_appcompat.txt

[cernohous13]

Ještě tady vydrž - konzultuji další postup

[BroOskeW]

ok diky mooc..

[BroOskeW]

máte icq?

[cernohous13]

Pokud nemáš ComboFix na ploše, přesuň jej tam (máš ho v Dokumenty!)
Otevři Poznámkový blok (Start -> Spustit -> napiš Notepad OK) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

ComboFix se spustí - počkej na log a vlož ho sem.

Kód: Vybrat vše

KillAll::

File::
c:\windows\system32\Drivers\Winbh30.sys
c:\program files\Norton Security Scan\Nss.exe

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbh30.sys]

Driver::
Winbh30.sys

Rootkit::
c:\windows\system32\Drivers\Winbh30.sys

ATJob::

385550827

[BroOskeW]

Tady se omlouvam to nejak moc dlouho trvalo.... a predem dekuji za pomoc...

ComboFix 09-10-04.01 - admin 2009-10-04 21:58.10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1023.674 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Dokumenty\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\admin\Plocha\CFscript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý


FILE ::
"c:\program files\Norton Security Scan\Nss.exe"
"c:\windows\system32\Drivers\Winbh30.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\program files\Norton Security Scan\Nss.exe

Nakažená kopie c:\windows\system32\drivers\dtscsi.sys byla nalezena a vyléčena.
Kitty ate it
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Winbh30


((((((((((((((((((((((((( Soubory vytvořené od 2009-09-04 do 2009-10-04 )))))))))))))))))))))))))))))))
.

2009-10-03 18:00 . 2009-10-03 18:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-03 10:27 . 2009-10-03 10:27 -------- d-----w- c:\program files\Trend Micro
2009-10-03 10:19 . 2009-10-03 10:20 -------- d-----w- c:\program files\Navilog1
2009-10-03 10:16 . 2008-11-06 00:03 -------- d-----w- C:\SDFix
2009-09-30 14:38 . 2009-09-30 14:39 -------- dc-h--w- c:\windows\ie8
2009-09-28 08:28 . 2009-09-28 08:28 -------- d-----w- c:\program files\CCleaner
2009-09-27 17:47 . 2009-09-27 18:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-27 17:47 . 2009-09-27 17:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-13 14:29 . 2009-09-13 14:34 -------- d-----w- c:\program files\FlatOut
2009-09-10 16:55 . 2009-09-10 16:55 -------- d-----w- c:\program files\EA Sports
2009-09-09 18:25 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 19:36 . 2008-07-30 20:05 -------- d-----w- c:\program files\Norton Security Scan
2009-10-04 15:14 . 2008-01-08 18:35 -------- d-----w- c:\program files\Call of Duty
2009-10-03 16:40 . 2008-05-27 14:11 -------- d-----w- c:\program files\Graffiti Studio 2.0
2009-10-01 18:06 . 2009-08-12 16:02 -------- d-----w- c:\program files\AoA Audio Extractor
2009-09-25 09:54 . 2009-09-02 14:32 -------- d-----w- c:\program files\Seznam.cz
2009-09-23 16:58 . 2009-08-31 16:50 -------- d-----w- c:\program files\Electronic Arts
2009-09-21 15:40 . 2009-06-30 15:19 -------- d-----w- c:\program files\Vietcong
2009-09-20 12:07 . 2007-05-12 15:15 -------- d-----w- c:\program files\Vietcong2
2009-09-18 16:01 . 2008-08-15 16:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-13 14:01 . 2007-08-22 15:09 2970 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-09-10 17:21 . 2009-03-05 17:09 -------- d-----w- c:\program files\Banner Maker Pro for Flash 3
2009-09-10 17:16 . 2008-03-30 10:09 -------- d-----w- c:\program files\City Interactive
2009-09-10 17:14 . 2008-07-04 11:17 -------- d-----w- c:\program files\Diablo II Shareware
2009-08-31 16:50 . 2006-11-10 13:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-15 09:27 . 2009-08-15 09:27 -------- d-----w- c:\program files\DsNET Corp
2009-08-13 12:55 . 2009-08-12 16:23 -------- d-----w- c:\program files\Winamp
2009-08-12 16:02 . 2009-08-12 16:02 -------- d-----w- c:\program files\YouTube Downloader
2009-08-10 16:45 . 2009-08-10 16:44 -------- d-----w- c:\program files\PhotoFiltre Studio
2009-08-10 12:41 . 2004-08-18 12:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2009-08-10 12:41 . 2004-08-18 12:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2009-08-10 12:36 . 2009-08-10 12:36 -------- d-----w- c:\program files\MSBuild
2009-08-10 12:35 . 2009-08-10 12:35 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 17:24 . 2006-11-09 16:56 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2006-11-09 16:56 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2006-11-15 02:25 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2006-11-09 16:56 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2006-11-09 16:56 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2004-08-18 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2006-11-09 16:56 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2008-03-01 08:02 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 17:23 . 2007-07-30 18:18 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 17:23 . 2006-11-09 16:56 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-18 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:04 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-18 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2002-10-06 18:37 . 2006-03-21 18:33 53760 ----a-w- c:\program files\zlib.dll
1996-12-02 15:44 . 1996-12-02 15:44 582144 ----a-w- c:\program files\Common Files\dao350.dll
2005-09-24 04:44 . 2008-07-30 19:02 77824 ----a-w- c:\program files\internet explorer\plugins\Kopie - nppdf32.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-03_19.04.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-04 20:08 . 2009-10-04 20:08 16384 c:\windows\temp\Perflib_Perfdata_f90.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2007-08-21 208946]
"Weather"="c:\progra~1\AWS\WEATHE~1\Weather.exe" [2004-11-08 1597440]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-02-21 949376]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"openvpn-gui"="c:\program files\OpenVPN\bin\openvpn-gui.exe" [2007-02-09 92160]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-12-02 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-12-17 61440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-11 1519616]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-07-22 28160]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-06-21 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-12-3 625952]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Basic Client.lnk - c:\program files\Dynu Systems\Basic\DynuBas.exe [2004-6-25 823296]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-11-12 528384]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RACServerLogon]
2007-09-11 09:03 57344 ----a-w- c:\windows\system32\RACServerLogon2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Roger Wilco\\roger.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"c:\\Program Files\\PCNetSoftware\\RAC Server\\RACs.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Vietcong2\\vc2ded.exe"=
"c:\\Program Files\\Vietcong2\\vietcong2.exe"=
"c:\\Program Files\\Vietcong\\vcded.exe"=
"c:\\Program Files\\Vietcong\\vietcong.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Graffiti Studio 2.0\\Graffiti Studio.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5425:TCP"= 5425:TCP:*:Disabled:CZ servr!

