2009-04-09 15:56 . 2009-04-09 15:56 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-09 15:55 . 2008-11-19 10:58 -------- d-----w c:\program files\Common Files\Adobe
2009-04-02 15:35 . 2009-04-02 15:35 -------- d-----w c:\program files\Opera
2009-03-31 18:06 . 2009-03-31 18:06 -------- d-----w c:\program files\TRADOS
2009-03-30 15:39 . 2009-03-30 15:39 -------- d-----w c:\program files\MSXML 4.0
2009-03-30 07:50 . 2009-03-30 07:50 -------- d-----w c:\program files\SafeNet Sentinel
2009-03-30 07:50 . 2009-03-30 07:50 -------- d-----w c:\program files\Common Files\SafeNet Sentinel
2009-03-29 14:13 . 2009-03-29 14:13 -------- d-----w c:\program files\ToniArts
2009-03-29 11:35 . 2009-03-29 11:35 93 ----a-w c:\users\Honza\AppData\Local\fusioncache.dat
2009-03-28 06:53 . 2009-03-28 06:53 -------- d-----w c:\program files\ESET
2009-03-28 06:24 . 2009-03-28 05:46 -------- d-----w c:\users\Honza\AppData\Roaming\Apple Computer
2009-03-28 05:44 . 2009-03-28 05:44 -------- d-----w c:\programdata\Apple
2009-03-28 05:44 . 2009-03-28 05:44 -------- d-----w c:\program files\Apple Software Update
2009-03-20 11:37 . 2009-03-20 11:37 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-20 03:31 . 2009-04-28 07:08 262424 -c--a-w c:\programdata\{1CFDD724-D742-4A0A-A374-89DBFF6ECA5F}\OFFLINE\D5797E3B\3E688669\stbYahoo9.dll
2009-03-20 03:31 . 2009-04-28 07:08 250136 -c--a-w c:\programdata\{1CFDD724-D742-4A0A-A374-89DBFF6ECA5F}\OFFLINE\6216A4BD\3E688669\stbYahoo8.dll
2009-03-20 03:31 . 2009-04-28 07:08 848152 -c--a-w c:\programdata\{1CFDD724-D742-4A0A-A374-89DBFF6ECA5F}\OFFLINE\B75FA91E\3E688669\stbsvc.exe
2009-03-20 03:31 . 2009-04-28 07:08 196888 -c--a-w c:\programdata\{1CFDD724-D742-4A0A-A374-89DBFF6ECA5F}\OFFLINE\mFileBagIDE.dll\bag\stbsh.dll
2009-03-20 03:31 . 2009-04-28 07:08 479512 -c--a-w c:\programdata\{1CFDD724-D742-4A0A-A374-89DBFF6ECA5F}\OFFLINE\mFileBagIDE.dll\bag\stbpx.exe
2009-03-20 03:31 . 2009-04-28 07:08 225560 -c--a-w c:\programdata\{1CFDD724-D742-4A0A-A374-89DBFF6ECA5F}\OFFLINE\628759C1\3E688669\stbOLEX.dll
2009-03-20 03:31 . 2009-04-28 07:08 200984 -c--a-w c:\programdata\{1CFDD724-D742-4A0A-A374-89DBFF6ECA5F}\OFFLINE\A26F7F7\3E688669\stbOL.dll
2009-03-08 11:34 . 2009-04-14 06:20 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-04-14 06:20 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-04-14 06:20 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-04-14 06:20 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-04-14 06:20 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-14 06:20 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-14 06:20 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-14 06:20 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-14 06:20 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-14 06:20 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-04-14 06:20 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-04-14 06:20 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-04-14 06:20 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-04-14 06:20 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-04-14 06:20 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-04-14 06:20 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-04-14 06:20 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-04-14 06:20 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-05 06:55 . 2009-03-31 06:23 4604240 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{E725D9C6-5EDE-4EAA-9F51-F0B9EB8E78F8}\mpengine.dll
2009-02-27 10:55 . 2009-04-09 16:03 111992 ----a-w c:\windows\system32\acaptuser32.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-12-03 11:25 . 2008-12-03 11:25 22 --sha-w c:\windows\SMINST\HPCD.sys
2008-09-18 23:46 . 2008-09-18 23:46 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-03-10 09:47 2079256 ----a-w c:\program files\BS_Player\tbBS_P.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-04-07 132760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"KONICA MINOLTA PagePro 1400W STD"="c:\windows\system32\MSTMON_Y.EXE" [2005-08-22 184320]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{FA210998-166D-461D-AF46-0135C7AB9D49}c:\\users\\honza\\appdata\\roaming\\maxthon2\\modules\\mxdownloader\\mxdownloadserver.exe"= UDP:c:\users\honza\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe:mxdownloadserver.exe
"UDP Query User{ED2C66EA-2F8B-47A7-9FB0-233949A57052}c:\\users\\honza\\appdata\\roaming\\maxthon2\\modules\\mxdownloader\\mxdownloadserver.exe"= TCP:c:\users\honza\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe:mxdownloadserver.exe
"TCP Query User{D44CBAE0-EEF4-4825-947B-5E35D5AEDD27}c:\\users\\honza\\desktop\\dc\\strongdc.exe"= UDP:c:\users\honza\desktop\dc\strongdc.exe:strongdc.exe
"UDP Query User{C64795BA-4569-4575-8746-DEA4B983D93D}c:\\users\\honza\\desktop\\dc\\strongdc.exe"= TCP:c:\users\honza\desktop\dc\strongdc.exe:strongdc.exe
"{1EFE59AE-9336-4509-9F95-022008478FBF}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CDBCFFFF-1572-42E3-995B-7C403804815E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BDF0098B-EC1B-4288-9152-E5E722305CF8}"= c:\program files\Skype\Phone\Skype.exe:Skype

