Jeden log - vir OLMARIK asi to má na svědomí DAEMON

Zpráva

zip911 · #1 Příspěvek od **zip911** » 30 pro 2009 12:30

Zdravím,

přikládám log z programu "HijackThis v1.99.1". NOD mi hlásí vir OLMARIK, myslím si, že to má na svědomí asi DAEMON.......

prosím o rady....

Logfile of HijackThis v1.99.1
Scan saved at 12:27:03, on 30.12.2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Instalace\ICQ6.5\ICQ.exe
C:\Instalace\Xfire\xfire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\zip911\AppData\Local\Temp\Rar$EX00.480\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Instalace\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Instalace\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: TeamViewer 5 (TeamViewer5) - Unknown owner - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe" -service (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

zip911 · #2 Příspěvek od **zip911** » 30 pro 2009 13:01

....tak nikdo se mě neujme??

#3 Příspěvek od **motji** » 30 pro 2009 20:58

Dobrý večer

Poprosím o log ze rsitu, viz můj podpis

Kde Vám antivir vir hlásí?

Stahněte http://download.eset.com/special/EOlmarikRemover.exe
Spustte a dejte pak vědět co našel

odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu

start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde

zip911 · #4 Příspěvek od **zip911** » 31 pro 2009 12:12

Zdravím,

- cesta k napúadenému souboru C:\Windows\system32\DRIVERS\atapi.sys
- infiltrace Win32\Olmarik.OFvirus

- log Gmer 1

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2009-12-31 12:01:16
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\zip911\AppData\Local\Temp\fxldqpog.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

---- Threads - GMER 1.0.15 ----

Thread System [4:248] 8612E930

---- EOF - GMER 1.0.15 ----

- log Gmer 2

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-31 12:04:21
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\zip911\AppData\Local\Temp\fxldqpog.sys

---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83242AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83242104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832423F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8322A634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8322A898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832421DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83242958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832426F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83242F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832431A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E5B579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E7FF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Windows\system32\DRIVERS\atapi.sys Přístup byl odepřen. !
.rsrc C:\Windows\system32\DRIVERS\atapi.sys entry point in ".rsrc" section [0x83B5D000]
.text peauth.sys 95AA5C9E 27 Bytes [21, 18, 2E, 57, AC, FD, C7, ...]
.text peauth.sys 95AA5CC2 27 Bytes [21, 18, 2E, 57, AC, FD, C7, ...]
PAGE peauth.sys 95AABE21 100 Bytes [5B, B4, 9E, 31, 85, 23, 99, ...]
PAGE peauth.sys 95AAC02D 101 Bytes [77, E6, 92, 25, 17, 45, 8F, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1720] kernel32.dll!SetUnhandledExceptionFilter 75EF3142 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!DialogBoxIndirectParamW 757A4AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!DialogBoxIndirectParamW 757A4AA7 5 Bytes JMP 721958AB C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!DialogBoxParamW 757A564A 5 Bytes JMP 71F6490B C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!DialogBoxParamA 757BCF6A 5 Bytes JMP 72195848 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!DialogBoxIndirectParamA 757BD29C 5 Bytes JMP 7219590E C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!MessageBoxIndirectA 757CE8C9 5 Bytes JMP 721957DD C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!MessageBoxIndirectW 757CE9C3 5 Bytes JMP 72195772 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!MessageBoxExA 757CEA29 5 Bytes JMP 72195710 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!MessageBoxExW 757CEA4D 5 Bytes JMP 721956AE C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3236] ole32.dll!OleLoadFromStream 75475B88 5 Bytes JMP 72195B74 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!CreateDialogParamW 75779BFF 5 Bytes JMP 71F9C2C8 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!EnableWindow 7577A72E 5 Bytes JMP 71F9C243 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!GetAsyncKeyState 7577C09A 5 Bytes JMP 71F5D6D1 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!CallNextHookEx + 4 7577CC93 1 Byte [FC]
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!SetWindowsHookExW 7578210A 5 Bytes JMP 71FF4243 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!GetKeyState 75784FDA 5 Bytes JMP 71F9D47E C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!IsDialogMessageW 75786F06 5 Bytes JMP 71F63FE8 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!CreateDialogParamA 75793E79 5 Bytes JMP 721961B3 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!IsDialogMessage 7579407A 5 Bytes JMP 72195BBF C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!CreateDialogIndirectParamA 75799110 5 Bytes JMP 721961EA C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!CreateDialogIndirectParamW 757A08AD 5 Bytes JMP 72196221 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!DialogBoxIndirectParamW 757A4AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!DialogBoxIndirectParamW 757A4AA7 5 Bytes JMP 721958AB C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!EndDialog 757A555C 5 Bytes JMP 71F65873 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!DialogBoxParamW 757A564A 5 Bytes JMP 71F6490B C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!SetKeyboardState 757A6B52 5 Bytes JMP 72195F24 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!SendInput 757A7055 5 Bytes JMP 721968A0 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!DialogBoxParamA 757BCF6A 5 Bytes JMP 72195848 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!DialogBoxIndirectParamA 757BD29C 5 Bytes JMP 7219590E C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!MessageBoxIndirectA 757CE8C9 5 Bytes JMP 721957DD C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!MessageBoxIndirectW 757CE9C3 5 Bytes JMP 72195772 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!MessageBoxExA 757CEA29 5 Bytes JMP 72195710 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!MessageBoxExW 757CEA4D 5 Bytes JMP 721956AE C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!keybd_event 757CEC9B 5 Bytes JMP 72196AD3 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] SHELL32.dll!SHChangeNotification_Lock + 45BE 7638B3D8 4 Bytes [11, 36, FB, 6C] {ADC [ESI], ESI; STI ; INSB }
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] SHELL32.dll!SHChangeNotification_Lock + 45C6 7638B3E0 8 Bytes [5F, 35, FB, 6C, D0, 73, FA, ...] {POP EDI; XOR EAX, 0x73d06cfb; CLI ; INSB }
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] ole32.dll!OleLoadFromStream 75475B88 5 Bytes JMP 72195B74 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6CF99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6CFA3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6CFA1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6CF9C028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6CFA3B9B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6CFA595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6CFA47A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6CFA4EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [6CFA1D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6CF9F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6CF99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6CFA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6CFA06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6CF9FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6CFA1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6CFA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6CFA0043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6CFA0CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6CFA3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6CFA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6CF99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6CFA06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6CFA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6CFA0CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6CFA2ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6CF9F1BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6CF9F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6CF9FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6CFA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6CFA1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6CFA4EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6CFA47A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6CF9DF55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6CFA06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6CFA3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6CF9DCFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6CF9DE25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6CFA0571] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6CF99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6CFA1D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6CF9DBCF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6CFA41F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6CFA595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6CFA4735] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6CFA4B56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [6CFA823A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [6CFA89C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6CFA8584] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [6CFA7E55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6CFA8CD4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6CFA90D9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [6CFA7C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [6CFA8D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [6CFA7F8E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [6CFA794A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [6CFA7D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [6CFA8898] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [6CFA86C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [6CFA8760] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [6CFA7EF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [6CFA9B99] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [6CFA958E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [6CFA99D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [6CFA8026] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [6CFA7F42] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [6CFA7AE4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [6CFA97FC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [6CFA7BD1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [6CFA9C52] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [6CFA98B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6CFA77ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6CFA96FD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [6CFA81EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [6CFA80BE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [6CFA8286] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [6CFA8D75] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [6CFA7DBA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [6CFA8F70] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [6CFA892C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [6CFA9A2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [6CFA92E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [6CFA9E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [6CFA8E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [6CFA7B33] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [6CFA9029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [6CFA789A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6CFA83BC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [6CFA861C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [6CFA8A5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [6CFA8454] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [6CFA84EC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [6CFA9974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [6CFA8EBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6CF9D9AD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6CFA0F2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6CFA1904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6CFA141F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6CFA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6CFA09C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6CF9FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6CF9F834] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6CF9F084] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6CFA27FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6CFA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6CF9F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6CF9EB7A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6CF9E563] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6CFA2ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6CFA27DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6CF9E901] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6CFA0043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6CF9EE02] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6CFA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6CFA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6CF99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6CFA9974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6CFA9916] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6CFA8A0C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6CFA8D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6CFA8E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6CFA7D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6CFA8FCE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6CFA9E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6CFA9029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6CFA9E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [6CFA7C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6CF99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6CF99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:248] 8612E930