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-02-21 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-09-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-09-15 74480]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-11-05 222456]
R2 PCNetSoftware RAC Server;PCNetSoftware RAC Server;c:\program files\PCNetSoftware\RAC Server\RACs.exe [2007-09-21 3026944]
R2 RACDriver;RAC driver;c:\program files\PCNetSoftware\RAC Server\RACDriver.sys [2007-09-21 8208]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2008-01-30 25216]
S2 DynuBasic;Dynu Basic Dynamic DNS Client v3.24;c:\program files\Dynu Systems\Basic\BasicSvc.exe [2004-06-25 159744]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2008-12-25 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2008-12-25 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2008-12-25 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2008-12-25 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2008-12-25 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2008-12-25 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2008-12-25 117672]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-15 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunCasino.exe
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\nt4sk49s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://home.gamingharbor.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\nt4sk49s.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 22:08
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1409082233-1637723038-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1409082233-1637723038-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:29,22,94,c5,e8,46,b7,3b,b3,16,31,73,ce,79,4b,82,04,2f,c4,01,a7,
5d,83,5f,f3,b8,0b,ed,a1,cc,cf,fd,2c,bf,d7,d5,05,eb,cd,48,8a,91,73,4c,e1,6a,\
"rkeysecu"=hex:05,b7,ff,79,c5,a3,f7,a5,48,49,b9,7c,b0,90,a8,a5

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1092)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\RACServerLogon2.dll

- - - - - - - > 'lsass.exe'(1160)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(3904)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\IncrediMail\bin\B4ImApp.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Spybot - Search & Destroy\SDHelper.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\progra~1\INCRED~1\bin\ImApp.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Celkový čas: 2009-10-04 22:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-10-04 20:19
ComboFix2.txt 2009-10-04 10:44
ComboFix3.txt 2009-10-03 20:52
ComboFix4.txt 2009-10-03 20:21
ComboFix5.txt 2009-10-04 19:24

Před spuštěním: Volných bajtů: 172,073,263,104
Po spuštění: Volných bajtů: 172,034,985,984

297 --- E O F --- 2009-10-01 13:26

[cernohous13]

sice jsi Combofix nechal v Dokumentech a ne na ploše a Anti Vir zůstal spuštěný, ale snad to i tak proběhlo regulérně.
Zkus jestli při spuštění hry problém přetrvává.

