U tohoto příspěvku je ve foru černá tečka, nevím co to je, asi jsem něco udělal blbě - když mi to vysvětlíte, polepším se.
Dobrý den, prosím o kontrolu logu z gmeru, popř. o radu jak postupovat s následujícím problémem.
Zhruba po 20ti minutách zmizí u ikon na ploše písmo, nebo je rozmazané. Následně se místo ikon a ostatních hlášek při ukončení otevřených programu zobrazují jen bílé obdélníky. Při vypínání pomocí nabídky start je to stejné - vypínám nebo restartuji jen po paměti. Na příkaz vypnutí nebo restart to stejně nereaguje a musím to vypnout vypínačem na tvrdo.
Hijackthis je čistý, stejně tak mwav. Avast nenalézá nic, stejně tak spyware doctor i spyware terminator.
Dík za pomoc
log1:
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2010-01-20 09:47:13
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xB9E6D4FE]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xB9E78CB0]
---- Devices - GMER 1.0.15 ----
Device 89DCB1F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- Modules - GMER 1.0.15 ----
Module _________ B9DCF000-B9DE7000 (98304 bytes)
---- EOF - GMER 1.0.15 ----
log.2:
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2010-01-20 13:39:10
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAB4C56B8]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwCreateKey [0xB9D6782E]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xB9E6CC70]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9D81282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9D81474]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwDeleteKey [0xB9D6853A]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwDeleteValueKey [0xB9D67F4E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAB4C514C]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xB9E6D4FE]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xB9E78CB0]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwOpenKey [0xB9D67ACC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAB4C508C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAB4C50F0]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xB9E6D51E]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwQueryValueKey [0xB9D67D52]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9D93422]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAB4C572E]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xB9E78450]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwSetValueKey [0xB9D682CA]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB9D80F32]
INT 0x63 ? 89D5DBF8
INT 0x63 ? 89D5DBF8
INT 0x63 ? 89D5DBF8
INT 0x63 ? 89D5DBF8
INT 0x63 ? 89AF0BF8
INT 0x63 ? 89D5DBF8
INT 0x83 ? 89D5DBF8
INT 0x83 ? 89D5DBF8
INT 0x83 ? 89AF0BF8
INT 0x83 ? 89D5DBF8
INT 0x84 ? 89AF0BF8
INT 0xA4 ? 89AF0BF8
INT 0xA4 ? 89AF0BF8
INT 0xA4 ? 89AF0BF8
INT 0xA4 ? 89AF0BF8
INT 0xB4 ? 89AF0BF8
---- Kernel code sections - GMER 1.0.15 ----
? speo.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload B907B8AC 5 Bytes JMP 89AF01D8
.text awz6t687.SYS B8F71384 1 Byte [20]
.text awz6t687.SYS B8F71384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text awz6t687.SYS B8F713AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text awz6t687.SYS B8F713C4 3 Bytes [00, 00, 00]
.text awz6t687.SYS B8F713C9 1 Byte [00]
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EBBD92] speo.sys
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[908] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[908] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
---- Devices - GMER 1.0.15 ----
Device 89DCB1F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBPDO-0 89AEE1F8
Device \Driver\sptd \Device\1074650142 speo.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89DCD1F8
Device \Driver\dmio \Device\DmControl\DmConfig 89DCD1F8
Device \Driver\dmio \Device\DmControl\DmPnP 89DCD1F8
Device \Driver\dmio \Device\DmControl\DmInfo 89DCD1F8
Device \Driver\usbuhci \Device\USBPDO-1 89AEE1F8
Device \Driver\usbuhci \Device\USBPDO-2 89AEE1F8
Device \Driver\usbehci \Device\USBPDO-3 89AC6500
Device \Driver\usbuhci \Device\USBPDO-4 89AEE1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{339E23C4-64DB-4036-9C25-4DBE3B205913} 897C9500
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBPDO-5 89AEE1F8
Device \Driver\usbuhci \Device\USBPDO-6 89AEE1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 89D5E1F8
Device \Driver\usbehci \Device\USBPDO-7 89AC6500
Device \Driver\Cdrom \Device\CdRom0 89754220
Device \FileSystem\Rdbss \Device\FsWrap 89B88678
Device \Driver\Cdrom \Device\CdRom1 89754220
Device \Driver\atapi \Device\Ide\IdePort0 8976D3C8
Device \Driver\atapi \Device\Ide\IdePort1 8976D3C8
Device \Driver\atapi \Device\Ide\IdePort2 8976D3C8
Device \Driver\atapi \Device\Ide\IdePort3 8976D3C8
Device \Driver\atapi \Device\Ide\IdePort4 8976D3C8
Device \Driver\atapi \Device\Ide\IdePort5 8976D3C8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-14 8976D3C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 8976D3C8
Device \Driver\Cdrom \Device\CdRom2 89754220
Device \Driver\Cdrom \Device\CdRom3 89754220
Device \Driver\Cdrom \Device\CdRom4 89754220
Device \Driver\Cdrom \Device\CdRom5 89754220
Device \Driver\NetBT \Device\NetBt_Wins_Export 897C9500
Device \Driver\Cdrom \Device\CdRom6 89754220
Device \Driver\NetBT \Device\NetbiosSmb 897C9500
Device \FileSystem\Srv \Device\LanmanServer 88B828C0
Device \Driver\PCI_PNP3892 \Device\0000004f speo.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBFDO-0 89AEE1F8
Device \Driver\usbuhci \Device\USBFDO-1 89AEE1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88BF9500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89BBAFB0
Device \Driver\usbuhci \Device\USBFDO-2 89AEE1F8
Device 88BF9500
Device 89BBAFB0
Device \Driver\usbehci \Device\USBFDO-3 89AC6500
Device \FileSystem\Npfs \Device\NamedPipe 89C46120
Device \Driver\usbuhci \Device\USBFDO-4 89AEE1F8
Device \Driver\Ftdisk \Device\FtControl 89D5E1F8
Device \FileSystem\Msfs \Device\Mailslot 899CDF70
Device \Driver\usbuhci \Device\USBFDO-5 89AEE1F8
Device \Driver\usbuhci \Device\USBFDO-6 89AEE1F8
Device \Driver\usbehci \Device\USBFDO-7 89AC6500
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target5Lun0 89085460
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target3Lun0 89085460
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target0Lun0 89085460
Device \Driver\vax347s \Device\Scsi\vax347s1 89DCC1F8
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target4Lun0 89085460
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target2Lun0 89085460
Device \Driver\awz6t687 \Device\Scsi\awz6t6871 89085460
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target1Lun0 89085460
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 89B9B2A8
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 89B9B2A8
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 89B9B2A8
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 89B9B2A8
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 89B9B2A8
Device 89AB0FB0
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
---- Modules - GMER 1.0.15 ----
Module _________ B9DCF000-B9DE7000 (98304 bytes)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9C 0x18 0x4E 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xB7 0x2D 0xAE 0xDB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x12 0x46 0xF6 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xCC 0x74 0x25 0xD6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x26 0x6D 0x13 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x79 0xD2 0xF6 0x4E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0x95 0xA5 0x76 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0xC2 0xAF 0x41 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg41@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg42
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg42@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg43
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg43@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg43@ljej40 0xBB 0x2B 0x02 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg44
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg44@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg44@ljej40 0xBB 0x2B 0x02 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg45
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg45@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg45@ljej40 0xB8 0x2B 0x02 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9C 0x18 0x4E 0x0D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xB7 0x2D 0xAE 0xDB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x12 0x46 0xF6 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xCC 0x74 0x25 0xD6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x26 0x6D 0x13 0x6B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x79 0xD2 0xF6 0x4E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0x95 0xA5 0x76 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0xC2 0xAF 0x41 0xA8 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{06CC7CA1-AC59-2353-4175-E60D24B6D141}\InProcServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{06CC7CA1-AC59-2353-4175-E60D24B6D141}\InProcServer32@oacadfciennjnmfnilkmecpjpajllj 0x6B 0x61 0x61 0x70 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{06CC7CA1-AC59-2353-4175-E60D24B6D141}\InProcServer32@nacajeidhhfnmllalgahnakicebm 0x6A 0x61 0x61 0x70 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- EOF - GMER 1.0.15 ----
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
kontrola logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119390
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola logu
Dejte log z ComboFix.
btw: černou tečku najdete u topic, do nichž jste něco psal. Není to vůbec žádný problém.Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola logu
Bublik píše:U tohoto příspěvku je ve foru černá tečka, nevím co to je, asi jsem něco udělal blbě - když mi to vysvětlíte, polepším se.
Dobrý den, prosím o kontrolu logu z gmeru, popř. o radu jak postupovat s následujícím problémem.