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Instalace\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x80 0x49 0x25 0x89 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3C 0x12 0xB6 0x66 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC9 0x14 0xFB 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0x9E 0xC2 0x8D ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0x9E 0xC2 0x8D ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\DRIVERS\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

- log mbr

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: error reading MBR

U aplikace "mbr" mě to nenechalo vepsat příkaz. Asi jsem dělal něco špatně......

zip911 · #5 Příspěvek od **zip911** » 31 pro 2009 13:01

...ještě jsem zapoměl na log "RSIT", který jsem dělal úplně naposled...

Logfile of random's system information tool 1.06 (written by random/random)
Run by zip911 at 2009-12-31 12:57:51
Microsoft Windows 7 Ultimate
System drive C: has 58 GB (58%) free of 100 GB
Total RAM: 2046 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:53, on 31.12.2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\zip911\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q6F1VV20\RSIT[1].exe
C:\Program Files\trend micro\zip911.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Instalace\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Instalace\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 5728 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-30 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-10-30 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-20 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-08-16 962808]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-30 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"Google Quick Search Box"=C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-10-30 122880]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-20 149280]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-11-16 2054360]
"ProfilerU"=C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [2009-06-03 237568]
"SaiMfd"=C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [2009-06-03 131072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5681dfbe-e67a-11de-acc7-0016e6df7d99}]
shell\AutoRun\command - 1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5681dfe1-e67a-11de-acc7-0016e6df7d99}]
shell\AutoRun\command - G:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f56c6ce-efa5-11de-b339-0016e6df7d99}]
shell\AutoRun\command - 1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee8782f9-c08f-11de-b3a4-0016e6df7d99}]
shell\AutoRun\command - G:\Installer.EXE

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-12-30 12:47:44 ----D---- C:\Program Files\CCleaner
2009-12-30 12:33:37 ----D---- C:\Program Files\trend micro
2009-12-30 12:33:36 ----D---- C:\rsit
2009-12-27 11:08:33 ----D---- C:\Program Files\Microsoft Silverlight
2009-12-25 21:18:00 ----D---- C:\Games
2009-12-22 19:36:01 ----D---- C:\Users\zip911\AppData\Roaming\TeamViewer
2009-12-22 19:35:54 ----D---- C:\Program Files\TeamViewer
2009-12-22 18:30:29 ----D---- C:\ProgramData\Saitek
2009-12-22 18:30:24 ----D---- C:\Program Files\Saitek
2009-12-22 13:46:15 ----D---- C:\IL-2 Sturmovik 1946
2009-12-20 16:57:20 ----RA---- C:\Windows\system32\msxml.dll
2009-12-20 16:57:18 ----RA---- C:\Windows\system32\xmltok.dll
2009-12-20 16:57:18 ----RA---- C:\Windows\system32\xmlparse.dll
2009-12-20 16:57:18 ----RA---- C:\Windows\system32\xmlinst.exe
2009-12-20 16:57:18 ----RA---- C:\Windows\system32\VB5DB.DLL
2009-12-20 16:57:18 ----RA---- C:\Windows\system32\msxmlr.dll
2009-12-20 16:57:18 ----RA---- C:\Windows\system32\msxml3a.dll
2009-12-20 16:57:03 ----D---- C:\Users\zip911\AppData\Roaming\ubi.com
2009-12-20 16:57:02 ----A---- C:\Windows\patchw32.dll
2009-12-20 16:56:59 ----D---- C:\Program Files\Common Files\PocketSoft
2009-12-20 11:54:25 ----D---- C:\ProgramData\Xfire
2009-12-20 11:54:23 ----D---- C:\Users\zip911\AppData\Roaming\Xfire
2009-12-20 11:47:19 ----D---- C:\Users\zip911\AppData\Roaming\teamspeak2
2009-12-19 12:16:00 ----D---- C:\Program Files\ESET
2009-12-11 18:24:15 ----D---- C:\Users\zip911\AppData\Roaming\DAEMON Tools Lite
2009-12-11 18:24:11 ----D---- C:\ProgramData\DAEMON Tools Lite
2009-12-10 06:15:27 ----A---- C:\Windows\system32\mshtml.dll
2009-12-10 06:15:27 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-05 14:39:35 ----D---- C:\ProgramData\DVD Shrink
2009-12-05 14:39:33 ----D---- C:\Program Files\DVD Shrink
2009-12-05 14:25:41 ----D---- C:\Users\zip911\AppData\Roaming\BSplayer PRO
2009-12-05 14:25:36 ----D---- C:\Program Files\Webteh