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [24.9.2007 19:11 566560]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 9:21 468224]
S2 gupdate1c98f484d9f520;Služba Google Update (gupdate1c98f484d9f520);c:\program files\Google\Update\GoogleUpdate.exe [15.2.2009 10:33 133104]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-05-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-15 17:29]

2009-05-23 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 08:32]

2009-05-22 c:\windows\Tasks\User_Feed_Synchronization-{EAE89F15-6917-47E6-9672-600F1902C115}.job
- c:\windows\system32\msfeedssync.exe [2009-04-14 11:31]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-procexp90.Sys


.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=84&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Hledání panelu &AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\cs-CZ\local\search.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-23 13:32
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\windows\system32\drivers\ovfsthxuoatvfmi.sys 81920 bytes executable
c:\windows\system32\ovfsthxikvrxjbd.dll 18944 bytes executable
c:\windows\system32\ovfsthxppnipefv.dll 18432 bytes executable
c:\windows\system32\ovfsthxseqreciy.dll 60928 bytes executable
c:\windows\system32\ovfsthxtkvqyqid.dat 1361 bytes
c:\users\Honza\AppData\Local\Temp\ovfsthx000 0 bytes

sken byl úspešně dokončen
skryté soubory: 6

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ovfsthxbexdrepw]
"imagepath"="\systemroot\system32\drivers\ovfsthxuoatvfmi.sys"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ovfsthxbexdrepw]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthxuoatvfmi.sys"
"inst"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\windows\System32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\conime.exe
c:\hp\KBD\kbd.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
.
**************************************************************************
.
Celkový čas: 2009-05-23 13:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-05-23 11:34

Před spuštěním: Volných bajtů: 299 137 921 024
Po spuštění: Volných bajtů: 299 120 570 368

250 --- E O F --- 2009-04-01 06:49

[motji]

Musíte mít trpělivost, měl jste pořádně zavirovaný pc

Dejte soubor otestovat na http://www.virustotal.com
c:\windows\system32\AdobePDFUI.dll

Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
Sem vložte link s výsledky.

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

KillAll::
Reglock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ovfsthxbexdrepw]
File:: 
c:\windows\system32\drivers\ovfsthxuoatvfmi.sys 
c:\windows\system32\ovfsthxikvrxjbd.dll 
c:\windows\system32\ovfsthxppnipefv.dll 
c:\windows\system32\ovfsthxseqreciy.dll 
c:\windows\system32\ovfsthxtkvqyqid.dat 
rootkit::
c:\windows\system32\drivers\ovfsthxuoatvfmi.sys 
Folder::
C:\Program Files\AskBarDis
Registry:: 
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ovfsthxbexdrepw]
Driver:: 
ASKUpgrade

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci


Až po combofixu
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

[Vincent]

Dobrý den,
Došel jsem až k poslednímu bodu, nepodařilo se mi ale udělat druhý scan v programu gmer, pokaždé Windows nahlásil chybu a vypnul ho. Zkoušel jsem to neúspěšně i s vypnutým antivirem. Přikládám aspoň výsledky toho, co se povedlo. Zatím mockrát děkuju!

zde je požadovaný link: http://www.virustotal.com/cs/analisis/2 ... 1243162013

log z combofixu:

ComboFix 09-05-22.07 - Honza 24.05.2009 13:06.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3069.2198 [GMT 2:00]
Spuštěný z: c:\users\Honza\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Honza\Desktop\CFScript.txt.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: ESET Smart Security 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
c:\windows\system32\drivers\ovfsthxuoatvfmi.sys
c:\windows\system32\ovfsthxikvrxjbd.dll
c:\windows\system32\ovfsthxppnipefv.dll
c:\windows\system32\ovfsthxseqreciy.dll
c:\windows\system32\ovfsthxtkvqyqid.dat
.
PEV Error: LocalSettingsFile