Jinak najdi v adresáři:
C:\Documents and Settings\admin\Local Settings\Temp\77e5_appcompat.txt
Klik pravým myšítkem -> Otevřít v programu -> Poznámkový blok
V textu klik levým kamkoliv do textu - > stisk Ctrl+A - označí vše -> Ctrl+C - zkopíruje do schránky
Dej Odpovědět ve svém příspěvku a Ctrl+V - vloží obsah textu do tvého příspěvku

Pro pokročilou hodinu další kolo zítra

[BroOskeW]

mno.. bohužel problém stále přetrvává...
No ten soubor 77e5_appcompat.txt tam vubec neni v pc... dal jsem star- spustit a ten soubor a nic...
a jináč fáákt díky že pomáháte... snad se ten problém už konečně vyřeší...

[cernohous13]

mno.. bohužel problém stále přetrvává...
No ten soubor 77e5_appcompat.txt tam vubec neni v pc... dal jsem star- spustit a ten soubor a nic

Tento počítač -> C:\Documents and Settings -> admin -> Local Settings -> Temp otevři a vyber si jeden soubor typu
(4znaky)_appcompat.txt -> Klik pravým myšítkem -> Otevřít v programu -> Poznámkový blok
Otevře se okno a v textu klik pravým -> Vybrat vše -> znovu pravým -> Kopírovat

Vrátíš se sem -> tlačítko odpovědět do okna klik pravým -> Vložit -> Odeslat

krok za krokem přesně jak to píšu

[BroOskeW]

Jasný já vím ale ja tam ten soubour _appcompat.txt vubec nemam nic pod takovím nazvem..

[cernohous13]

Přesuň Combofix na plochu a udělej ještě jeden výmaz pomocí CFscriptu

Kód: Vybrat vše

DDS::
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTM
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunCasino.exe

Firefox::
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\nt4sk49s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://home.gamingharbor.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/sli ... pab&query=

ComboFix se spustí - počkej na log a vlož ho sem.[/quote]

Stáhni Ccleaner - odkaz v mém podpisu.

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.
Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Ten si můžeš nechat i na budoucí občasné čištění.

[BroOskeW]

ComboFix 09-10-04.01 - admin 2009-10-05 19:40.11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1023.675 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Dokumenty\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\admin\Plocha\CFscript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

Nakažená kopie c:\windows\system32\drivers\dtscsi.sys byla nalezena a vyléčena.
Kitty ate it
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-05 do 2009-10-05 )))))))))))))))))))))))))))))))
.