======List of files/folders modified in the last 1 months======

2009-12-31 12:57:53 ----D---- C:\Windows\Temp
2009-12-31 12:57:50 ----D---- C:\Windows\Prefetch
2009-12-31 12:56:53 ----D---- C:\Windows\system32\config
2009-12-31 11:48:25 ----D---- C:\Windows\System32
2009-12-31 11:48:24 ----D---- C:\Windows\inf
2009-12-31 11:48:24 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-31 11:42:17 ----D---- C:\Windows
2009-12-31 11:39:42 ----RD---- C:\Program Files
2009-12-30 12:50:56 ----D---- C:\Windows\debug
2009-12-28 20:27:24 ----SHD---- C:\System Volume Information
2009-12-27 11:08:34 ----SHD---- C:\Windows\Installer
2009-12-26 20:12:13 ----D---- C:\Program Files\WinRAR
2009-12-25 23:11:46 ----D---- C:\Windows\system32\wdi
2009-12-23 23:54:20 ----D---- C:\Windows\system32\NDF
2009-12-23 13:08:42 ----D---- C:\Windows\system32\Tasks
2009-12-22 19:38:01 ----D---- C:\Windows\Tasks
2009-12-22 18:31:15 ----D---- C:\Windows\system32\drivers
2009-12-22 18:30:58 ----D---- C:\Windows\system32\catroot
2009-12-22 18:30:57 ----D---- C:\Windows\system32\DriverStore
2009-12-22 18:30:29 ----HD---- C:\ProgramData
2009-12-22 13:53:08 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-22 13:45:58 ----D---- C:\Windows\system32\catroot2
2009-12-20 17:11:56 ----SD---- C:\Users\zip911\AppData\Roaming\Microsoft
2009-12-20 16:56:59 ----D---- C:\Program Files\Common Files
2009-12-20 16:56:36 ----D---- C:\Program Files\Common Files\InstallShield
2009-12-20 11:54:20 ----D---- C:\Instalace
2009-12-10 06:16:47 ----A---- C:\Windows\system32\MRT.INI
2009-12-10 06:15:11 ----D---- C:\Windows\winsxs
2009-12-06 12:01:56 ----D---- C:\Users\zip911\AppData\Roaming\Ahead
2009-12-06 12:01:56 ----D---- C:\ProgramData\Ahead
2009-12-06 11:39:06 ----D---- C:\Windows\LiveKernelReports
2009-12-01 21:06:19 ----A---- C:\Windows\system32\MRT.exe

#6 Příspěvek od **motji** » 31 pro 2009 16:53

hlavně atapi.sys nemažte, vyměníme ho

Zazálohujte si důležitá data, pro jistotu

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem

zip911 · #7 Příspěvek od **zip911** » 01 led 2010 16:57

Zdravím,

tady je log z ComboFixu....

ComboFix 09-12-31.A1 - zip911 01.01.2010 16:41:49.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2046.1411 [GMT 1:00]
Spuštěný z: c:\users\zip911\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-01 do 2010-01-01 )))))))))))))))))))))))))))))))
.

2010-01-01 15:45 . 2010-01-01 15:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-30 11:47 . 2009-12-30 11:47 -------- d-----w- c:\program files\CCleaner
2009-12-30 11:33 . 2009-12-31 11:57 -------- d-----w- c:\program files\trend micro
2009-12-30 11:33 . 2009-12-30 11:33 -------- d-----w- C:\rsit
2009-12-27 10:08 . 2009-12-27 10:08 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-25 20:18 . 2009-12-25 20:18 -------- d-----w- C:\Games
2009-12-22 20:46 . 2009-12-22 20:46 87137 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{F70387A5-E8F1-045C-E250-D8F1F9716B32}-uninstall.exe
2009-12-22 18:36 . 2009-12-22 18:36 -------- d-----w- c:\users\zip911\AppData\Roaming\TeamViewer
2009-12-22 18:35 . 2009-12-22 18:35 -------- d-----w- c:\program files\TeamViewer
2009-12-22 18:35 . 2009-12-22 18:35 -------- d-----w- c:\users\zip911\temp
2009-12-22 17:30 . 2009-12-22 17:30 -------- d-----w- c:\programdata\Saitek
2009-12-22 17:30 . 2009-12-22 17:30 -------- d-----w- c:\program files\Saitek
2009-12-22 12:46 . 2009-12-25 15:34 -------- d-----w- C:\IL-2 Sturmovik 1946
2009-12-20 15:57 . 2001-05-04 16:05 505104 ----a-r- c:\windows\system32\msxml.dll
2009-12-20 15:57 . 2002-10-17 15:35 26096 ----a-r- c:\windows\system32\xmlinst.exe
2009-12-20 15:57 . 2002-01-07 21:30 24576 ----a-r- c:\windows\system32\msxml3a.dll
2009-12-20 15:57 . 2001-05-04 16:05 28432 ----a-r- c:\windows\system32\msxmlr.dll
2009-12-20 15:57 . 2000-03-17 13:21 36864 ----a-r- c:\windows\system32\xmlparse.dll
2009-12-20 15:57 . 2000-03-17 13:21 69632 ----a-r- c:\windows\system32\xmltok.dll
2009-12-20 15:57 . 1998-06-18 05:00 89360 ----a-r- c:\windows\system32\VB5DB.DLL
2009-12-20 15:57 . 2009-12-20 15:57 -------- d-----w- c:\users\zip911\AppData\Roaming\ubi.com
2009-12-20 15:57 . 2001-07-30 17:03 185344 ----a-w- c:\windows\patchw32.dll
2009-12-20 15:56 . 2009-12-20 15:56 -------- d-----w- c:\program files\Common Files\PocketSoft
2009-12-20 10:54 . 2009-12-22 09:46 -------- d-----w- c:\programdata\Xfire
2009-12-20 10:54 . 2009-12-30 23:32 -------- d-----w- c:\users\zip911\AppData\Roaming\Xfire
2009-12-20 10:47 . 2009-12-20 10:47 -------- d-----w- c:\users\zip911\AppData\Roaming\teamspeak2
2009-12-19 11:16 . 2009-12-19 11:16 -------- d-----w- c:\program files\ESET
2009-12-11 17:24 . 2009-12-11 17:31 -------- d-----w- c:\users\zip911\AppData\Roaming\DAEMON Tools Lite
2009-12-11 17:24 . 2009-12-11 17:24 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-12-05 13:39 . 2009-12-05 13:59 -------- d-----w- c:\programdata\DVD Shrink
2009-12-05 13:39 . 2009-12-05 13:39 -------- d-----w- c:\program files\DVD Shrink
2009-12-05 13:25 . 2009-12-05 13:30 -------- d-----w- c:\users\zip911\AppData\Roaming\BSplayer PRO
2009-12-05 13:25 . 2009-12-05 13:31 -------- d-----w- c:\program files\Webteh