((((((((((((((((((((((((( Soubory vytvořené od 2009-04-24 do 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-23 13:24 . 2009-05-23 13:24 -------- d-----w c:\programdata\WindowsSearch
2009-05-23 11:12 . 2009-05-23 11:12 -------- d-----w c:\program files\CCleaner
2009-05-21 19:35 . 2009-05-23 11:10 -------- d-----w c:\program files\trend micro
2009-05-21 19:35 . 2009-05-21 19:35 -------- d-----w C:\rsit
2009-05-21 17:00 . 2009-05-21 17:00 2967799 ----a-w c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-21 17:00 . 2009-05-21 17:00 -------- d-----w c:\users\Honza\AppData\Roaming\Malwarebytes
2009-05-21 17:00 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-21 17:00 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-21 17:00 . 2009-05-21 17:00 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-21 17:00 . 2009-05-21 17:00 -------- d-----w c:\programdata\Malwarebytes
2009-05-14 07:15 . 2008-04-07 03:38 22872 ----a-r c:\windows\system32\AdobePDFUI.dll
2009-05-09 08:08 . 2009-05-09 08:08 -------- d-----w c:\program files\Elecard
2009-05-03 06:39 . 2009-05-03 06:39 -------- d-----w c:\program files\QuickTime
2009-05-03 06:39 . 2009-05-03 06:39 -------- d-----w c:\programdata\Apple Computer
2009-04-26 09:51 . 2009-04-26 09:51 -------- d-----w c:\users\Honza\AppData\Roaming\ABBYY
2009-04-26 09:45 . 2009-04-26 09:49 -------- d-----w c:\program files\ABBYY FineReader 9.0
2009-04-26 09:45 . 2009-04-26 09:45 -------- d-----w c:\users\Honza\AppData\Local\ABBYY
2009-04-26 09:45 . 2009-04-26 09:45 -------- d-----w c:\programdata\ABBYY
2009-04-26 09:43 . 2009-04-26 09:43 -------- d-----w c:\temp\FR90PE
2009-04-26 09:43 . 2009-04-26 09:43 -------- d-----w C:\temp
2009-04-24 12:35 . 2009-04-24 12:35 -------- d-----w c:\program files\BS_Player
2009-04-24 12:35 . 2009-04-24 12:35 -------- d-----w c:\program files\Conduit