Zhruba po 20ti minutách zmizí u ikon na ploše písmo, nebo je rozmazané. Následně se místo ikon a ostatních hlášek při ukončení otevřených programu zobrazují jen bílé obdélníky. Při vypínání pomocí nabídky start je to stejné - vypínám nebo restartuji jen po paměti. Na příkaz vypnutí nebo restart to stejně nereaguje a musím to vypnout vypínačem na tvrdo.
Hijackthis je čistý, stejně tak mwav. Avast nenalézá nic, stejně tak spyware doctor i spyware terminator.
Dík za pomoc
log1:
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2010-01-20 09:47:13
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xB9E6D4FE]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xB9E78CB0]
---- Devices - GMER 1.0.15 ----
Device 89DCB1F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- Modules - GMER 1.0.15 ----
Module _________ B9DCF000-B9DE7000 (98304 bytes)
---- EOF - GMER 1.0.15 ----
log.2:
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2010-01-20 13:39:10
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAB4C56B8]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwCreateKey [0xB9D6782E]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xB9E6CC70]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9D81282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9D81474]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwDeleteKey [0xB9D6853A]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwDeleteValueKey [0xB9D67F4E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAB4C514C]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xB9E6D4FE]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xB9E78CB0]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwOpenKey [0xB9D67ACC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAB4C508C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAB4C50F0]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xB9E6D51E]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwQueryValueKey [0xB9D67D52]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9D93422]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAB4C572E]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xB9E78450]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwSetValueKey [0xB9D682CA]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB9D80F32]
INT 0x63 ? 89D5DBF8
INT 0x63 ? 89D5DBF8
INT 0x63 ? 89D5DBF8
INT 0x63 ? 89D5DBF8
INT 0x63 ? 89AF0BF8
INT 0x63 ? 89D5DBF8
INT 0x83 ? 89D5DBF8
INT 0x83 ? 89D5DBF8
INT 0x83 ? 89AF0BF8
INT 0x83 ? 89D5DBF8
INT 0x84 ? 89AF0BF8
INT 0xA4 ? 89AF0BF8
INT 0xA4 ? 89AF0BF8
INT 0xA4 ? 89AF0BF8
INT 0xA4 ? 89AF0BF8
INT 0xB4 ? 89AF0BF8
---- Kernel code sections - GMER 1.0.15 ----
? speo.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload B907B8AC 5 Bytes JMP 89AF01D8
.text awz6t687.SYS B8F71384 1 Byte [20]
.text awz6t687.SYS B8F71384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text awz6t687.SYS B8F713AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text awz6t687.SYS B8F713C4 3 Bytes [00, 00, 00]
.text awz6t687.SYS B8F713C9 1 Byte [00]
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EBBD92] speo.sys
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[908] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[908] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
---- Devices - GMER 1.0.15 ----
Device 89DCB1F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBPDO-0 89AEE1F8
Device \Driver\sptd \Device\1074650142 speo.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89DCD1F8
Device \Driver\dmio \Device\DmControl\DmConfig 89DCD1F8
Device \Driver\dmio \Device\DmControl\DmPnP 89DCD1F8
Device \Driver\dmio \Device\DmControl\DmInfo 89DCD1F8
Device \Driver\usbuhci \Device\USBPDO-1 89AEE1F8
Device \Driver\usbuhci \Device\USBPDO-2 89AEE1F8
Device \Driver\usbehci \Device\USBPDO-3 89AC6500
Device \Driver\usbuhci \Device\USBPDO-4 89AEE1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{339E23C4-64DB-4036-9C25-4DBE3B205913} 897C9500
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBPDO-5 89AEE1F8
Device \Driver\usbuhci \Device\USBPDO-6 89AEE1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 89D5E1F8
Device \Driver\usbehci \Device\USBPDO-7 89AC6500
Device \Driver\Cdrom \Device\CdRom0 89754220
Device \FileSystem\Rdbss \Device\FsWrap 89B88678
Device \Driver\Cdrom \Device\CdRom1 89754220
Device \Driver\atapi \Device\Ide\IdePort0 8976D3C8
Device \Driver\atapi \Device\Ide\IdePort1 8976D3C8
Device \Driver\atapi \Device\Ide\IdePort2 8976D3C8
Device \Driver\atapi \Device\Ide\IdePort3 8976D3C8
Device \Driver\atapi \Device\Ide\IdePort4 8976D3C8
Device \Driver\atapi \Device\Ide\IdePort5 8976D3C8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-14 8976D3C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 8976D3C8
Device \Driver\Cdrom \Device\CdRom2 89754220
Device \Driver\Cdrom \Device\CdRom3 89754220
Device \Driver\Cdrom \Device\CdRom4 89754220
Device \Driver\Cdrom \Device\CdRom5 89754220
Device \Driver\NetBT \Device\NetBt_Wins_Export 897C9500
Device \Driver\Cdrom \Device\CdRom6 89754220
Device \Driver\NetBT \Device\NetbiosSmb 897C9500
Device \FileSystem\Srv \Device\LanmanServer 88B828C0
Device \Driver\PCI_PNP3892 \Device\0000004f speo.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBFDO-0 89AEE1F8
Device \Driver\usbuhci \Device\USBFDO-1 89AEE1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88BF9500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89BBAFB0
Device \Driver\usbuhci \Device\USBFDO-2 89AEE1F8
Device 88BF9500
Device 89BBAFB0
Device \Driver\usbehci \Device\USBFDO-3 89AC6500
Device \FileSystem\Npfs \Device\NamedPipe 89C46120
Device \Driver\usbuhci \Device\USBFDO-4 89AEE1F8
Device \Driver\Ftdisk \Device\FtControl 89D5E1F8
Device \FileSystem\Msfs \Device\Mailslot 899CDF70
Device \Driver\usbuhci \Device\USBFDO-5 89AEE1F8
Device \Driver\usbuhci \Device\USBFDO-6 89AEE1F8
Device \Driver\usbehci \Device\USBFDO-7 89AC6500
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target5Lun0 89085460
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target3Lun0 89085460
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target0Lun0 89085460
Device \Driver\vax347s \Device\Scsi\vax347s1 89DCC1F8
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target4Lun0 89085460
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target2Lun0 89085460
Device \Driver\awz6t687 \Device\Scsi\awz6t6871 89085460
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target1Lun0 89085460
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 89B9B2A8
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 89B9B2A8
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 89B9B2A8
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 89B9B2A8
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 89B9B2A8
Device 89AB0FB0
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
---- Modules - GMER 1.0.15 ----
Module _________ B9DCF000-B9DE7000 (98304 bytes)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9C 0x18 0x4E 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xB7 0x2D 0xAE 0xDB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x12 0x46 0xF6 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xCC 0x74 0x25 0xD6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x26 0x6D 0x13 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x79 0xD2 0xF6 0x4E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0x95 0xA5 0x76 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0xC2 0xAF 0x41 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg41@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg42
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg42@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg43
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg43@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg43@ljej40 0xBB 0x2B 0x02 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg44
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg44@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg44@ljej40 0xBB 0x2B 0x02 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg45
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg45@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg45@ljej40 0xB8 0x2B 0x02 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9C 0x18 0x4E 0x0D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xB7 0x2D 0xAE 0xDB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x12 0x46 0xF6 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xCC 0x74 0x25 0xD6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x26 0x6D 0x13 0x6B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x79 0xD2 0xF6 0x4E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0x95 0xA5 0x76 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0xC2 0xAF 0x41 0xA8 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{06CC7CA1-AC59-2353-4175-E60D24B6D141}\InProcServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{06CC7CA1-AC59-2353-4175-E60D24B6D141}\InProcServer32@oacadfciennjnmfnilkmecpjpajllj 0x6B 0x61 0x61 0x70 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{06CC7CA1-AC59-2353-4175-E60D24B6D141}\InProcServer32@nacajeidhhfnmllalgahnakicebm 0x6A 0x61 0x61 0x70 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- EOF - GMER 1.0.15 ----
Ten combofix jsem spustil podle návodu a dostal jsem se až - nevím jak vložit foto, prostě se přes plochu objevil prázdný bílý obdelník, zádný text, po dlouhé době jsem na něj tedy kliknul, vše zmizelo a zůstala prázdná tapeta. Nezbylo, než restartovat. Při novém startu tam byla možnost spuštení vytvořené konzoly, pak COMP naběhl, nikde jsem však nenalezl požadovaný log - asi nevím kde hledat. Mám to spustit znovu, nebo co?
Dík
-
Rudy
- Site Admin
- Příspěvky: 119390
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola logu
Zkuste znovu, ale v nouz. režimu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola logu
Zkusil jsem to znova, v nouzovém režimu, jako administrátor a se stejným výsledkem. Zdálo se, že dělal déle, oznamoval, že něco maže a vytváří log, měl na to asi 20minut a opět naskočilo bílé prázdné okno, za dalších 20minut jsem dal enter a naskočila "obrazovka smrti".Bublik píše:Bublik píše:U tohoto příspěvku je ve foru černá tečka, nevím co to je, asi jsem něco udělal blbě - když mi to vysvětlíte, polepším se.