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 15:31 . 2009-07-14 08:44 622422 ----a-w- c:\windows\system32\perfh005.dat
2010-01-01 15:31 . 2009-07-14 08:44 118604 ----a-w- c:\windows\system32\perfc005.dat
2009-12-22 12:53 . 2009-10-24 17:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-20 15:56 . 2009-10-24 17:18 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-06 11:01 . 2009-11-21 22:00 -------- d-----w- c:\users\zip911\AppData\Roaming\Ahead
2009-12-06 11:01 . 2009-11-21 22:00 -------- d-----w- c:\programdata\Ahead
2009-11-30 19:33 . 2009-11-30 19:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-22 12:45 . 2009-11-21 20:20 -------- d-----w- c:\program files\Call of Duty Modern Warfare 2
2009-11-22 09:39 . 2009-11-22 09:39 -------- d-----w- c:\program files\MSXML 4.0
2009-11-21 22:00 . 2009-11-21 21:59 -------- d-----w- c:\program files\Common Files\Ahead
2009-11-21 21:59 . 2009-11-21 21:59 -------- d-----w- c:\programdata\Nero
2009-11-21 21:59 . 2009-11-21 21:59 -------- d-----w- c:\program files\Nero
2009-11-21 21:48 . 2009-10-31 13:28 63872 ----a-w- c:\users\zip911\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-21 20:47 . 2009-11-21 20:47 -------- d-----w- c:\users\zip911\AppData\Roaming\GHISLER
2009-11-20 14:21 . 2009-11-20 14:21 -------- d-----w- c:\users\zip911\AppData\Roaming\VitySoft
2009-11-20 14:20 . 2009-11-20 14:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-20 14:20 . 2009-11-20 14:20 -------- d-----w- c:\program files\Java
2009-11-16 08:06 . 2009-11-16 08:06 95896 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2009-11-16 08:03 . 2009-11-16 08:03 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-11-16 07:56 . 2009-11-16 07:56 116520 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-11-15 21:29 . 2009-11-15 21:29 1002096 ----a-w- c:\programdata\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe
2009-11-13 16:49 . 2009-11-13 16:49 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-08 19:47 . 2009-11-08 19:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-06 21:35 . 2009-11-06 21:34 -------- d-----w- c:\users\zip911\AppData\Roaming\Zoner
2009-11-06 21:34 . 2009-11-06 21:34 -------- d-----w- c:\program files\Zoner
2009-11-06 19:04 . 2009-11-06 19:04 0 ----a-w- c:\windows\nsreg.dat
2009-11-06 19:04 . 2009-11-06 19:04 -------- d-----w- c:\users\zip911\AppData\Roaming\Thunderbird
2009-11-06 19:04 . 2009-11-06 19:04 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-11-06 18:58 . 2009-11-06 18:58 -------- d-----w- c:\program files\Microsoft.NET
2009-11-02 19:42 . 2009-10-24 00:23 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:22 . 2009-11-26 22:16 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 18:00 . 2009-10-30 21:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2009-07-14 01:26 . 1B650281599524CBCD30FD93BC6AA9E3 . 21584 . . [------] . . c:\windows\System32\drivers\atapi.sys
[7] 2009-07-14 . 338C86357871C167A96AB976519BF59E . 21584 . . [6.1.7600.16385] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-10-30 122880]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-20 149280]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 237568]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [16.11.2009 9:03 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [16.11.2009 9:04 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [16.11.2009 9:06 95896]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [24.10.2009 18:24 222968]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [17.12.2009 17:04 185640]
S3 SaiH0464;SaiH0464;c:\windows\System32\drivers\SaiH0464.sys [1.5.2007 15:37 132232]
S3 yukonw7;Ovladač NDIS6.2 Miniport pro řadič Marvell Yukon Ethernet Controller;c:\windows\System32\drivers\yk62x86.sys [13.7.2009 23:02 311296]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-01-01 16:46:29
ComboFix-quarantined-files.txt 2010-01-01 15:46

Před spuštěním: Volných bajtů: 61 103 931 392
Po spuštění: Volných bajtů: 61 044 576 256

- - End Of File - - 209B41C315AA4ADC9368C4F2E1BA8A3C

#8 Příspěvek od **motji** » 01 led 2010 18:55

Stáhněte SystemLook
http://jpshortstuff.247fixes.com/SystemLook.exe

-uložte ho na plochu a spustte.
-do okénka zkopírujte

Kód: Vybrat vše

:filefind
atapi.sys

-klikněte na Look, proběhne sken, na konci se zobrazí log, jehož obsah zkopírujete sem

zip911 · #9 Příspěvek od **zip911** » 01 led 2010 19:12

..tady je log z SystemLook.....