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 11:11 . 2009-04-14 14:07 -------- d-----w c:\users\Honza\AppData\Roaming\Skype
2009-05-24 11:05 . 2009-04-02 16:11 -------- d-----w c:\users\Honza\AppData\Roaming\MxBoost
2009-05-24 10:49 . 2008-09-18 23:31 607288 ----a-w c:\windows\system32\perfh005.dat
2009-05-24 10:49 . 2008-09-18 23:31 119738 ----a-w c:\windows\system32\perfc005.dat
2009-05-24 09:27 . 2009-02-15 08:32 -------- d-----w c:\programdata\Google Updater
2009-05-23 11:31 . 2008-11-19 11:04 80256 ----a-w c:\users\Honza\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-23 10:59 . 2008-09-18 14:27 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-23 10:57 . 2008-09-18 14:27 -------- d-----w c:\programdata\Symantec
2009-05-21 15:05 . 2009-04-02 16:10 -------- d-----w c:\program files\Maxthon2
2009-05-09 08:06 . 2009-02-08 09:15 -------- d-----w c:\users\Honza\AppData\Roaming\BSplayer
2009-05-07 09:13 . 2008-09-18 14:08 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-07 09:11 . 2008-09-18 14:08 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-28 07:08 . 2009-04-28 07:08 -------- dc-h--w c:\programdata\{1CFDD724-D742-4A0A-A374-89DBFF6ECA5F}
2009-04-24 16:14 . 2008-11-19 11:49 680 ----a-w c:\users\Honza\AppData\Local\d3d9caps.dat
2009-04-15 07:45 . 2009-03-30 08:36 -------- d-----w c:\users\Honza\AppData\Roaming\Trados
2009-04-14 14:17 . 2009-04-14 14:11 -------- d-----w c:\program files\ICQ6.5
2009-04-14 14:17 . 2009-04-14 14:11 -------- d-----w c:\users\Honza\AppData\Roaming\ICQ
2009-04-14 14:12 . 2009-04-14 14:12 -------- d-----w c:\programdata\ICQ
2009-04-14 14:07 . 2009-04-14 14:07 -------- d-----r c:\program files\Skype
2009-04-14 14:07 . 2009-04-14 14:06 -------- d-----w c:\programdata\Skype
2009-04-10 12:24 . 2009-03-28 05:43 -------- d-----w c:\program files\Safari
2009-04-10 12:23 . 2009-04-10 12:23 -------- d-----w c:\program files\Bonjour
2009-04-10 06:53 . 2009-04-10 06:43 -------- d-----w c:\users\Honza\AppData\Roaming\Winamp
2009-04-10 06:43 . 2008-11-27 14:10 -------- d-----w c:\program files\Winamp
2009-04-10 06:43 . 2009-04-10 06:43 -------- d-----w c:\program files\Common Files\PX Storage Engine
2009-04-09 15:56 . 2009-04-09 15:56 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-09 15:55 . 2008-11-19 10:58 -------- d-----w c:\program files\Common Files\Adobe
2009-04-02 15:35 . 2009-04-02 15:35 -------- d-----w c:\program files\Opera
2009-03-31 18:06 . 2009-03-31 18:06 -------- d-----w c:\program files\TRADOS
2009-03-30 15:39 . 2009-03-30 15:39 -------- d-----w c:\program files\MSXML 4.0
2009-03-30 07:50 . 2009-03-30 07:50 -------- d-----w c:\program files\SafeNet Sentinel
2009-03-30 07:50 . 2009-03-30 07:50 -------- d-----w c:\program files\Common Files\SafeNet Sentinel
2009-03-29 14:13 . 2009-03-29 14:13 -------- d-----w c:\program files\ToniArts
2009-03-29 11:35 . 2009-03-29 11:35 93 ----a-w c:\users\Honza\AppData\Local\fusioncache.dat
2009-03-28 06:53 . 2009-03-28 06:53 -------- d-----w c:\program files\ESET
2009-03-28 06:24 . 2009-03-28 05:46 -------- d-----w c:\users\Honza\AppData\Roaming\Apple Computer
2009-03-28 05:44 . 2009-03-28 05:44 -------- d-----w c:\programdata\Apple
2009-03-28 05:44 . 2009-03-28 05:44 -------- d-----w c:\program files\Apple Software Update
2009-03-20 11:37 . 2009-03-20 11:37 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-20 03:31 . 2009-04-28 07:08 262424 -c--a-w c:\programdata\{1CFDD724-D742-4A0A-A374-89DBFF6ECA5F}\OFFLINE\D5797E3B\3E688669\stbYahoo9.dll
2009-03-20 03:31 . 2009-04-28 07:08 250136 -c--a-w c:\programdata\{1CFDD724-D742-4A0A-A374-89DBFF6ECA5F}\OFFLINE\6216A4BD\3E688669\stbYahoo8.dll
2009-03-20 03:31 . 2009-04-28 07:08 848152 -c--a-w c:\programdata\{1CFDD724-D742-4A0A-A374-89DBFF6ECA5F}\OFFLINE\B75FA91E\3E688669\stbsvc.exe
2009-03-20 03:31 . 2009-04-28 07:08 196888 -c--a-w c:\programdata\{1CFDD724-D742-4A0A-A374-89DBFF6ECA5F}\OFFLINE\mFileBagIDE.dll\bag\stbsh.dll
2009-03-20 03:31 . 2009-04-28 07:08 479512 -c--a-w c:\programdata\{1CFDD724-D742-4A0A-A374-89DBFF6ECA5F}\OFFLINE\mFileBagIDE.dll\bag\stbpx.exe
2009-03-20 03:31 . 2009-04-28 07:08 225560 -c--a-w c:\programdata\{1CFDD724-D742-4A0A-A374-89DBFF6ECA5F}\OFFLINE\628759C1\3E688669\stbOLEX.dll
2009-03-20 03:31 . 2009-04-28 07:08 200984 -c--a-w c:\programdata\{1CFDD724-D742-4A0A-A374-89DBFF6ECA5F}\OFFLINE\A26F7F7\3E688669\stbOL.dll
2009-03-08 11:34 . 2009-04-14 06:20 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-04-14 06:20 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-04-14 06:20 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-04-14 06:20 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-04-14 06:20 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-14 06:20 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-14 06:20 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-14 06:20 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-14 06:20 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-14 06:20 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-04-14 06:20 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-04-14 06:20 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-04-14 06:20 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-04-14 06:20 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-04-14 06:20 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-04-14 06:20 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-04-14 06:20 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-04-14 06:20 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-05 06:55 . 2009-03-31 06:23 4604240 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{E725D9C6-5EDE-4EAA-9F51-F0B9EB8E78F8}\mpengine.dll
2009-02-27 10:55 . 2009-04-09 16:03 111992 ----a-w c:\windows\system32\acaptuser32.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-12-03 11:25 . 2008-12-03 11:25 22 --sha-w c:\windows\SMINST\HPCD.sys
2008-09-18 23:46 . 2008-09-18 23:46 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-05-23_11.31.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-05-24 10:43 50400 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-05-24 10:43 87162 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-19 11:04 . 2009-05-24 09:27 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-19 11:04 . 2009-05-23 11:30 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-19 11:04 . 2009-05-24 09:27 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-19 11:04 . 2009-05-23 11:30 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-19 11:04 . 2009-05-23 11:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-19 11:04 . 2009-05-24 09:27 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-19 10:58 . 2009-05-24 10:43 9304 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1215813340-2101597708-3085988835-1000_UserData.bin
+ 2006-11-02 10:33 . 2009-05-24 10:49 595748 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-23 11:04 595748 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-23 11:04 105078 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-05-24 10:49 105078 c:\windows\System32\perfc009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-03-10 09:47 2079256 ----a-w c:\program files\BS_Player\tbBS_P.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-04-07 132760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"KONICA MINOLTA PagePro 1400W STD"="c:\windows\system32\MSTMON_Y.EXE" [2005-08-22 184320]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{FA210998-166D-461D-AF46-0135C7AB9D49}c:\\users\\honza\\appdata\\roaming\\maxthon2\\modules\\mxdownloader\\mxdownloadserver.exe"= UDP:c:\users\honza\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe:mxdownloadserver.exe
"UDP Query User{ED2C66EA-2F8B-47A7-9FB0-233949A57052}c:\\users\\honza\\appdata\\roaming\\maxthon2\\modules\\mxdownloader\\mxdownloadserver.exe"= TCP:c:\users\honza\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe:mxdownloadserver.exe
"TCP Query User{D44CBAE0-EEF4-4825-947B-5E35D5AEDD27}c:\\users\\honza\\desktop\\dc\\strongdc.exe"= UDP:c:\users\honza\desktop\dc\strongdc.exe:strongdc.exe
"UDP Query User{C64795BA-4569-4575-8746-DEA4B983D93D}c:\\users\\honza\\desktop\\dc\\strongdc.exe"= TCP:c:\users\honza\desktop\dc\strongdc.exe:strongdc.exe
"{1EFE59AE-9336-4509-9F95-022008478FBF}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CDBCFFFF-1572-42E3-995B-7C403804815E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BDF0098B-EC1B-4288-9152-E5E722305CF8}"= c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [24.9.2007 19:11 566560]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 9:21 468224]
S2 gupdate1c98f484d9f520;Služba Google Update (gupdate1c98f484d9f520);c:\program files\Google\Update\GoogleUpdate.exe [15.2.2009 10:33 133104]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-05-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-15 17:29]