Dobrý den, prosím o kontrolu logu z gmeru, popř. o radu jak postupovat s následujícím problémem.
Zhruba po 20ti minutách zmizí u ikon na ploše písmo, nebo je rozmazané. Následně se místo ikon a ostatních hlášek při ukončení otevřených programu zobrazují jen bílé obdélníky. Při vypínání pomocí nabídky start je to stejné - vypínám nebo restartuji jen po paměti. Na příkaz vypnutí nebo restart to stejně nereaguje a musím to vypnout vypínačem na tvrdo.
Hijackthis je čistý, stejně tak mwav. Avast nenalézá nic, stejně tak spyware doctor i spyware terminator.
Dík za pomoc
log1:
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2010-01-20 09:47:13
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xB9E6D4FE]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xB9E78CB0]
---- Devices - GMER 1.0.15 ----
Device 89DCB1F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- Modules - GMER 1.0.15 ----
Module _________ B9DCF000-B9DE7000 (98304 bytes)
---- EOF - GMER 1.0.15 ----
log.2:
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2010-01-20 13:39:10
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAB4C56B8]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwCreateKey [0xB9D6782E]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xB9E6CC70]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9D81282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9D81474]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwDeleteKey [0xB9D6853A]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwDeleteValueKey [0xB9D67F4E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAB4C514C]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xB9E6D4FE]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xB9E78CB0]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwOpenKey [0xB9D67ACC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAB4C508C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAB4C50F0]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xB9E6D51E]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwQueryValueKey [0xB9D67D52]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9D93422]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAB4C572E]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xB9E78450]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwSetValueKey [0xB9D682CA]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB9D80F32]
INT 0x63 ? 89D5DBF8
INT 0x63 ? 89D5DBF8
INT 0x63 ? 89D5DBF8
INT 0x63 ? 89D5DBF8
INT 0x63 ? 89AF0BF8
INT 0x63 ? 89D5DBF8
INT 0x83 ? 89D5DBF8
INT 0x83 ? 89D5DBF8
INT 0x83 ? 89AF0BF8
INT 0x83 ? 89D5DBF8
INT 0x84 ? 89AF0BF8
INT 0xA4 ? 89AF0BF8
INT 0xA4 ? 89AF0BF8
INT 0xA4 ? 89AF0BF8
INT 0xA4 ? 89AF0BF8
INT 0xB4 ? 89AF0BF8
---- Kernel code sections - GMER 1.0.15 ----
? speo.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload B907B8AC 5 Bytes JMP 89AF01D8
.text awz6t687.SYS B8F71384 1 Byte [20]
.text awz6t687.SYS B8F71384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text awz6t687.SYS B8F713AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text awz6t687.SYS B8F713C4 3 Bytes [00, 00, 00]
.text awz6t687.SYS B8F713C9 1 Byte [00]
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EBBD92] speo.sys
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[908] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[908] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
---- Devices - GMER 1.0.15 ----
Device 89DCB1F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBPDO-0 89AEE1F8
Device \Driver\sptd \Device\1074650142 speo.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89DCD1F8
Device \Driver\dmio \Device\DmControl\DmConfig 89DCD1F8
Device \Driver\dmio \Device\DmControl\DmPnP 89DCD1F8
Device \Driver\dmio \Device\DmControl\DmInfo 89DCD1F8
Device \Driver\usbuhci \Device\USBPDO-1 89AEE1F8
Device \Driver\usbuhci \Device\USBPDO-2 89AEE1F8
Device \Driver\usbehci \Device\USBPDO-3 89AC6500
Device \Driver\usbuhci \Device\USBPDO-4 89AEE1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{339E23C4-64DB-4036-9C25-4DBE3B205913} 897C9500
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBPDO-5 89AEE1F8
Device \Driver\usbuhci \Device\USBPDO-6 89AEE1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 89D5E1F8
Device \Driver\usbehci \Device\USBPDO-7 89AC6500
Device \Driver\Cdrom \Device\CdRom0 89754220
Device \FileSystem\Rdbss \Device\FsWrap 89B88678
Device \Driver\Cdrom \Device\CdRom1 89754220
Device \Driver\atapi \Device\Ide\IdePort0 8976D3C8
Device \Driver\atapi \Device\Ide\IdePort1 8976D3C8
Device \Driver\atapi \Device\Ide\IdePort2 8976D3C8
Device \Driver\atapi \Device\Ide\IdePort3 8976D3C8
Device \Driver\atapi \Device\Ide\IdePort4 8976D3C8
Device \Driver\atapi \Device\Ide\IdePort5 8976D3C8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-14 8976D3C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 8976D3C8
Device \Driver\Cdrom \Device\CdRom2 89754220
Device \Driver\Cdrom \Device\CdRom3 89754220
Device \Driver\Cdrom \Device\CdRom4 89754220
Device \Driver\Cdrom \Device\CdRom5 89754220
Device \Driver\NetBT \Device\NetBt_Wins_Export 897C9500
Device \Driver\Cdrom \Device\CdRom6 89754220
Device \Driver\NetBT \Device\NetbiosSmb 897C9500
Device \FileSystem\Srv \Device\LanmanServer 88B828C0
Device \Driver\PCI_PNP3892 \Device\0000004f speo.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBFDO-0 89AEE1F8
Device \Driver\usbuhci \Device\USBFDO-1 89AEE1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88BF9500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89BBAFB0
Device \Driver\usbuhci \Device\USBFDO-2 89AEE1F8
Device 88BF9500
Device 89BBAFB0
Device \Driver\usbehci \Device\USBFDO-3 89AC6500
Device \FileSystem\Npfs \Device\NamedPipe 89C46120
Device \Driver\usbuhci \Device\USBFDO-4 89AEE1F8
Device \Driver\Ftdisk \Device\FtControl 89D5E1F8
Device \FileSystem\Msfs \Device\Mailslot 899CDF70
Device \Driver\usbuhci \Device\USBFDO-5 89AEE1F8
Device \Driver\usbuhci \Device\USBFDO-6 89AEE1F8
Device \Driver\usbehci \Device\USBFDO-7 89AC6500
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target5Lun0 89085460
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target3Lun0 89085460
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target0Lun0 89085460
Device \Driver\vax347s \Device\Scsi\vax347s1 89DCC1F8
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target4Lun0 89085460
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target2Lun0 89085460
Device \Driver\awz6t687 \Device\Scsi\awz6t6871 89085460
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target1Lun0 89085460
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 89B9B2A8
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 89B9B2A8
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 89B9B2A8
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 89B9B2A8
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 89B9B2A8
Device 89AB0FB0
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
---- Modules - GMER 1.0.15 ----
Module _________ B9DCF000-B9DE7000 (98304 bytes)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9C 0x18 0x4E 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xB7 0x2D 0xAE 0xDB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x12 0x46 0xF6 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xCC 0x74 0x25 0xD6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x26 0x6D 0x13 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x79 0xD2 0xF6 0x4E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0x95 0xA5 0x76 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0xC2 0xAF 0x41 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg41@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg42
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg42@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg43
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg43@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg43@ljej40 0xBB 0x2B 0x02 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg44
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg44@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg44@ljej40 0xBB 0x2B 0x02 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg45
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg45@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg45@ljej40 0xB8 0x2B 0x02 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9C 0x18 0x4E 0x0D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xB7 0x2D 0xAE 0xDB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x12 0x46 0xF6 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xCC 0x74 0x25 0xD6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x26 0x6D 0x13 0x6B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x79 0xD2 0xF6 0x4E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0x95 0xA5 0x76 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0xC2 0xAF 0x41 0xA8 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{06CC7CA1-AC59-2353-4175-E60D24B6D141}\InProcServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{06CC7CA1-AC59-2353-4175-E60D24B6D141}\InProcServer32@oacadfciennjnmfnilkmecpjpajllj 0x6B 0x61 0x61 0x70 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{06CC7CA1-AC59-2353-4175-E60D24B6D141}\InProcServer32@nacajeidhhfnmllalgahnakicebm 0x6A 0x61 0x61 0x70 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- EOF - GMER 1.0.15 ----
Ten combofix jsem spustil podle návodu a dostal jsem se až - nevím jak vložit foto, prostě se přes plochu objevil prázdný bílý obdelník, zádný text, po dlouhé době jsem na něj tedy kliknul, vše zmizelo a zůstala prázdná tapeta. Nezbylo, než restartovat. Při novém startu tam byla možnost spuštení vytvořené konzoly, pak COMP naběhl, nikde jsem však nenalezl požadovaný log - asi nevím kde hledat. Mám to spustit znovu, nebo co?