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 19:10 on 01/01/2010 by zip911 (Administrator - Elevation successful)

========== filefind ==========

Searching for "atapi.sys"
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys --a--- 21584 bytes [23:11 13/07/2009] [01:26 14/07/2009] 338C86357871C167A96AB976519BF59E
C:\Windows\System32\drivers\atapi.sys --a--- 21584 bytes [23:11 13/07/2009] [01:26 14/07/2009] (Unable to calculate MD5)
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys --a--- 21584 bytes [23:11 13/07/2009] [01:26 14/07/2009] 338C86357871C167A96AB976519BF59E

-=End Of File=-

#10 Příspěvek od **motji** » 01 led 2010 20:39

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše


FCOPY::
c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys | c:\windows\System32\drivers\atapi.sys

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

zip911 · #11 Příspěvek od **zip911** » 01 led 2010 20:59

...tady je další log z combofix...

ComboFix 09-12-31.A1 - zip911 01.01.2010 20:46:42.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2046.1285 [GMT 1:00]
Spuštěný z: c:\users\zip911\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\zip911\Desktop\CFScript.txt
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys --> c:\windows\System32\drivers\atapi.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-01 do 2010-01-01 )))))))))))))))))))))))))))))))
.

2010-01-01 19:50 . 2010-01-01 19:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-01 19:50 . 2010-01-01 19:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-01 15:55 . 2010-01-01 15:55 -------- d-----w- c:\users\zip911\AppData\Local\ElevatedDiagnostics
2009-12-30 11:47 . 2009-12-30 11:47 -------- d-----w- c:\program files\CCleaner
2009-12-30 11:33 . 2009-12-31 11:57 -------- d-----w- c:\program files\trend micro
2009-12-30 11:33 . 2009-12-30 11:33 -------- d-----w- C:\rsit
2009-12-27 10:08 . 2009-12-27 10:08 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-25 20:18 . 2009-12-25 20:18 -------- d-----w- C:\Games
2009-12-22 20:46 . 2009-12-22 20:46 87137 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{F70387A5-E8F1-045C-E250-D8F1F9716B32}-uninstall.exe
2009-12-22 18:36 . 2009-12-22 18:36 -------- d-----w- c:\users\zip911\AppData\Roaming\TeamViewer
2009-12-22 18:35 . 2009-12-22 18:35 -------- d-----w- c:\program files\TeamViewer
2009-12-22 18:35 . 2009-12-22 18:35 -------- d-----w- c:\users\zip911\temp
2009-12-22 17:30 . 2009-12-22 17:30 -------- d-----w- c:\programdata\Saitek
2009-12-22 17:30 . 2009-12-22 17:30 -------- d-----w- c:\program files\Saitek
2009-12-22 12:46 . 2009-12-25 15:34 -------- d-----w- C:\IL-2 Sturmovik 1946
2009-12-20 15:57 . 2001-05-04 16:05 505104 ----a-r- c:\windows\system32\msxml.dll
2009-12-20 15:57 . 2002-10-17 15:35 26096 ----a-r- c:\windows\system32\xmlinst.exe
2009-12-20 15:57 . 2002-01-07 21:30 24576 ----a-r- c:\windows\system32\msxml3a.dll
2009-12-20 15:57 . 2001-05-04 16:05 28432 ----a-r- c:\windows\system32\msxmlr.dll
2009-12-20 15:57 . 2000-03-17 13:21 36864 ----a-r- c:\windows\system32\xmlparse.dll
2009-12-20 15:57 . 2000-03-17 13:21 69632 ----a-r- c:\windows\system32\xmltok.dll
2009-12-20 15:57 . 1998-06-18 05:00 89360 ----a-r- c:\windows\system32\VB5DB.DLL
2009-12-20 15:57 . 2009-12-20 15:57 -------- d-----w- c:\users\zip911\AppData\Roaming\ubi.com
2009-12-20 15:57 . 2001-07-30 17:03 185344 ----a-w- c:\windows\patchw32.dll
2009-12-20 15:56 . 2009-12-20 15:56 -------- d-----w- c:\program files\Common Files\PocketSoft
2009-12-20 10:54 . 2009-12-22 09:46 -------- d-----w- c:\programdata\Xfire
2009-12-20 10:54 . 2009-12-30 23:32 -------- d-----w- c:\users\zip911\AppData\Roaming\Xfire
2009-12-20 10:47 . 2009-12-20 10:47 -------- d-----w- c:\users\zip911\AppData\Roaming\teamspeak2
2009-12-19 11:16 . 2009-12-19 11:16 -------- d-----w- c:\program files\ESET
2009-12-11 17:24 . 2009-12-11 17:31 -------- d-----w- c:\users\zip911\AppData\Roaming\DAEMON Tools Lite
2009-12-11 17:24 . 2009-12-11 17:24 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-12-05 13:39 . 2009-12-05 13:59 -------- d-----w- c:\programdata\DVD Shrink
2009-12-05 13:39 . 2009-12-05 13:39 -------- d-----w- c:\program files\DVD Shrink
2009-12-05 13:25 . 2009-12-05 13:30 -------- d-----w- c:\users\zip911\AppData\Roaming\BSplayer PRO
2009-12-05 13:25 . 2009-12-05 13:31 -------- d-----w- c:\program files\Webteh