2009-05-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 08:32]

2009-05-23 c:\windows\Tasks\User_Feed_Synchronization-{EAE89F15-6917-47E6-9672-600F1902C115}.job
- c:\windows\system32\msfeedssync.exe [2009-04-14 11:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=84&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Hledání panelu &AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\cs-CZ\local\search.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 13:09
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\windows\System32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\hp\KBD\kbd.exe
.
**************************************************************************
.
Celkový čas: 2009-05-24 13:13 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-05-24 11:13
ComboFix2.txt 2009-05-23 11:34

Před spuštěním: Volných bajtů: 300 471 595 008
Po spuštění: Volných bajtů: 300 491 436 032

240 --- E O F --- 2009-04-01 06:49


Zde první log z gmeru:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-24 13:31:13
Windows 6.0.6001 Service Pack 1


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 851281F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\tdx \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\tdx \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\tdx \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\tdx \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

---- EOF - GMER 1.0.15 ----

[motji]

Stáhněte
http://rootrepeal.googlepages.com/RootRepeal.zip
-Stáhněte,rozbalte a spusťte
-vyberte záložku Files, klikněte na Scan,
-proběhne sken, po něm klikněte na Save Report , tím se uloží log, který zkopírujete sem

[Vincent]

zdravím, zde je log z RootRepeal:

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/05/25 09:38
Program Version: Version 1.2.3.0
Windows Version: Windows Vista SP1
==================================================

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector
Status: Locked to the Windows API!

Path: C:\System Volume Information\{15894f0a-4857-11de-b45c-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1a4d0cdc-2514-11de-b8b0-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1ae995e7-28b6-11de-ad1d-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1ae99609-28b6-11de-ad1d-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1c679948-251d-11de-a04f-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1d7f1de8-478d-11de-bf2e-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3d19a602-258e-11de-8799-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3D19A~2
Status: Locked to the Windows API!

Path: C:\System Volume Information\{4043872c-1e1f-11de-ae44-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{43bcc748-1e88-11de-bea8-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{878bfb39-1f72-11de-bb16-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8c8dc7a9-1e1d-11de-844d-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8f4568d6-1d02-11de-88df-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8fd466a9-1cea-11de-bac4-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8fd466af-1cea-11de-bac4-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8fd466bb-1cea-11de-bac4-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8fd466d6-1cea-11de-bac4-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8fd466dd-1cea-11de-bac4-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8fd466e9-1cea-11de-bac4-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8fd466ef-1cea-11de-bac4-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d8e112ef-1c6c-11de-b382-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{5b830e80-1f9c-11de-a26d-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{670a3034-2984-11de-b0f4-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{748502d4-2cb2-11de-a18d-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7564f1c8-2a3b-11de-bd22-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7947aec8-1dbb-11de-a7f3-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7947af07-1dbb-11de-a7f3-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7947af0d-1dbb-11de-a7f3-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7947af13-1dbb-11de-a7f3-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{be27913b-1ef8-11de-b17e-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c330fb10-1f90-11de-ad6d-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9e23ae99-1c5d-11de-b6c7-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9e23aea8-1c5d-11de-b6c7-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9e23aeae-1c5d-11de-b6c7-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9e23aeb7-1c5d-11de-b6c7-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9e23aebd-1c5d-11de-b6c7-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{acbbad49-2e3e-11de-96c6-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b13debcd-1d00-11de-a579-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b13debd7-1d00-11de-a579-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{4ee6ea59-1d04-11de-a1b7-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{4ee6ea8c-1d04-11de-a1b7-002185580cbc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\temp\HTTC726.tmp
Status: Allocation size mismatch (API: 592, Raw: 520)

Path: C:\Windows\temp\HTTCB85.tmp
Status: Allocation size mismatch (API: 664, Raw: 520)

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_58b1a5ca663317c4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_bdf22a22ab9e15d5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_5d1777c2e857a23b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_5c400d5e63e93b68.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7658964504b9f3b6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.1.0.0_none_6c030d6fdc86522c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b81d038aaf540e86.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_db5f5c9d98cb161f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_5ce47260749ddc2c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_dc9917e997f80c63.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e507087.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b59bae9d65014b98.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_5926f98ceadc42c2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\$$DeleteMe.wininet.dll.01c9bcc98b85449b.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18203_none_b4e61c85d6c731a6\$$DeleteMe.urlmon.dll.01c9bcc98cc8f363.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18203_none_47a6af038c817696\$$DeleteMe.iertutil.dll.01c9bcc98ba1d407.0001
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl
Status: Allocation size mismatch (API: 16384, Raw: 4096)

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Locked to the Windows API!