Dík
Kromě jiného tam byla i zpráva : mbr.sys - Adress BA4692A4 base at BA, Date Stamp 00000000
Log se nevytvořil - aspoň jsem ho nenašel - má být na ploše nebo na céčku, či jinde? Ve složce combofix rovněž není, zato je tam mraky souborů bez přípony.
Co dál?
Dík
-
Rudy
- Site Admin
- Příspěvky: 119390
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola logu
Proskenujte pomocí AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Po ukončení skenu se znovu pokuste o log z ComboFix.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola logu
Dobrý, sken AVP Tool se povedl, sice až na potřetí (modré obrazovky), ale přeci jen povedl. Přikládám log.:Bublik píše:Zkusil jsem to znova, v nouzovém režimu, jako administrátor a se stejným výsledkem. Zdálo se, že dělal déle, oznamoval, že něco maže a vytváří log, měl na to asi 20minut a opět naskočilo bílé prázdné okno, za dalších 20minut jsem dal enter a naskočila "obrazovka smrti".Bublik píše:Bublik píše:U tohoto příspěvku je ve foru černá tečka, nevím co to je, asi jsem něco udělal blbě - když mi to vysvětlíte, polepším se.
Dobrý den, prosím o kontrolu logu z gmeru, popř. o radu jak postupovat s následujícím problémem.
Zhruba po 20ti minutách zmizí u ikon na ploše písmo, nebo je rozmazané. Následně se místo ikon a ostatních hlášek při ukončení otevřených programu zobrazují jen bílé obdélníky. Při vypínání pomocí nabídky start je to stejné - vypínám nebo restartuji jen po paměti. Na příkaz vypnutí nebo restart to stejně nereaguje a musím to vypnout vypínačem na tvrdo.
Hijackthis je čistý, stejně tak mwav. Avast nenalézá nic, stejně tak spyware doctor i spyware terminator.
Dík za pomoc
log1:
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2010-01-20 09:47:13
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xB9E6D4FE]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xB9E78CB0]
---- Devices - GMER 1.0.15 ----
Device 89DCB1F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- Modules - GMER 1.0.15 ----
Module _________ B9DCF000-B9DE7000 (98304 bytes)
---- EOF - GMER 1.0.15 ----
log.2:
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2010-01-20 13:39:10
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAB4C56B8]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwCreateKey [0xB9D6782E]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xB9E6CC70]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9D81282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9D81474]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwDeleteKey [0xB9D6853A]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwDeleteValueKey [0xB9D67F4E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAB4C514C]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xB9E6D4FE]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xB9E78CB0]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwOpenKey [0xB9D67ACC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAB4C508C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAB4C50F0]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xB9E6D51E]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwQueryValueKey [0xB9D67D52]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9D93422]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAB4C572E]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xB9E78450]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwSetValueKey [0xB9D682CA]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB9D80F32]
INT 0x63 ? 89D5DBF8
INT 0x63 ? 89D5DBF8
INT 0x63 ? 89D5DBF8
INT 0x63 ? 89D5DBF8
INT 0x63 ? 89AF0BF8
INT 0x63 ? 89D5DBF8
INT 0x83 ? 89D5DBF8
INT 0x83 ? 89D5DBF8
INT 0x83 ? 89AF0BF8
INT 0x83 ? 89D5DBF8
INT 0x84 ? 89AF0BF8
INT 0xA4 ? 89AF0BF8
INT 0xA4 ? 89AF0BF8
INT 0xA4 ? 89AF0BF8
INT 0xA4 ? 89AF0BF8
INT 0xB4 ? 89AF0BF8
---- Kernel code sections - GMER 1.0.15 ----
? speo.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload B907B8AC 5 Bytes JMP 89AF01D8
.text awz6t687.SYS B8F71384 1 Byte [20]
.text awz6t687.SYS B8F71384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text awz6t687.SYS B8F713AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text awz6t687.SYS B8F713C4 3 Bytes [00, 00, 00]
.text awz6t687.SYS B8F713C9 1 Byte [00]
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EBBD92] speo.sys
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[908] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[908] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
---- Devices - GMER 1.0.15 ----
Device 89DCB1F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBPDO-0 89AEE1F8
Device \Driver\sptd \Device\1074650142 speo.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89DCD1F8
Device \Driver\dmio \Device\DmControl\DmConfig 89DCD1F8
Device \Driver\dmio \Device\DmControl\DmPnP 89DCD1F8
Device \Driver\dmio \Device\DmControl\DmInfo 89DCD1F8
Device \Driver\usbuhci \Device\USBPDO-1 89AEE1F8
Device \Driver\usbuhci \Device\USBPDO-2 89AEE1F8
Device \Driver\usbehci \Device\USBPDO-3 89AC6500
Device \Driver\usbuhci \Device\USBPDO-4 89AEE1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{339E23C4-64DB-4036-9C25-4DBE3B205913} 897C9500
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBPDO-5 89AEE1F8
Device \Driver\usbuhci \Device\USBPDO-6 89AEE1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 89D5E1F8
Device \Driver\usbehci \Device\USBPDO-7 89AC6500
Device \Driver\Cdrom \Device\CdRom0 89754220
Device \FileSystem\Rdbss \Device\FsWrap 89B88678
Device \Driver\Cdrom \Device\CdRom1 89754220
Device \Driver\atapi \Device\Ide\IdePort0 8976D3C8
Device \Driver\atapi \Device\Ide\IdePort1 8976D3C8
Device \Driver\atapi \Device\Ide\IdePort2 8976D3C8
Device \Driver\atapi \Device\Ide\IdePort3 8976D3C8
Device \Driver\atapi \Device\Ide\IdePort4 8976D3C8
Device \Driver\atapi \Device\Ide\IdePort5 8976D3C8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-14 8976D3C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 8976D3C8
Device \Driver\Cdrom \Device\CdRom2 89754220
Device \Driver\Cdrom \Device\CdRom3 89754220
Device \Driver\Cdrom \Device\CdRom4 89754220
Device \Driver\Cdrom \Device\CdRom5 89754220
Device \Driver\NetBT \Device\NetBt_Wins_Export 897C9500
Device \Driver\Cdrom \Device\CdRom6 89754220
Device \Driver\NetBT \Device\NetbiosSmb 897C9500
Device \FileSystem\Srv \Device\LanmanServer 88B828C0
Device \Driver\PCI_PNP3892 \Device\0000004f speo.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBFDO-0 89AEE1F8
Device \Driver\usbuhci \Device\USBFDO-1 89AEE1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88BF9500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89BBAFB0
Device \Driver\usbuhci \Device\USBFDO-2 89AEE1F8
Device 88BF9500
Device 89BBAFB0
Device \Driver\usbehci \Device\USBFDO-3 89AC6500
Device \FileSystem\Npfs \Device\NamedPipe 89C46120
Device \Driver\usbuhci \Device\USBFDO-4 89AEE1F8
Device \Driver\Ftdisk \Device\FtControl 89D5E1F8
Device \FileSystem\Msfs \Device\Mailslot 899CDF70
Device \Driver\usbuhci \Device\USBFDO-5 89AEE1F8
Device \Driver\usbuhci \Device\USBFDO-6 89AEE1F8
Device \Driver\usbehci \Device\USBFDO-7 89AC6500
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target5Lun0 89085460
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target3Lun0 89085460
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target0Lun0 89085460
Device \Driver\vax347s \Device\Scsi\vax347s1 89DCC1F8
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target4Lun0 89085460
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target2Lun0 89085460
Device \Driver\awz6t687 \Device\Scsi\awz6t6871 89085460
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target1Lun0 89085460
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 89B9B2A8
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 89B9B2A8
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 89B9B2A8
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 89B9B2A8
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 89B9B2A8
Device 89AB0FB0
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
---- Modules - GMER 1.0.15 ----
Module _________ B9DCF000-B9DE7000 (98304 bytes)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9C 0x18 0x4E 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xB7 0x2D 0xAE 0xDB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x12 0x46 0xF6 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xCC 0x74 0x25 0xD6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x26 0x6D 0x13 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x79 0xD2 0xF6 0x4E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0x95 0xA5 0x76 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0xC2 0xAF 0x41 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg41@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg42
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg42@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg43
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg43@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg43@ljej40 0xBB 0x2B 0x02 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg44
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg44@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg44@ljej40 0xBB 0x2B 0x02 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg45
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg45@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg45@ljej40 0xB8 0x2B 0x02 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9C 0x18 0x4E 0x0D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xB7 0x2D 0xAE 0xDB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x12 0x46 0xF6 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xCC 0x74 0x25 0xD6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x26 0x6D 0x13 0x6B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x79 0xD2 0xF6 0x4E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0x95 0xA5 0x76 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0xC2 0xAF 0x41 0xA8 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{06CC7CA1-AC59-2353-4175-E60D24B6D141}\InProcServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{06CC7CA1-AC59-2353-4175-E60D24B6D141}\InProcServer32@oacadfciennjnmfnilkmecpjpajllj 0x6B 0x61 0x61 0x70 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{06CC7CA1-AC59-2353-4175-E60D24B6D141}\InProcServer32@nacajeidhhfnmllalgahnakicebm 0x6A 0x61 0x61 0x70 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- EOF - GMER 1.0.15 ----
Ten combofix jsem spustil podle návodu a dostal jsem se až - nevím jak vložit foto, prostě se přes plochu objevil prázdný bílý obdelník, zádný text, po dlouhé době jsem na něj tedy kliknul, vše zmizelo a zůstala prázdná tapeta. Nezbylo, než restartovat. Při novém startu tam byla možnost spuštení vytvořené konzoly, pak COMP naběhl, nikde jsem však nenalezl požadovaný log - asi nevím kde hledat. Mám to spustit znovu, nebo co?