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 15:31 . 2009-07-14 08:44 622422 ----a-w- c:\windows\system32\perfh005.dat
2010-01-01 15:31 . 2009-07-14 08:44 118604 ----a-w- c:\windows\system32\perfc005.dat
2009-12-22 12:53 . 2009-10-24 17:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-20 15:56 . 2009-10-24 17:18 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-06 11:01 . 2009-11-21 22:00 -------- d-----w- c:\users\zip911\AppData\Roaming\Ahead
2009-12-06 11:01 . 2009-11-21 22:00 -------- d-----w- c:\programdata\Ahead
2009-11-30 19:33 . 2009-11-30 19:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-22 12:45 . 2009-11-21 20:20 -------- d-----w- c:\program files\Call of Duty Modern Warfare 2
2009-11-22 09:39 . 2009-11-22 09:39 -------- d-----w- c:\program files\MSXML 4.0
2009-11-21 22:00 . 2009-11-21 21:59 -------- d-----w- c:\program files\Common Files\Ahead
2009-11-21 21:59 . 2009-11-21 21:59 -------- d-----w- c:\programdata\Nero
2009-11-21 21:59 . 2009-11-21 21:59 -------- d-----w- c:\program files\Nero
2009-11-21 21:48 . 2009-10-31 13:28 63872 ----a-w- c:\users\zip911\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-21 20:47 . 2009-11-21 20:47 -------- d-----w- c:\users\zip911\AppData\Roaming\GHISLER
2009-11-20 14:21 . 2009-11-20 14:21 -------- d-----w- c:\users\zip911\AppData\Roaming\VitySoft
2009-11-20 14:20 . 2009-11-20 14:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-20 14:20 . 2009-11-20 14:20 -------- d-----w- c:\program files\Java
2009-11-16 08:06 . 2009-11-16 08:06 95896 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2009-11-16 08:03 . 2009-11-16 08:03 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-11-16 07:56 . 2009-11-16 07:56 116520 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-11-15 21:29 . 2009-11-15 21:29 1002096 ----a-w- c:\programdata\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe
2009-11-13 16:49 . 2009-11-13 16:49 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-08 19:47 . 2009-11-08 19:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-06 21:35 . 2009-11-06 21:34 -------- d-----w- c:\users\zip911\AppData\Roaming\Zoner
2009-11-06 21:34 . 2009-11-06 21:34 -------- d-----w- c:\program files\Zoner
2009-11-06 19:04 . 2009-11-06 19:04 0 ----a-w- c:\windows\nsreg.dat
2009-11-06 19:04 . 2009-11-06 19:04 -------- d-----w- c:\users\zip911\AppData\Roaming\Thunderbird
2009-11-06 19:04 . 2009-11-06 19:04 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-11-06 18:58 . 2009-11-06 18:58 -------- d-----w- c:\program files\Microsoft.NET
2009-11-02 19:42 . 2009-10-24 00:23 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:22 . 2009-11-26 22:16 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 18:00 . 2009-10-30 21:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-10-30 122880]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-20 149280]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 237568]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [16.11.2009 9:03 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [16.11.2009 9:04 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [16.11.2009 9:06 95896]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [24.10.2009 18:24 222968]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [17.12.2009 17:04 185640]
R3 yukonw7;Ovladač NDIS6.2 Miniport pro řadič Marvell Yukon Ethernet Controller;c:\windows\System32\drivers\yk62x86.sys [13.7.2009 23:02 311296]
S3 SaiH0464;SaiH0464;c:\windows\System32\drivers\SaiH0464.sys [1.5.2007 15:37 132232]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-01-01 20:51:43
ComboFix-quarantined-files.txt 2010-01-01 19:51
ComboFix2.txt 2010-01-01 15:46

Před spuštěním: Volných bajtů: 60 602 982 400
Po spuštění: Volných bajtů: 60 542 578 688

- - End Of File - - DD05172D15E905A1ED1C83A3B9130740

#12 Příspěvek od **motji** » 01 led 2010 21:10

Ještě nod něco hlásí? Poprosím o nový log z gmeru

zip911 · #13 Příspěvek od **zip911** » 01 led 2010 21:22

..když jsem dělal poslední log z conbofix, tak okno s napadeným souborem ještě vyskočilo. To bylo zatím naposledy co NOD vyhodil tuto hlášku.

1.log z GMER.....

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-01 21:12:23
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\zip911\AppData\Local\Temp\fxldqpog.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

---- Threads - GMER 1.0.15 ----

Thread System [4:248] 86545930

---- EOF - GMER 1.0.15 ----

zip911 · #14 Příspěvek od **zip911** » 01 led 2010 21:25

první polovina z 2. log z GMER...

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-01 21:18:04
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\zip911\AppData\Local\Temp\fxldqpog.sys