2009-10-03 18:00 . 2009-10-03 18:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-03 10:27 . 2009-10-03 10:27 -------- d-----w- c:\program files\Trend Micro
2009-10-03 10:19 . 2009-10-03 10:20 -------- d-----w- c:\program files\Navilog1
2009-10-03 10:16 . 2008-11-06 00:03 -------- d-----w- C:\SDFix
2009-09-30 14:38 . 2009-09-30 14:39 -------- dc-h--w- c:\windows\ie8
2009-09-28 08:28 . 2009-09-28 08:28 -------- d-----w- c:\program files\CCleaner
2009-09-27 17:47 . 2009-09-27 18:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-27 17:47 . 2009-09-27 17:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-13 14:29 . 2009-09-13 14:34 -------- d-----w- c:\program files\FlatOut
2009-09-10 16:55 . 2009-09-10 16:55 -------- d-----w- c:\program files\EA Sports
2009-09-09 18:25 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 19:36 . 2008-07-30 20:05 -------- d-----w- c:\program files\Norton Security Scan
2009-10-04 15:14 . 2008-01-08 18:35 -------- d-----w- c:\program files\Call of Duty
2009-10-03 16:40 . 2008-05-27 14:11 -------- d-----w- c:\program files\Graffiti Studio 2.0
2009-10-01 18:06 . 2009-08-12 16:02 -------- d-----w- c:\program files\AoA Audio Extractor
2009-09-25 09:54 . 2009-09-02 14:32 -------- d-----w- c:\program files\Seznam.cz
2009-09-23 16:58 . 2009-08-31 16:50 -------- d-----w- c:\program files\Electronic Arts
2009-09-21 15:40 . 2009-06-30 15:19 -------- d-----w- c:\program files\Vietcong
2009-09-20 12:07 . 2007-05-12 15:15 -------- d-----w- c:\program files\Vietcong2
2009-09-18 16:01 . 2008-08-15 16:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-13 14:01 . 2007-08-22 15:09 2970 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-09-10 17:21 . 2009-03-05 17:09 -------- d-----w- c:\program files\Banner Maker Pro for Flash 3
2009-09-10 17:16 . 2008-03-30 10:09 -------- d-----w- c:\program files\City Interactive
2009-09-10 17:14 . 2008-07-04 11:17 -------- d-----w- c:\program files\Diablo II Shareware
2009-08-31 16:50 . 2006-11-10 13:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-15 09:27 . 2009-08-15 09:27 -------- d-----w- c:\program files\DsNET Corp
2009-08-13 12:55 . 2009-08-12 16:23 -------- d-----w- c:\program files\Winamp
2009-08-12 16:02 . 2009-08-12 16:02 -------- d-----w- c:\program files\YouTube Downloader
2009-08-10 16:45 . 2009-08-10 16:44 -------- d-----w- c:\program files\PhotoFiltre Studio
2009-08-10 12:41 . 2004-08-18 12:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2009-08-10 12:41 . 2004-08-18 12:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2009-08-10 12:36 . 2009-08-10 12:36 -------- d-----w- c:\program files\MSBuild
2009-08-10 12:35 . 2009-08-10 12:35 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 17:24 . 2006-11-09 16:56 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2006-11-09 16:56 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2006-11-15 02:25 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2006-11-09 16:56 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2006-11-09 16:56 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2004-08-18 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2006-11-09 16:56 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2008-03-01 08:02 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 17:23 . 2007-07-30 18:18 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 17:23 . 2006-11-09 16:56 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-18 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:04 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-18 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2002-10-06 18:37 . 2006-03-21 18:33 53760 ----a-w- c:\program files\zlib.dll
1996-12-02 15:44 . 1996-12-02 15:44 582144 ----a-w- c:\program files\Common Files\dao350.dll
2005-09-24 04:44 . 2008-07-30 19:02 77824 ----a-w- c:\program files\internet explorer\plugins\Kopie - nppdf32.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2007-08-21 208946]
"Weather"="c:\progra~1\AWS\WEATHE~1\Weather.exe" [2004-11-08 1597440]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-02-21 949376]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"openvpn-gui"="c:\program files\OpenVPN\bin\openvpn-gui.exe" [2007-02-09 92160]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-12-02 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-12-17 61440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-11 1519616]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-07-22 28160]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-06-21 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-12-3 625952]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Basic Client.lnk - c:\program files\Dynu Systems\Basic\DynuBas.exe [2004-6-25 823296]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-11-12 528384]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RACServerLogon]
2007-09-11 09:03 57344 ----a-w- c:\windows\system32\RACServerLogon2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Roger Wilco\\roger.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"c:\\Program Files\\PCNetSoftware\\RAC Server\\RACs.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Vietcong2\\vc2ded.exe"=
"c:\\Program Files\\Vietcong2\\vietcong2.exe"=
"c:\\Program Files\\Vietcong\\vcded.exe"=
"c:\\Program Files\\Vietcong\\vietcong.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Graffiti Studio 2.0\\Graffiti Studio.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5425:TCP"= 5425:TCP:*:Disabled:CZ servr!