Dík
Kromě jiného tam byla i zpráva : mbr.sys - Adress BA4692A4 base at BA, Date Stamp 00000000
Log se nevytvořil - aspoň jsem ho nenašel - má být na ploše nebo na céčku, či jinde? Ve složce combofix rovněž není, zato je tam mraky souborů bez přípony.
Co dál?
Dík
Autoscan: malfunction (events: 26, objects: 0, time: Unknown)
22.1.2010 15:42:29 Task started
22.1.2010 17:44:16 Processing error C:\Documents and Settings\PC\Dokumenty\Obrázky\2008\únor\23únor.jpg Read error
22.1.2010 17:44:16 Processing error C:\Documents and Settings\PC\Dokumenty\Obrázky\2008\únor\7únor.JPG Read error
22.1.2010 17:44:16 Processing error C:\Documents and Settings\PC\Dokumenty\Obrázky\2008\únor\8únor.JPG Read error
22.1.2010 17:44:16 Processing error C:\Documents and Settings\PC\Dokumenty\Obrázky\2008\únor\9únor.JPG Read error
22.1.2010 17:44:16 Processing error C:\Documents and Settings\PC\Local Settings\desktop.ini Read error
22.1.2010 17:44:17 Processing error C:\Documents and Settings\PC\Plocha\Virus Removal Tool\setup_9.0.0.722_22.01.2010_10-04:extended Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005891.dll Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005892.dll Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005893.dll Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005894.dll Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005895.dll Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005896.dll Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005897.dll Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005898.dll Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005899.cpl Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005900.dll Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005901.dll Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005902.dll Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005903.dll Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005904.dll Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005905.exe Read error
22.1.2010 17:44:33 Processing error C:\WINDOWS\$NtUninstallKB957095$\srv.sys Read error
22.1.2010 17:44:33 Processing error C:\WINDOWS\$NtUninstallKB957097$\mrxsmb.sys Read error
22.1.2010 17:44:33 Processing error C:\WINDOWS\$NtUninstallKB958644$\netapi32.dll Read error
22.1.2010 17:44:38 Processing error C:\WINDOWS\inf\netel90b.PNF Read error
Autoscan: completed 4 hours ago (events: 2, objects: 1313, time: 01:30:04)
22.1.2010 18:01:54 Task started
22.1.2010 19:31:58 Task completed
Autoscan: completed 2 hours ago (events: 2, objects: 346416, time: 02:32:55)
22.1.2010 19:38:38 Task started
22.1.2010 22:11:33 Task completed
Mám ty soubory smazat? Jsou tam fotky, které jsem dělal sám, mám je použité i v různých prezentacích, jsou tyto prezentace bezpečné?
Zatím dík, jdu na ten Combofix
Super, ten Combofix rovněž proběhl bez problémů - asi. Po skenování hlásil, že vytváří log. a pak vše skončilo a zůstala pouze samotná tapeta (obrazovka smrti se už neukázala), po delší době, když se nic neobjevilo - žádná hláška či výzva, jsem PC restartoval.
Soubor .log tam nikde nebyl, ale s podobným obsahem tam byl soubor : ComboFix.txt
zde je obsah :
ComboFix 10-01-22.01 - PC 23.01.2010 8:14:11.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1437 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\PC\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100123-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\Dvbpws.dll
.
---- Předchozí spuštění -------
.
C:\WINDOWS\system32\Dvbpws.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-23 do 2010-01-23 )))))))))))))))))))))))))))))))
.
2010-01-21 15:32:22 . 2010-01-21 15:34:50 -------- d-----w- C:\WINDOWS\SxsCaPendDel
2010-01-16 12:24:10 . 2010-01-16 12:24:10 -------- d--h--w- C:\WINDOWS\system32\GroupPolicy
2010-01-12 18:47:41 . 2009-11-21 16:03:06 471552 -c----w- C:\WINDOWS\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-22 23:25:00 . 2001-10-25 11:00:00 84034 ----a-w- C:\WINDOWS\system32\perfc005.dat
2010-01-22 23:25:00 . 2001-10-25 11:00:00 441688 ----a-w- C:\WINDOWS\system32\perfh005.dat
2010-01-19 21:07:33 . 2009-09-24 18:27:40 241 ----a-w- C:\Documents and Settings\PC\SR.vbs
2010-01-19 17:54:32 . 2009-01-17 08:02:12 -------- d-----w- C:\Program Files\Spyware Doctor
2010-01-17 14:32:46 . 2010-01-17 14:32:45 716272 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys.17460715
2010-01-17 14:32:46 . 2010-01-17 14:32:45 716272 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys
2010-01-17 10:40:33 . 2009-12-02 21:46:01 3095740 ----a-w- C:\WINDOWS\cscmondump.bin
2010-01-16 20:41:47 . 2010-01-16 20:40:59 7305691 ----a-w- C:\WINDOWS\REGBK03.ZIP
2010-01-15 17:31:00 . 2008-10-17 14:15:26 -------- d-----w- C:\Program Files\Common Files\Adobe
2010-01-10 08:49:56 . 2009-04-06 14:10:40 -------- d-----w- C:\Program Files\WinClamAVShield
2010-01-08 21:36:30 . 2008-10-26 19:28:54 45056 ----a-w- C:\WINDOWS\NCUNINST.EXE
2010-01-07 15:07:14 . 2010-01-20 19:14:53 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07:04 . 2010-01-20 19:14:51 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-01-05 16:38:46 . 2010-01-17 10:54:57 133448 ----a-w- C:\WINDOWS\system32\drivers\CFRMD.sys
2009-12-21 19:08:42 . 2008-04-14 06:52:06 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2009-12-19 21:23:09 . 2009-04-06 14:09:27 -------- d-----w- C:\Program Files\Spyware Terminator
2009-12-19 13:37:44 . 2009-12-19 13:37:44 68060 ---ha-w- C:\WINDOWS\system32\mlfcache.dat
2009-12-19 13:19:53 . 2009-12-19 13:19:53 -------- d-----w- C:\Program Files\Google
2009-12-18 16:25:43 . 2009-12-18 16:25:43 -------- d-----w- C:\Program Files\AviSynth 2.5
2009-12-18 14:24:20 . 2008-10-29 16:47:12 524 ----a-w- C:\WINDOWS\bpfdat.dat
2009-12-15 14:12:55 . 2009-12-14 13:51:35 -------- d-----w- C:\Program Files\Zaparit
2009-12-11 20:37:30 . 2009-12-11 20:37:30 -------- d-----w- C:\Program Files\Counter-Strike Source
2009-12-10 13:16:33 . 2009-10-03 18:06:39 -------- d-----w- C:\Program Files\Valve
2009-12-08 17:53:03 . 2009-12-08 17:53:03 -------- d-----w- C:\Program Files\Alcohol Soft
2009-12-08 15:11:36 . 2009-12-08 15:11:35 716272 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys.12650733
2009-12-08 13:53:30 . 2008-10-17 17:34:44 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2009-12-08 09:31:31 . 2009-12-08 09:31:31 355584 ----a-w- C:\WINDOWS\system32\TuneUpDefragService.exe
2009-12-08 09:29:37 . 2009-12-08 09:29:37 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-06 18:38:38 . 2009-12-06 18:37:42 6559733 ----a-w- C:\WINDOWS\REGBK02.ZIP
2009-12-04 09:24:15 . 2009-12-02 09:24:15 131604 ----a-w- C:\WINDOWS\cscmon.bin
2009-12-03 14:18:36 . 2009-12-19 12:53:11 26000 ----a-w- C:\WINDOWS\system32\PteVideo.dll
2009-11-24 23:54:29 . 2008-10-17 14:14:55 1280480 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2009-11-24 23:51:09 . 2008-10-17 14:15:05 93424 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2009-11-24 23:49:07 . 2008-10-17 14:15:08 48560 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2009-11-24 23:48:57 . 2008-10-17 14:15:08 23120 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2009-11-24 23:47:54 . 2008-10-17 14:15:07 27408 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2009-11-24 23:47:28 . 2008-10-17 14:15:06 97480 ----a-w- C:\WINDOWS\system32\AvastSS.scr
2009-11-23 20:37:30 . 2009-11-23 20:36:43 6561857 ----a-w- C:\WINDOWS\REGBK01.ZIP
2009-11-21 16:03:06 . 2008-04-14 06:51:38 471552 ----a-w- C:\WINDOWS\AppPatch\aclayers.dll
2009-10-27 08:53:24 . 2009-10-27 08:53:24 8192 ----a-w- C:\WINDOWS\system32\CSC.exe
2006-05-03 09:06:54 . 2009-12-18 16:25:27 163328 --sh--r- C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 . 2009-12-18 16:25:27 31232 --sh--r- C:\WINDOWS\system32\msfDX.dll
2008-03-16 12:30:52 . 2009-12-18 16:25:27 216064 --sh--r- C:\WINDOWS\system32\nbDX.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-21_18.35.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-23 07:10:45 . 2010-01-23 07:10:45 16384 C:\WINDOWS\Temp\Perflib_Perfdata_644.dat
+ 2010-01-23 07:10:45 . 2010-01-23 07:10:45 16384 C:\WINDOWS\Temp\Perflib_Perfdata_214.dat