---- System - GMER 1.0.15 ----

INT 0x01 ? 96F0B2A4
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342DAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342D104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342D3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 834162D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83415898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342D1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342D958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342D6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342DF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342E1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83046579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8306AF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 950A3C9D 28 Bytes [C4, A9, 43, 98, 70, E2, 61, ...]
.text peauth.sys 950A3CC1 28 Bytes [C4, A9, 43, 98, 70, E2, 61, ...]
? C:\Users\zip911\AppData\Local\Temp\catchme.sys Systém nemůže nalézt uvedený soubor. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1764] kernel32.dll!SetUnhandledExceptionFilter 75B03142 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] USER32.dll!CreateDialogParamW 76339BFF 5 Bytes JMP 6DDEC2C8 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] USER32.dll!EnableWindow 7633A72E 5 Bytes JMP 6DDEC243 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] USER32.dll!GetAsyncKeyState 7633C09A 5 Bytes JMP 6DDAD6D1 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] USER32.dll!UnhookWindowsHookEx 7633CC7B 5 Bytes JMP 6DEA7E18 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] USER32.dll!CallNextHookEx 7633CC8F 5 Bytes JMP 6DE894EC C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] USER32.dll!CreateWindowExW 76340E51 5 Bytes JMP 6DE97AA7 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] USER32.dll!SetWindowsHookExW 7634210A 5 Bytes JMP 6DE44243 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] USER32.dll!GetKeyState 76344FDA 5 Bytes JMP 6DDED47E C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] USER32.dll!IsDialogMessageW 76346F06 5 Bytes JMP 6DDB3FE8 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] USER32.dll!CreateDialogParamA 76353E79 5 Bytes JMP 6DFE61B3 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] USER32.dll!IsDialogMessage 7635407A 5 Bytes JMP 6DFE5BBF C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] USER32.dll!CreateDialogIndirectParamA 76359110 5 Bytes JMP 6DFE61EA C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] USER32.dll!CreateDialogIndirectParamW 763608AD 5 Bytes JMP 6DFE6221 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] USER32.dll!DialogBoxIndirectParamW 76364AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] USER32.dll!DialogBoxIndirectParamW 76364AA7 5 Bytes JMP 6DFE58AB C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] USER32.dll!EndDialog 7636555C 5 Bytes JMP 6DDB5873 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] USER32.dll!DialogBoxParamW 7636564A 5 Bytes JMP 6DDB490B C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] USER32.dll!SetKeyboardState 76366B52 5 Bytes JMP 6DFE5F24 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] USER32.dll!SendInput 76367055 5 Bytes JMP 6DFE68A0 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] USER32.dll!DialogBoxParamA 7637CF6A 5 Bytes JMP 6DFE5848 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] USER32.dll!DialogBoxIndirectParamA 7637D29C 5 Bytes JMP 6DFE590E C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] USER32.dll!MessageBoxIndirectA 7638E8C9 5 Bytes JMP 6DFE57DD C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] USER32.dll!MessageBoxIndirectW 7638E9C3 5 Bytes JMP 6DFE5772 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] USER32.dll!MessageBoxExA 7638EA29 5 Bytes JMP 6DFE5710 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] USER32.dll!MessageBoxExW 7638EA4D 5 Bytes JMP 6DFE56AE C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] USER32.dll!keybd_event 7638EC9B 5 Bytes JMP 6DFE6AD3 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] SHELL32.dll!SHChangeNotification_Lock + 45BE 7673B3D8 4 Bytes [11, 36, 66, 71]
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] SHELL32.dll!SHChangeNotification_Lock + 45C6 7673B3E0 8 Bytes [5F, 35, 66, 71, D0, 73, 65, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] ole32.dll!OleLoadFromStream 761D5B88 5 Bytes JMP 6DFE5B74 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1836] ole32.dll!CoCreateInstance 762257FC 5 Bytes JMP 6DE98595 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Instalace\Xfire\xfire.exe[2800] kernel32.dll!CreateProcessA 75AB2062 5 Bytes JMP 059DBD2B C:\Instalace\Xfire\xfire_toucan_40405.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Instalace\Xfire\xfire.exe[2800] kernel32.dll!CreateThread 75B027FD 5 Bytes JMP 059DB6CF C:\Instalace\Xfire\xfire_toucan_40405.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Instalace\Xfire\xfire.exe[2800] GDI32.dll!BitBlt 75EA7180 5 Bytes JMP 059DB147 C:\Instalace\Xfire\xfire_toucan_40405.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Instalace\Xfire\xfire.exe[2800] USER32.dll!InvalidateRgn 76338099 5 Bytes JMP 059DB32D C:\Instalace\Xfire\xfire_toucan_40405.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Instalace\Xfire\xfire.exe[2800] USER32.dll!CreateDialogParamW 76339BFF 5 Bytes JMP 059DB81A C:\Instalace\Xfire\xfire_toucan_40405.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Instalace\Xfire\xfire.exe[2800] USER32.dll!GetCursorPos 7633C198 5 Bytes JMP 059DB463 C:\Instalace\Xfire\xfire_toucan_40405.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Instalace\Xfire\xfire.exe[2800] USER32.dll!SetFocus 7633CBA9 5 Bytes JMP 059DB1F7 C:\Instalace\Xfire\xfire_toucan_40405.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Instalace\Xfire\xfire.exe[2800] USER32.dll!SetForegroundWindow 7633D3AE 5 Bytes JMP 059DB968 C:\Instalace\Xfire\xfire_toucan_40405.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Instalace\Xfire\xfire.exe[2800] USER32.dll!RegisterClassA 7633E225 5 Bytes JMP 059DB637 C:\Instalace\Xfire\xfire_toucan_40405.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Instalace\Xfire\xfire.exe[2800] USER32.dll!CreateWindowExW 76340E51 5 Bytes JMP 059DBA00 C:\Instalace\Xfire\xfire_toucan_40405.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Instalace\Xfire\xfire.exe[2800] USER32.dll!SetWindowPos 76343581 5 Bytes JMP 059DB8BE C:\Instalace\Xfire\xfire_toucan_40405.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Instalace\Xfire\xfire.exe[2800] USER32.dll!RedrawWindow 763452A2 5 Bytes JMP 059DB596 C:\Instalace\Xfire\xfire_toucan_40405.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Instalace\Xfire\xfire.exe[2800] USER32.dll!IsWindowVisible 76346939 7 Bytes JMP 059DBAB9 C:\Instalace\Xfire\xfire_toucan_40405.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Instalace\Xfire\xfire.exe[2800] USER32.dll!GetDC 76347041 5 Bytes JMP 059DB018 C:\Instalace\Xfire\xfire_toucan_40405.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Instalace\Xfire\xfire.exe[2800] USER32.dll!ReleaseDC 76347055 5 Bytes JMP 059DB0AC C:\Instalace\Xfire\xfire_toucan_40405.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Instalace\Xfire\xfire.exe[2800] USER32.dll!BeginPaint 76347B87 5 Bytes JMP 059DAF84 C:\Instalace\Xfire\xfire_toucan_40405.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Instalace\Xfire\xfire.exe[2800] USER32.dll!InvalidateRect 76347BC9 5 Bytes JMP 059DB28F C:\Instalace\Xfire\xfire_toucan_40405.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Instalace\Xfire\xfire.exe[2800] USER32.dll!TrackPopupMenu 76364B3B 5 Bytes JMP 059DBC81 C:\Instalace\Xfire\xfire_toucan_40405.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Instalace\Xfire\xfire.exe[2800] USER32.dll!DialogBoxParamW 7636564A 5 Bytes JMP 059DB776 C:\Instalace\Xfire\xfire_toucan_40405.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Instalace\Xfire\xfire.exe[2800] USER32.dll!SetCapture 76366B2A 5 Bytes JMP 059DB3CB C:\Instalace\Xfire\xfire_toucan_40405.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Instalace\Xfire\xfire.exe[2800] USER32.dll!WindowFromPoint 76366D0C 5 Bytes JMP 059DB4FB C:\Instalace\Xfire\xfire_toucan_40405.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!CreateWindowExW 76340E51 5 Bytes JMP 6DE97AA7 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!DialogBoxIndirectParamW 76364AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!DialogBoxIndirectParamW 76364AA7 5 Bytes JMP 6DFE58AB C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!DialogBoxParamW 7636564A 5 Bytes JMP 6DDB490B C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!DialogBoxParamA 7637CF6A 5 Bytes JMP 6DFE5848 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!DialogBoxIndirectParamA 7637D29C 5 Bytes JMP 6DFE590E C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!MessageBoxIndirectA 7638E8C9 5 Bytes JMP 6DFE57DD C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!MessageBoxIndirectW 7638E9C3 5 Bytes JMP 6DFE5772 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!MessageBoxExA 7638EA29 5 Bytes JMP 6DFE5710 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!MessageBoxExW 7638EA4D 5 Bytes JMP 6DFE56AE C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] ole32.dll!OleLoadFromStream 761D5B88 5 Bytes JMP 6DFE5B74 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!CreateDialogParamW 76339BFF 5 Bytes JMP 6DDEC2C8 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!EnableWindow 7633A72E 5 Bytes JMP 6DDEC243 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!GetAsyncKeyState 7633C09A 5 Bytes JMP 6DDAD6D1 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!UnhookWindowsHookEx 7633CC7B 5 Bytes JMP 6DEA7E18 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!CallNextHookEx 7633CC8F 5 Bytes JMP 6DE894EC C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!CreateWindowExW 76340E51 5 Bytes JMP 6DE97AA7 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!SetWindowsHookExW 7634210A 5 Bytes JMP 6DE44243 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!GetKeyState 76344FDA 5 Bytes JMP 6DDED47E C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!IsDialogMessageW 76346F06 5 Bytes JMP 6DDB3FE8 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!CreateDialogParamA 76353E79 5 Bytes JMP 6DFE61B3 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!IsDialogMessage 7635407A 5 Bytes JMP 6DFE5BBF C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!CreateDialogIndirectParamA 76359110 5 Bytes JMP 6DFE61EA C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!CreateDialogIndirectParamW 763608AD 5 Bytes JMP 6DFE6221 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!DialogBoxIndirectParamW 76364AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!DialogBoxIndirectParamW 76364AA7 5 Bytes JMP 6DFE58AB C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!EndDialog 7636555C 5 Bytes JMP 6DDB5873 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!DialogBoxParamW 7636564A 5 Bytes JMP 6DDB490B C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!SetKeyboardState 76366B52 5 Bytes JMP 6DFE5F24 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!SendInput 76367055 5 Bytes JMP 6DFE68A0 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!DialogBoxParamA 7637CF6A 5 Bytes JMP 6DFE5848 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!DialogBoxIndirectParamA 7637D29C 5 Bytes JMP 6DFE590E C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!MessageBoxIndirectA 7638E8C9 5 Bytes JMP 6DFE57DD C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!MessageBoxIndirectW 7638E9C3 5 Bytes JMP 6DFE5772 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!MessageBoxExA 7638EA29 5 Bytes JMP 6DFE5710 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!MessageBoxExW 7638EA4D 5 Bytes JMP 6DFE56AE C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!keybd_event 7638EC9B 5 Bytes JMP 6DFE6AD3 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] SHELL32.dll!SHChangeNotification_Lock + 45BE 7673B3D8 4 Bytes [11, 36, 66, 71]
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] SHELL32.dll!SHChangeNotification_Lock + 45C6 7673B3E0 8 Bytes [5F, 35, 66, 71, D0, 73, 65, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] ole32.dll!OleLoadFromStream 761D5B88 5 Bytes JMP 6DFE5B74 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] ole32.dll!CoCreateInstance 762257FC 5 Bytes JMP 6DE98595 C:\Windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)