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-02-21 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-09-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-09-15 74480]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-11-05 222456]
R2 PCNetSoftware RAC Server;PCNetSoftware RAC Server;c:\program files\PCNetSoftware\RAC Server\RACs.exe [2007-09-21 3026944]
R2 RACDriver;RAC driver;c:\program files\PCNetSoftware\RAC Server\RACDriver.sys [2007-09-21 8208]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2008-01-30 25216]
S2 DynuBasic;Dynu Basic Dynamic DNS Client v3.24;c:\program files\Dynu Systems\Basic\BasicSvc.exe [2004-06-25 159744]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2008-12-25 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2008-12-25 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2008-12-25 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2008-12-25 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2008-12-25 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2008-12-25 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2008-12-25 117672]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-15 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunCasino.exe
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\nt4sk49s.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - component: c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\nt4sk49s.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-05 19:49
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1409082233-1637723038-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1409082233-1637723038-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:e9,be,b8,e3,27,49,33,c3,6a,62,16,07,37,21,6a,db,e4,92,24,6c,53,
76,61,63,eb,85,3f,36,09,27,d1,3e,c9,a1,3a,4a,22,b9,9f,1a,ec,e6,6d,8d,9e,76,\
"rkeysecu"=hex:8c,ca,ec,e2,1d,82,c3,a2,4e,e5,fc,0e,06,0b,e3,92

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1104)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\RACServerLogon2.dll

- - - - - - - > 'lsass.exe'(1164)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2009-10-05 19:54
ComboFix-quarantined-files.txt 2009-10-05 17:53
ComboFix2.txt 2009-10-04 20:21
ComboFix3.txt 2009-10-04 10:44
ComboFix4.txt 2009-10-03 20:52
ComboFix5.txt 2009-10-05 17:36

Před spuštěním: Volných bajtů: 171,946,192,896
Po spuštění: Volných bajtů: 171,961,122,816

248 --- E O F --- 2009-10-01 13:26

a ten druhej ukol s cleaner to stím mám taky udelat?

[BroOskeW]

Také nevím jestli je to potrebny ale ukázalo se tam ze tam byl výskyt rokytu takze to chtelo rr pc.. nevím jetsli je to dulezite ale objevilo se to tam a taky predtim jeste nejaka chybova sprava... dal jsem informace.. a zase ten ab...

[cernohous13]

zkusíme rootkita odhalit

http://www.viry.cz/forum/viewtopic.php?f=29&t=62878 - návod včetně odkazu na stažení

výsledné logy budou dva - oba sem dej

[BroOskeW]

GMER 1.0.15.15125 - http://www.gmer.net
Rootkit quick scan 2009-10-06 16:33:53
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\admin\LOCALS~1\Temp\fwdoyaob.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwEnumerateKey [0xF72B8C22]
SSDT sptd.sys ZwEnumerateValueKey [0xF72B8F9A]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86DCF450

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )

---- EOF - GMER 1.0.15 ----



tedka druhy log ...


GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-06 17:53:40
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\admin\LOCALS~1\Temp\fwdoyaob.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xF72B8AC8]
SSDT sptd.sys ZwEnumerateKey [0xF72B8C22]
SSDT sptd.sys ZwEnumerateValueKey [0xF72B8F9A]
SSDT sptd.sys ZwOpenKey [0xF72B898E]
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess [0xF07D48AC]
SSDT sptd.sys ZwQueryKey [0xF72B9064]
SSDT sptd.sys ZwQueryValueKey [0xF72B8EFC]
SSDT sptd.sys ZwSetValueKey [0xF72B90EC]
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess [0xF07D4812]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
? C:\WINDOWS\System32\Drivers\SPTD0877.SYS Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F56BA4F0 16 Bytes [82, 9B, 0F, AA, 6B, 1D, 12, ...]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 F56BA501 19 Bytes [90, 6B, F5, 26, 54, 3A, 66, ...]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 25 F56BA515 11 Bytes [15, D4, FE, BB, 84, 1A, B7, ...] {ADC EAX, 0x84bbfed4; SBB DH, [EDI-0x6b380ce]}
? C:\WINDOWS\System32\Drivers\dtscsi.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\internet explorer\iexplore.exe[2676] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 414E51FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2676] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 415B9521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2676] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 415ACB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2676] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 415BD3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2676] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 415243F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2676] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 416B3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2676] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 416B3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2676] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 416B3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2676] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 416B3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2676] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 416B3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2676] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 416B3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2676] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 416B3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2676] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 415BD408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2676] ole32.dll!OleLoadFromStream 77519C85 5 Bytes JMP 416B3F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3600] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 414E51FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3600] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 415BD3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3600] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 416B3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3600] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 416B3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3600] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 416B3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3600] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 416B3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3600] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 416B3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3600] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 416B3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3600] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 416B3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F72B4AD2] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F72B4C0E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72B4B96] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72B576C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72B5642] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72D7056] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [1002DE60] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRect] [1002DED0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [1002DEF0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowLongA] [1002DEF0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\internet explorer\iexplore.exe[2676] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86DCF450