+ 2001-10-25 11:00:00 . 2010-01-22 23:25:00 72040 C:\WINDOWS\system32\perfc009.dat
- 2001-10-25 11:00:00 . 2010-01-21 18:27:22 72040 C:\WINDOWS\system32\perfc009.dat
+ 2007-08-13 16:54:10 . 2009-12-21 19:08:38 55296 C:\WINDOWS\system32\msfeedsbs.dll
- 2007-08-13 16:54:10 . 2009-10-29 07:43:48 55296 C:\WINDOWS\system32\msfeedsbs.dll
+ 2010-01-22 07:16:52 . 2010-01-22 07:16:52 85019 C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-04-14 06:51:46 . 2009-10-29 07:43:48 25600 C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-14 06:51:46 . 2009-12-21 19:08:38 25600 C:\WINDOWS\system32\jsproxy.dll
+ 2009-08-28 16:57:11 . 2009-12-21 19:08:42 12800 C:\WINDOWS\system32\dllcache\xpshims.dll
- 2009-08-28 16:57:11 . 2009-10-29 07:43:54 12800 C:\WINDOWS\system32\dllcache\xpshims.dll
+ 2008-08-26 08:26:59 . 2009-12-21 19:08:38 55296 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-08-26 08:26:59 . 2009-10-29 07:43:48 55296 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-08-13 16:54:10 . 2009-10-29 07:43:48 25600 C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-13 16:54:10 . 2009-12-21 19:08:38 25600 C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2010-01-22 07:07:17 . 2009-10-29 07:43:54 12800 C:\WINDOWS\ie8updates\KB978207-IE8\xpshims.dll
+ 2010-01-22 07:07:17 . 2009-10-29 07:43:48 55296 C:\WINDOWS\ie8updates\KB978207-IE8\msfeedsbs.dll
+ 2010-01-22 07:07:17 . 2009-10-29 07:43:48 25600 C:\WINDOWS\ie8updates\KB978207-IE8\jsproxy.dll
+ 2001-10-25 11:00:00 . 2010-01-22 23:25:00 444164 C:\WINDOWS\system32\perfh009.dat
- 2001-10-25 11:00:00 . 2010-01-21 18:27:22 444164 C:\WINDOWS\system32\perfh009.dat
- 2008-04-14 06:51:54 . 2009-10-29 07:43:53 206848 C:\WINDOWS\system32\occache.dll
+ 2008-04-14 06:51:54 . 2009-12-21 19:08:41 206848 C:\WINDOWS\system32\occache.dll
- 2007-08-13 16:54:10 . 2009-10-29 07:43:48 594432 C:\WINDOWS\system32\msfeeds.dll
+ 2007-08-13 16:54:10 . 2009-12-21 19:08:38 594432 C:\WINDOWS\system32\msfeeds.dll
+ 2009-10-28 03:31:14 . 2009-10-28 03:31:14 257440 C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe
+ 2008-04-14 06:51:44 . 2009-12-21 19:08:37 184320 C:\WINDOWS\system32\iepeers.dll
- 2008-04-14 06:51:44 . 2009-10-29 07:43:47 184320 C:\WINDOWS\system32\iepeers.dll
- 2008-04-14 06:51:44 . 2009-10-29 07:43:43 387584 C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-14 06:51:44 . 2009-12-21 19:08:35 387584 C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-14 06:52:28 . 2009-12-21 13:18:29 173056 C:\WINDOWS\system32\ie4uinit.exe
- 2008-04-14 06:52:28 . 2009-10-28 14:40:47 173056 C:\WINDOWS\system32\ie4uinit.exe
- 2008-08-20 05:10:41 . 2009-10-29 07:43:54 916480 C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-08-20 05:10:41 . 2009-12-21 19:08:42 916480 C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-08-13 16:44:06 . 2009-12-21 19:08:41 206848 C:\WINDOWS\system32\dllcache\occache.dll
- 2007-08-13 16:44:06 . 2009-10-29 07:43:53 206848 C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-08-26 08:26:59 . 2009-12-21 19:08:38 594432 C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-08-26 08:26:59 . 2009-10-29 07:43:48 594432 C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2009-08-28 16:57:12 . 2009-12-21 19:08:37 246272 C:\WINDOWS\system32\dllcache\ieproxy.dll
- 2009-08-28 16:57:12 . 2009-10-29 07:43:47 246272 C:\WINDOWS\system32\dllcache\ieproxy.dll
+ 2007-08-13 16:54:10 . 2009-12-21 19:08:37 184320 C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-08-13 16:54:10 . 2009-10-29 07:43:47 184320 C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-08-13 16:39:50 . 2009-10-29 07:43:43 387584 C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2007-08-13 16:39:50 . 2009-12-21 19:08:35 387584 C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2007-08-13 16:39:06 . 2009-12-21 13:18:29 173056 C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-08-13 16:39:06 . 2009-10-28 14:40:47 173056 C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2010-01-22 07:07:17 . 2009-10-29 07:43:54 916480 C:\WINDOWS\ie8updates\KB978207-IE8\wininet.dll
+ 2010-01-22 07:07:18 . 2009-05-26 11:40:44 391032 C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\updspapi.dll
+ 2010-01-22 07:07:18 . 2008-07-08 12:59:43 233848 C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe
+ 2010-01-22 07:07:17 . 2009-10-29 07:43:53 206848 C:\WINDOWS\ie8updates\KB978207-IE8\occache.dll
+ 2010-01-22 07:07:17 . 2009-10-29 07:43:48 594432 C:\WINDOWS\ie8updates\KB978207-IE8\msfeeds.dll
+ 2010-01-22 07:07:17 . 2009-10-29 07:43:47 246272 C:\WINDOWS\ie8updates\KB978207-IE8\ieproxy.dll
+ 2010-01-22 07:07:17 . 2009-10-29 07:43:47 184320 C:\WINDOWS\ie8updates\KB978207-IE8\iepeers.dll
+ 2010-01-22 07:07:17 . 2009-10-29 07:43:43 387584 C:\WINDOWS\ie8updates\KB978207-IE8\iedkcs32.dll
+ 2010-01-22 07:07:17 . 2009-10-28 14:40:47 173056 C:\WINDOWS\ie8updates\KB978207-IE8\ie4uinit.exe
+ 2008-04-14 06:52:06 . 2009-12-21 19:08:42 1208832 C:\WINDOWS\system32\urlmon.dll
- 2008-04-14 06:52:06 . 2009-10-29 07:43:54 1208832 C:\WINDOWS\system32\urlmon.dll
+ 2008-04-14 06:51:50 . 2009-12-21 19:08:41 5942784 C:\WINDOWS\system32\mshtml.dll
- 2007-08-13 16:34:04 . 2009-10-29 07:43:48 1985536 C:\WINDOWS\system32\iertutil.dll
+ 2007-08-13 16:34:04 . 2009-12-21 19:08:38 1985536 C:\WINDOWS\system32\iertutil.dll
+ 2008-08-20 05:10:41 . 2009-12-21 19:08:42 1208832 C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-08-20 05:10:41 . 2009-10-29 07:43:54 1208832 C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-08-20 05:10:42 . 2009-12-21 19:08:41 5942784 C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-08-26 08:26:58 . 2009-12-21 19:08:38 1985536 C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-08-26 08:26:58 . 2009-10-29 07:43:48 1985536 C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2010-01-22 07:07:17 . 2009-10-29 07:43:54 1208832 C:\WINDOWS\ie8updates\KB978207-IE8\urlmon.dll
+ 2010-01-22 07:07:17 . 2009-10-29 07:43:52 5940736 C:\WINDOWS\ie8updates\KB978207-IE8\mshtml.dll
+ 2010-01-22 07:07:17 . 2009-10-29 07:43:48 1985536 C:\WINDOWS\ie8updates\KB978207-IE8\iertutil.dll
+ 2009-10-27 19:31:38 . 2009-10-27 19:31:38 1956816 C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2007-08-13 16:54:10 . 2009-12-21 19:08:37 11070464 C:\WINDOWS\system32\ieframe.dll
+ 2008-10-03 17:26:29 . 2009-12-21 19:08:37 11070464 C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2010-01-22 07:07:17 . 2009-10-29 07:43:46 11069952 C:\WINDOWS\ie8updates\KB978207-IE8\ieframe.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2009-10-09 11:11:12 25623336]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2009-03-11 16:22:48 2912256]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2010-01-17 14:36:42 4608]
"Advanced SystemCare 3"="C:\Udržba\Advanced SystemCare 3\AWC.exe" [2009-11-20 12:51:34 2335880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 23:51:40 81000]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2009-05-27 15:14:56 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-10-11 03:17:36 149280]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 06:39:00 16862720]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40:44 155648]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2004-06-28 02:33:34 57344]
"C-Media Mixer"="Mixer.exe" [2002-10-15 17:00:20 1818624]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 11:32:18 203264]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 00:57:28 35760]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 14:57:56 948672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 06:52:18 15360]
C:\Documents and Settings\PC\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Di ý.lnk - C:\Documents and Settings\PC\Dokumenty\Di ý.xls [2008-10-17 573440]
PopTray.lnk - C:\Program Files\PopTray\PopTray.exe [2008-10-17 1666048]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věroźˇ.lnk - C:\R…zn‚\Vyroci\Vyroci32.exe [2001-2-27 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
-
Rudy
- Site Admin
- Příspěvky: 119390
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola logu
1. obrázky nemažte, jste-li si jist, že jsou vaše.