Path: C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Cookies\honza@adfox[2].txt
Status: Invisible to the Windows API!

Path: C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Cookies\honza@hit.gemius[2].txt
Status: Invisible to the Windows API!

Path: C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Cookies\honza@adfox[1].txt
Status: Visible to the Windows API, but not on disk.

Path: C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Cookies\honza@domaci.ihned[1].txt
Status: Visible to the Windows API, but not on disk.

Path: C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Cookies\honza@hit.gemius[1].txt
Status: Visible to the Windows API, but not on disk.

Path: C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Cookies\honza@myao.adocean[1].txt
Status: Visible to the Windows API, but not on disk.

Path: C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Cookies\honza@search.etargetnet[2].txt
Status: Visible to the Windows API, but not on disk.

Path: C:\Users\Honza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L1K56EK3\bind[1].txt
Status: Allocation size mismatch (API: 520, Raw: 448)

Path: D:\autorun.inf\lpt3.This folder was created by Flash_Disinfector
Status: Locked to the Windows API!

[motji]

Start - ovládací panely - možnosti složky - zobrazení - odkrýt skryté a systémové soubory

Dejte soubor otestovat na www.virustotal.com
C:\Windows\temp\HTTC726.tmp
C:\Windows\temp\HTTCB85.tmp
Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
Sem vložte link s výsledky.

Klikněte mi do podpisu na SVI a podle návodu zapněte a vypněte obnovu systému,

[Vincent]

tento soubor C:\Windows\temp\HTTCB85.tmp jsem bohužel nenašel. Zde je link na výsledek testu toho prvního souboru:
http://www.virustotal.com/cs/analisis/6 ... 1243238375

[motji]

zkuste spustit ten gmer v nouzovém režimu. Kdyby to nešlo, nevadí, místo toho udělejte kontrolu
AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

[Vincent]

tak se mi to povedlo otestovat gmerem a zde je výsledek:


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-25 10:55:16
Windows 6.0.6001 Service Pack 1


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 851281F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\tdx \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\tdx \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\tdx \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\tdx \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

---- EOF - GMER 1.0.15 ----




GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-25 11:23:57
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