#15 Příspěvek od **motji** » 01 led 2010 21:26

Pokud to bylo jak ho mazal, tak je to možné

, ale ted už by to mělo být ok

VIRY.CZ

Jeden log - vir OLMARIK asi to má na svědomí DAEMON

Jeden log - vir OLMARIK asi to má na svědomí DAEMON

Re: Jeden log - vir OLMARIK asi to má na svědomí DAEMON

Re: Jeden log - vir OLMARIK asi to má na svědomí DAEMON

Re: Jeden log - vir OLMARIK asi to má na svědomí DAEMON

Re: Jeden log - vir OLMARIK asi to má na svědomí DAEMON

Re: Jeden log - vir OLMARIK asi to má na svědomí DAEMON

Re: Jeden log - vir OLMARIK asi to má na svědomí DAEMON

Re: Jeden log - vir OLMARIK asi to má na svědomí DAEMON

Re: Jeden log - vir OLMARIK asi to má na svědomí DAEMON

Re: Jeden log - vir OLMARIK asi to má na svědomí DAEMON

Re: Jeden log - vir OLMARIK asi to má na svědomí DAEMON

Re: Jeden log - vir OLMARIK asi to má na svědomí DAEMON

Re: Jeden log - vir OLMARIK asi to má na svědomí DAEMON

Re: Jeden log - vir OLMARIK asi to má na svědomí DAEMON

Re: Jeden log - vir OLMARIK asi to má na svědomí DAEMON