2. CF smazal jednu položku, zbytek fragmentu logu vypadá čistý. Log není kompletní.
3. Vira máte v záloze systému. Vypněte obnovu systému, restartujte PC a obnovu opět zapněte.
4. Vzhledem k BSOD mám podezření, že je buď nějaká chyba systému, nebo chyba hardware.
2. CF smazal jednu položku, zbytek fragmentu logu vypadá čistý. Log není kompletní.
3. Vira máte v záloze systému. Vypněte obnovu systému, restartujte PC a obnovu opět zapněte.
4. Vzhledem k BSOD mám podezření, že je buď nějaká chyba systému, nebo chyba hardware.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola logu
Dobře, tak se pokusím něco provést se systémem a pak se event. ozvu v novém příspěvku.Bublik píše:Dobrý, sken AVP Tool se povedl, sice až na potřetí (modré obrazovky), ale přeci jen povedl. Přikládám log.:Bublik píše:Zkusil jsem to znova, v nouzovém režimu, jako administrátor a se stejným výsledkem. Zdálo se, že dělal déle, oznamoval, že něco maže a vytváří log, měl na to asi 20minut a opět naskočilo bílé prázdné okno, za dalších 20minut jsem dal enter a naskočila "obrazovka smrti".Bublik píše:Bublik píše:U tohoto příspěvku je ve foru černá tečka, nevím co to je, asi jsem něco udělal blbě - když mi to vysvětlíte, polepším se.
Dobrý den, prosím o kontrolu logu z gmeru, popř. o radu jak postupovat s následujícím problémem.
Zhruba po 20ti minutách zmizí u ikon na ploše písmo, nebo je rozmazané. Následně se místo ikon a ostatních hlášek při ukončení otevřených programu zobrazují jen bílé obdélníky. Při vypínání pomocí nabídky start je to stejné - vypínám nebo restartuji jen po paměti. Na příkaz vypnutí nebo restart to stejně nereaguje a musím to vypnout vypínačem na tvrdo.
Hijackthis je čistý, stejně tak mwav. Avast nenalézá nic, stejně tak spyware doctor i spyware terminator.
Dík za pomoc
log1:
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2010-01-20 09:47:13
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xB9E6D4FE]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xB9E78CB0]
---- Devices - GMER 1.0.15 ----
Device 89DCB1F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- Modules - GMER 1.0.15 ----
Module _________ B9DCF000-B9DE7000 (98304 bytes)
---- EOF - GMER 1.0.15 ----
log.2:
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2010-01-20 13:39:10
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAB4C56B8]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwCreateKey [0xB9D6782E]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xB9E6CC70]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9D81282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9D81474]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwDeleteKey [0xB9D6853A]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwDeleteValueKey [0xB9D67F4E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAB4C514C]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xB9E6D4FE]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xB9E78CB0]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwOpenKey [0xB9D67ACC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAB4C508C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAB4C50F0]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xB9E6D51E]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwQueryValueKey [0xB9D67D52]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9D93422]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAB4C572E]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xB9E78450]
SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwSetValueKey [0xB9D682CA]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB9D80F32]
INT 0x63 ? 89D5DBF8
INT 0x63 ? 89D5DBF8
INT 0x63 ? 89D5DBF8
INT 0x63 ? 89D5DBF8
INT 0x63 ? 89AF0BF8
INT 0x63 ? 89D5DBF8
INT 0x83 ? 89D5DBF8
INT 0x83 ? 89D5DBF8
INT 0x83 ? 89AF0BF8
INT 0x83 ? 89D5DBF8
INT 0x84 ? 89AF0BF8
INT 0xA4 ? 89AF0BF8
INT 0xA4 ? 89AF0BF8
INT 0xA4 ? 89AF0BF8
INT 0xA4 ? 89AF0BF8
INT 0xB4 ? 89AF0BF8
---- Kernel code sections - GMER 1.0.15 ----
? speo.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload B907B8AC 5 Bytes JMP 89AF01D8
.text awz6t687.SYS B8F71384 1 Byte [20]
.text awz6t687.SYS B8F71384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text awz6t687.SYS B8F713AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text awz6t687.SYS B8F713C4 3 Bytes [00, 00, 00]
.text awz6t687.SYS B8F713C9 1 Byte [00]
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EBBD92] speo.sys
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\awz6t687.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[908] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[908] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
---- Devices - GMER 1.0.15 ----
Device 89DCB1F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBPDO-0 89AEE1F8
Device \Driver\sptd \Device\1074650142 speo.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89DCD1F8
Device \Driver\dmio \Device\DmControl\DmConfig 89DCD1F8
Device \Driver\dmio \Device\DmControl\DmPnP 89DCD1F8
Device \Driver\dmio \Device\DmControl\DmInfo 89DCD1F8
Device \Driver\usbuhci \Device\USBPDO-1 89AEE1F8
Device \Driver\usbuhci \Device\USBPDO-2 89AEE1F8
Device \Driver\usbehci \Device\USBPDO-3 89AC6500
Device \Driver\usbuhci \Device\USBPDO-4 89AEE1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{339E23C4-64DB-4036-9C25-4DBE3B205913} 897C9500
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBPDO-5 89AEE1F8
Device \Driver\usbuhci \Device\USBPDO-6 89AEE1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 89D5E1F8
Device \Driver\usbehci \Device\USBPDO-7 89AC6500
Device \Driver\Cdrom \Device\CdRom0 89754220
Device \FileSystem\Rdbss \Device\FsWrap 89B88678
Device \Driver\Cdrom \Device\CdRom1 89754220
Device \Driver\atapi \Device\Ide\IdePort0 8976D3C8
Device \Driver\atapi \Device\Ide\IdePort1 8976D3C8
Device \Driver\atapi \Device\Ide\IdePort2 8976D3C8
Device \Driver\atapi \Device\Ide\IdePort3 8976D3C8
Device \Driver\atapi \Device\Ide\IdePort4 8976D3C8
Device \Driver\atapi \Device\Ide\IdePort5 8976D3C8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-14 8976D3C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 8976D3C8
Device \Driver\Cdrom \Device\CdRom2 89754220
Device \Driver\Cdrom \Device\CdRom3 89754220
Device \Driver\Cdrom \Device\CdRom4 89754220
Device \Driver\Cdrom \Device\CdRom5 89754220
Device \Driver\NetBT \Device\NetBt_Wins_Export 897C9500
Device \Driver\Cdrom \Device\CdRom6 89754220
Device \Driver\NetBT \Device\NetbiosSmb 897C9500
Device \FileSystem\Srv \Device\LanmanServer 88B828C0
Device \Driver\PCI_PNP3892 \Device\0000004f speo.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBFDO-0 89AEE1F8
Device \Driver\usbuhci \Device\USBFDO-1 89AEE1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88BF9500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89BBAFB0
Device \Driver\usbuhci \Device\USBFDO-2 89AEE1F8
Device 88BF9500
Device 89BBAFB0
Device \Driver\usbehci \Device\USBFDO-3 89AC6500
Device \FileSystem\Npfs \Device\NamedPipe 89C46120
Device \Driver\usbuhci \Device\USBFDO-4 89AEE1F8
Device \Driver\Ftdisk \Device\FtControl 89D5E1F8
Device \FileSystem\Msfs \Device\Mailslot 899CDF70
Device \Driver\usbuhci \Device\USBFDO-5 89AEE1F8
Device \Driver\usbuhci \Device\USBFDO-6 89AEE1F8
Device \Driver\usbehci \Device\USBFDO-7 89AC6500
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target5Lun0 89085460
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target3Lun0 89085460
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target0Lun0 89085460
Device \Driver\vax347s \Device\Scsi\vax347s1 89DCC1F8
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target4Lun0 89085460
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target2Lun0 89085460
Device \Driver\awz6t687 \Device\Scsi\awz6t6871 89085460
Device \Driver\awz6t687 \Device\Scsi\awz6t6871Port7Path0Target1Lun0 89085460
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 89B9B2A8