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )

Device \Driver\00000039 \Device\00000050 sptd.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{489F5A9E-FD15-4AD2-B685-9E399D5D0E67} 8601E728
Device \Driver\Ftdisk \Device\HarddiskVolume1 86DCFEB0
Device \Driver\Cdrom \Device\CdRom0 86BC3910
Device \FileSystem\Rdbss \Device\FsWrap 86B230E8
Device \Driver\Cdrom \Device\CdRom1 86BC3910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F722EB40] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort0 [F722EB40] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort1 [F722EB40] atapi.sys[unknown section]
Device \Driver\nvata \Device\00000075 86DCF940
Device \Driver\NetBT \Device\NetBt_Wins_Export 8601E728
Device \Driver\NetBT \Device\NetbiosSmb 8601E728
Device \Driver\Disk \Device\Harddisk0\DR0 86DCF688
Device \Driver\nvata \Device\NvAta0 86DCF940
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86B720E8
Device \Driver\nvata \Device\NvAta1 86DCF940
Device \Driver\NetBT \Device\NetBT_Tcpip_{E9A85878-1B6F-40B4-A0FC-CC53DEF58FEE} 8601E728
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86B720E8
Device \FileSystem\Npfs \Device\NamedPipe 86B45DE0
Device \Driver\Ftdisk \Device\FtControl 86DCFEB0
Device \FileSystem\Msfs \Device\Mailslot 86A586E0
Device \Driver\NetBT \Device\NetBT_Tcpip_{B11B188B-EB3C-44A0-BA89-B488009DACFF} 8601E728
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 867A42F8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 867A42F8
Device \FileSystem\Cdfs \Cdfs 867FB408

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 -1150945310
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -817086391
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 387646217
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7D 0x82 0xAA 0xAD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x79 0xA1 0xC6 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x83 0xA5 0x90 0x41 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7D 0x82 0xAA 0xAD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x79 0xA1 0xC6 0x27 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x83 0xA5 0x90 0x41 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7D 0x82 0xAA 0xAD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x79 0xA1 0xC6 0x27 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x83 0xA5 0x90 0x41 ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\admin\Dokumenty\ICQ\487605113\ReceivedFiles\370842059 Blackout..\blaster.jpg 56510 bytes
File C:\Documents and Settings\admin\Dokumenty\ICQ\487605113\ReceivedFiles\370842059 Blackout..\chariot.jpg 57556 bytes
File C:\Documents and Settings\admin\Dokumenty\ICQ\487605113\ReceivedFiles\370842059 Blackout..\tanker.jpg 74377 bytes
File C:\Documents and Settings\admin\Dokumenty\ICQ\487605113\ReceivedFiles\396658687 TwiTch..\24-403~Borat-Posters.jpg 40245 bytes
File C:\Documents and Settings\admin\Dokumenty\ICQ\487605113\ReceivedFiles\396658687 TwiTch..\ja new.jpg 31874 bytes
File C:\Documents and Settings\admin\Dokumenty\ICQ\487605113\ReceivedFiles\396658687 TwiTch..\josef.jpg 129869 bytes
File C:\Documents and Settings\admin\Dokumenty\ICQ\487605113\ReceivedFiles\396658687 TwiTch..\pepa.bmp 564054 bytes
File C:\Documents and Settings\admin\Dokumenty\ICQ\487605113\ReceivedFiles\396658687 TwiTch..\Thumbs.db 17408 bytes
File C:\Documents and Settings\admin\Dokumenty\ICQ\487605113\ReceivedFiles\396658687 TwiTch..\untitled.bmp 2359350 bytes

---- EOF - GMER 1.0.15 ----

[cernohous13]

Otevři správce úloh (Ctrl+Alt+Del) - záložka "Procesy" - daemon.exe a TeaTimer.exe -> Ukončit proces

Stáhni a nainstaluj
http://www.stahuj.centrum.cz/utility_a_ ... staller/?g
Odinstaluj program - DAEMON Tools
označ vše co najde a dej smazat.

Totéž s programem - Spybot - Search & Destroy

Klik na T-cleaner v mém podpisu - stáhni a spusť.

Klik na SVI v mém podpisu a podle návodu vyčisti Body obnovy

Až to bude - nový log z RSIT