INT 0x51 ? 84797BF8
INT 0x61 ? 865DCBF8
INT 0x72 ? 865DCBF8
INT 0x92 ? 865DCBF8
INT 0xA2 ? 865DCBF8
INT 0xB2 ? 84797BF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\sppp.sys Systém nemůže nalézt uvedenou cestu. !
.text USBPORT.SYS!DllUnload 8A54246F 5 Bytes JMP 865DC1D8
.text ackdx8xw.SYS 8A596000 22 Bytes [26, 62, 1C, 82, 10, 61, 1C, ...]
.text ackdx8xw.SYS 8A596017 145 Bytes [00, 32, C7, 79, 80, 3D, C5, ...]
.text ackdx8xw.SYS 8A5960A9 35 Bytes [90, E5, 81, A0, 87, E5, 81, ...]
.text ackdx8xw.SYS 8A5960CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]
.text ackdx8xw.SYS 8A5960DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[2248] kernel32.dll!SetUnhandledExceptionFilter 76F26E2D 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] USER32.dll!SetWindowPlacement 77C779BB 5 Bytes JMP 6301D224 c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] USER32.dll!MoveWindow 77C7E01B 5 Bytes JMP 6301D5DE c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] USER32.dll!DefWindowProcA 77C7F9E1 5 Bytes JMP 630019B1 c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] USER32.dll!SetWindowLongA 77C80736 1 Byte [E9]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] USER32.dll!SetWindowLongA 77C80736 5 Bytes JMP 6301D03A c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] USER32.dll!SetWindowLongW 77C81F35 5 Bytes JMP 6301D0A8 c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] USER32.dll!SetWindowPos 77C821FE 5 Bytes JMP 6301D7E9 c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] USER32.dll!GetWindowLongA 77C893DA 5 Bytes JMP 6301D116 c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] USER32.dll!GetWindowLongW 77C8F67F 5 Bytes JMP 6301D19A c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] USER32.dll!DefWindowProcW 77C904BD 5 Bytes JMP 630019E0 c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] USER32.dll!GetWindowRect 77C90562 5 Bytes JMP 6301D9FE c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] USER32.dll!GetWindowPlacement 77CA3A55 5 Bytes JMP 6301D3CB c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806936D2] \SystemRoot\System32\Drivers\sppp.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80693040] \SystemRoot\System32\Drivers\sppp.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806937FC] \SystemRoot\System32\Drivers\sppp.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806930BE] \SystemRoot\System32\Drivers\sppp.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069313C] \SystemRoot\System32\Drivers\sppp.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A3048] \SystemRoot\System32\Drivers\sppp.sys
IAT \SystemRoot\System32\Drivers\ackdx8xw.SYS[ataport.SYS!AtaPortNotification] CC000CC2
IAT \SystemRoot\System32\Drivers\ackdx8xw.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55
IAT \SystemRoot\System32\Drivers\ackdx8xw.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC
IAT \SystemRoot\System32\Drivers\ackdx8xw.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33
IAT \SystemRoot\System32\Drivers\ackdx8xw.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC
IAT \SystemRoot\System32\Drivers\ackdx8xw.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845
IAT \SystemRoot\System32\Drivers\ackdx8xw.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A
IAT \SystemRoot\System32\Drivers\ackdx8xw.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D
IAT \SystemRoot\System32\Drivers\ackdx8xw.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8
IAT \SystemRoot\System32\Drivers\ackdx8xw.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA
IAT \SystemRoot\System32\Drivers\ackdx8xw.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B
IAT \SystemRoot\System32\Drivers\ackdx8xw.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B
IAT \SystemRoot\System32\Drivers\ackdx8xw.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39
IAT \SystemRoot\System32\Drivers\ackdx8xw.SYS[ataport.SYS!AtaPortMoveMemory] 00012284
IAT \SystemRoot\System32\Drivers\ackdx8xw.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600
IAT \SystemRoot\System32\Drivers\ackdx8xw.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4
IAT \SystemRoot\System32\Drivers\ackdx8xw.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668
IAT \SystemRoot\System32\Drivers\ackdx8xw.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36
IAT \SystemRoot\System32\Drivers\ackdx8xw.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757
IAT \SystemRoot\System32\Drivers\ackdx8xw.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7
IAT \SystemRoot\System32\Drivers\ackdx8xw.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0
IAT \SystemRoot\System32\Drivers\ackdx8xw.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6302915C] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [630290C4] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6302915C] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [630290C4] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [630290C4] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6302915C] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [6305C5B6] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] [63029296] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!SetWindowLongW] [61001570] c:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] [630292D3] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [6305C532] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61001890] c:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61001850] c:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetWindowLongA] [610015B0] c:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [61001530] c:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [6302915C] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [630290C4] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!CreateThread] [630290C4] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!GetProcAddress] [6302915C] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\shell32.dll [GDI32.dll!DeleteObject] [6305C5B6] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\shell32.dll [USER32.dll!TrackPopupMenuEx] [63029137] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\shell32.dll [USER32.dll!SetWindowLongA] [61001530] c:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\shell32.dll [USER32.dll!GetWindowLongA] [610015B0] c:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\shell32.dll [USER32.dll!CreateWindowExW] [630292D3] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\shell32.dll [USER32.dll!CallWindowProcW] [63058149] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\shell32.dll [USER32.dll!DeferWindowPos] [610014A0] c:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\shell32.dll [USER32.dll!TrackPopupMenu] [6302910F] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\shell32.dll [USER32.dll!DrawFrameControl] [6301DF7F] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\shell32.dll [USER32.dll!GetSysColorBrush] [6305C5E9] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\shell32.dll [USER32.dll!GetSysColor] [6305C532] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\shell32.dll [USER32.dll!FillRect] [63028DEF] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\shell32.dll [USER32.dll!DefWindowProcW] [61001890] c:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\shell32.dll [USER32.dll!GetWindowLongW] [610015E0] c:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\shell32.dll [USER32.dll!SetWindowLongW] [61001570] c:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\shell32.dll [USER32.dll!SetScrollInfo] [61001750] c:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\ole32.dll [GDI32.dll!DeleteObject] [6305C5B6] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] [630290C4] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [6302915C] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSysColor] [6305C532] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\ole32.dll [USER32.dll!CallWindowProcW] [63058149] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\ole32.dll [USER32.dll!DefWindowProcW] [61001890] c:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateWindowExW] [630292D3] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\ole32.dll [USER32.dll!GetWindowLongW] [610015E0] c:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\ole32.dll [USER32.dll!SetWindowLongW] [61001570] c:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateThread] [630290C4] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [6302915C] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6302915C] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] [630290C4] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6302915C] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\WININET.dll [USER32.dll!DefWindowProcA] [61001850] c:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\WININET.dll [USER32.dll!SetWindowLongA] [61001530] c:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\WININET.dll [USER32.dll!GetWindowLongA] [610015B0] c:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\WININET.dll [USER32.dll!CreateWindowExW] [630292D3] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [630290C4] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [6302915C] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3128] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] c:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 851281F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\sptd \Device\3489007840 sppp.sys
Device \Driver\volmgr \Device\VolMgrControl 847991F8
Device \Driver\usbuhci \Device\USBPDO-0 864031F8
Device \Driver\PCI_PNP9832 \Device\00000044 sppp.sys
Device \Driver\usbuhci \Device\USBPDO-1 864031F8
Device \Driver\usbuhci \Device\USBPDO-2 864031F8
Device \Driver\USBSTOR \Device\00000060 86B9D1F8
Device \Driver\usbuhci \Device\USBPDO-3 864031F8
Device \Driver\usbehci \Device\USBPDO-4 864021F8

AttachedDevice \Driver\tdx \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

Device \Driver\volmgr \Device\HarddiskVolume1 847991F8
Device \Driver\volmgr \Device\HarddiskVolume2 847991F8
Device \Driver\cdrom \Device\CdRom0 863E71F8
Device \Driver\volmgr \Device\HarddiskVolume3 847991F8
Device \Driver\cdrom \Device\CdRom1 863E71F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 851271F8
Device \Driver\atapi \Device\Ide\IdePort0 851271F8
Device \Driver\atapi \Device\Ide\IdePort1 851271F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-2 851271F8
Device \Driver\volmgr \Device\HarddiskVolume4 847991F8
Device \Driver\volmgr \Device\HarddiskVolume5 847991F8
Device \Driver\volmgr \Device\HarddiskVolume6 847991F8
Device \Driver\netbt \Device\NetBt_Wins_Export 86956500
Device \Driver\Smb \Device\NetbiosSmb 869521F8
Device \Driver\USBSTOR \Device\0000005c 86B9D1F8
Device \Driver\iScsiPrt \Device\RaidPort0 866B81F8

AttachedDevice \Driver\tdx \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

Device \Driver\USBSTOR \Device\0000005d 86B9D1F8

AttachedDevice \Driver\tdx \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

Device \Driver\USBSTOR \Device\0000005e 86B9D1F8
Device \Driver\USBSTOR \Device\0000005f 86B9D1F8
Device \Driver\usbuhci \Device\USBFDO-0 864031F8
Device \Driver\usbuhci \Device\USBFDO-1 864031F8
Device \Driver\netbt \Device\NetBT_Tcpip_{4BB974F0-E6CE-4ABE-9741-DDE204A7D022} 86956500
Device \Driver\usbuhci \Device\USBFDO-2 864031F8
Device \Driver\usbuhci \Device\USBFDO-3 864031F8
Device \Driver\usbehci \Device\USBFDO-4 864021F8
Device \Driver\ackdx8xw \Device\Scsi\ackdx8xw1Port3Path0Target0Lun0 864141F8
Device \Driver\ackdx8xw \Device\Scsi\ackdx8xw1 864141F8
Device \FileSystem\cdfs \Cdfs 87655500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBC 0x32 0x6E 0xFC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x87 0x79 0x5D 0xFA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x02 0xF2 0x88 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBC 0x32 0x6E 0xFC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x87 0x79 0x5D 0xFA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x02 0xF2 0x88 0x00 ...

---- EOF - GMER 1.0.15 ----

[motji]

Dejte soubor otestovat na www.virustotal.com
c:\windows\system32\iesysprep.dll
c:\windows\system32\PDMSetup.exe
c:\windows\System32\Drivers\sppp.sys
Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
Sem vložte link s výsledky.

Jak to vypadá s počítačem?

[Vincent]

Zdravím. Tady jsou linky na výsledky analýzy:

http://www.virustotal.com/cs/analisis/9 ... 1243321831

http://www.virustotal.com/cs/analisis/e ... 1243321473

http://www.virustotal.com/cs/analisis/7 ... 1243321204


Počítač se zdá být v pořádku, jen to stále hlásí tu chybu jako na začátku. Jedná se o tuto aktualizaci:

Aktualizace Microsoft .NET Framework 3.5 Service Pack 1 a .NET Framework 3.5 Family Update (KB951847) x86
Kód 80072EFD

Tak nevím, jestli je to známka toho, že v compu zůstal nějaký vir, anebo na tom nesejde. Co myslíte?
Moc díky!

[motji]

prosím ještě jednou otestujte tento soubor, pokud ho v pc máte, otestoval jste jiný
c:\windows\System32\Drivers\sppp.sys



:arrow:Stáhněte OtmoveIt3 http://oldtimer.geekstogo.com/OTMoveIt3.exe
Stáhněte na plochu Otmovelt3, 2krát klikněte na Otmovelt3,spustí se program,
Do levého okna "Paste Instructions for Items to be Moved" pod žlutou čáru skopírujete skript

Kód: Vybrat vše

:processes
explorer.exe

:files
C:\Windows\temp\HTTC726.tmp
C:\Windows\temp\HTTCB85.tmp
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s

:commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

-klikněte na červené tlačítko Moveit!
-sem vložte obsah zeleného okénka
-Pokud se bude chtít restartovat pc, dejte YES,log pak najdete C:\_OTMoveIt\MovedFiles. Log vložte sem

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu
-Log zkopírujte sem

[Vincent]

aha, tak právě tenhle soubor v počítači nemám. Otestoval jsem ten, o kterém jsem si myslel, že by to mohl být on. Nicméně provedu ty následující kroky, které jste popsal.