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 89B9B2A8
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 89B9B2A8
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 89B9B2A8
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 89B9B2A8
Device 89AB0FB0
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
---- Modules - GMER 1.0.15 ----
Module _________ B9DCF000-B9DE7000 (98304 bytes)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9C 0x18 0x4E 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xB7 0x2D 0xAE 0xDB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x12 0x46 0xF6 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xCC 0x74 0x25 0xD6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x26 0x6D 0x13 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x79 0xD2 0xF6 0x4E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0x95 0xA5 0x76 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0xC2 0xAF 0x41 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg41@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg42
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg42@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg43
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg43@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg43@ljej40 0xBB 0x2B 0x02 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg44
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg44@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg44@ljej40 0xBB 0x2B 0x02 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg45
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg45@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg45@ljej40 0xB8 0x2B 0x02 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9C 0x18 0x4E 0x0D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xB7 0x2D 0xAE 0xDB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x12 0x46 0xF6 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xCC 0x74 0x25 0xD6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x26 0x6D 0x13 0x6B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x79 0xD2 0xF6 0x4E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0x95 0xA5 0x76 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0xC2 0xAF 0x41 0xA8 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{06CC7CA1-AC59-2353-4175-E60D24B6D141}\InProcServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{06CC7CA1-AC59-2353-4175-E60D24B6D141}\InProcServer32@oacadfciennjnmfnilkmecpjpajllj 0x6B 0x61 0x61 0x70 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{06CC7CA1-AC59-2353-4175-E60D24B6D141}\InProcServer32@nacajeidhhfnmllalgahnakicebm 0x6A 0x61 0x61 0x70 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- EOF - GMER 1.0.15 ----
Ten combofix jsem spustil podle návodu a dostal jsem se až - nevím jak vložit foto, prostě se přes plochu objevil prázdný bílý obdelník, zádný text, po dlouhé době jsem na něj tedy kliknul, vše zmizelo a zůstala prázdná tapeta. Nezbylo, než restartovat. Při novém startu tam byla možnost spuštení vytvořené konzoly, pak COMP naběhl, nikde jsem však nenalezl požadovaný log - asi nevím kde hledat. Mám to spustit znovu, nebo co?
Dík
Kromě jiného tam byla i zpráva : mbr.sys - Adress BA4692A4 base at BA, Date Stamp 00000000
Log se nevytvořil - aspoň jsem ho nenašel - má být na ploše nebo na céčku, či jinde? Ve složce combofix rovněž není, zato je tam mraky souborů bez přípony.
Co dál?
Dík
Autoscan: malfunction (events: 26, objects: 0, time: Unknown)
22.1.2010 15:42:29 Task started
22.1.2010 17:44:16 Processing error C:\Documents and Settings\PC\Dokumenty\Obrázky\2008\únor\23únor.jpg Read error
22.1.2010 17:44:16 Processing error C:\Documents and Settings\PC\Dokumenty\Obrázky\2008\únor\7únor.JPG Read error
22.1.2010 17:44:16 Processing error C:\Documents and Settings\PC\Dokumenty\Obrázky\2008\únor\8únor.JPG Read error
22.1.2010 17:44:16 Processing error C:\Documents and Settings\PC\Dokumenty\Obrázky\2008\únor\9únor.JPG Read error
22.1.2010 17:44:16 Processing error C:\Documents and Settings\PC\Local Settings\desktop.ini Read error
22.1.2010 17:44:17 Processing error C:\Documents and Settings\PC\Plocha\Virus Removal Tool\setup_9.0.0.722_22.01.2010_10-04:extended Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005891.dll Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005892.dll Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005893.dll Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005894.dll Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005895.dll Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005896.dll Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005897.dll Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005898.dll Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005899.cpl Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005900.dll Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005901.dll Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005902.dll Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005903.dll Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005904.dll Read error
22.1.2010 17:44:32 Processing error C:\System Volume Information\_restore{290FCCB1-5E1E-41CC-852C-B5321270D0BC}\RP6\A0005905.exe Read error
22.1.2010 17:44:33 Processing error C:\WINDOWS\$NtUninstallKB957095$\srv.sys Read error
22.1.2010 17:44:33 Processing error C:\WINDOWS\$NtUninstallKB957097$\mrxsmb.sys Read error
22.1.2010 17:44:33 Processing error C:\WINDOWS\$NtUninstallKB958644$\netapi32.dll Read error
22.1.2010 17:44:38 Processing error C:\WINDOWS\inf\netel90b.PNF Read error
Autoscan: completed 4 hours ago (events: 2, objects: 1313, time: 01:30:04)
22.1.2010 18:01:54 Task started
22.1.2010 19:31:58 Task completed
Autoscan: completed 2 hours ago (events: 2, objects: 346416, time: 02:32:55)
22.1.2010 19:38:38 Task started
22.1.2010 22:11:33 Task completed
Mám ty soubory smazat? Jsou tam fotky, které jsem dělal sám, mám je použité i v různých prezentacích, jsou tyto prezentace bezpečné?
Zatím dík, jdu na ten Combofix
Super, ten Combofix rovněž proběhl bez problémů - asi. Po skenování hlásil, že vytváří log. a pak vše skončilo a zůstala pouze samotná tapeta (obrazovka smrti se už neukázala), po delší době, když se nic neobjevilo - žádná hláška či výzva, jsem PC restartoval.
Soubor .log tam nikde nebyl, ale s podobným obsahem tam byl soubor : ComboFix.txt
zde je obsah :
ComboFix 10-01-22.01 - PC 23.01.2010 8:14:11.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1437 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\PC\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100123-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\Dvbpws.dll
.
---- Předchozí spuštění -------
.
C:\WINDOWS\system32\Dvbpws.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-23 do 2010-01-23 )))))))))))))))))))))))))))))))
.
2010-01-21 15:32:22 . 2010-01-21 15:34:50 -------- d-----w- C:\WINDOWS\SxsCaPendDel
2010-01-16 12:24:10 . 2010-01-16 12:24:10 -------- d--h--w- C:\WINDOWS\system32\GroupPolicy
2010-01-12 18:47:41 . 2009-11-21 16:03:06 471552 -c----w- C:\WINDOWS\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-22 23:25:00 . 2001-10-25 11:00:00 84034 ----a-w- C:\WINDOWS\system32\perfc005.dat
2010-01-22 23:25:00 . 2001-10-25 11:00:00 441688 ----a-w- C:\WINDOWS\system32\perfh005.dat
2010-01-19 21:07:33 . 2009-09-24 18:27:40 241 ----a-w- C:\Documents and Settings\PC\SR.vbs
2010-01-19 17:54:32 . 2009-01-17 08:02:12 -------- d-----w- C:\Program Files\Spyware Doctor
2010-01-17 14:32:46 . 2010-01-17 14:32:45 716272 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys.17460715
2010-01-17 14:32:46 . 2010-01-17 14:32:45 716272 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys
2010-01-17 10:40:33 . 2009-12-02 21:46:01 3095740 ----a-w- C:\WINDOWS\cscmondump.bin
2010-01-16 20:41:47 . 2010-01-16 20:40:59 7305691 ----a-w- C:\WINDOWS\REGBK03.ZIP
2010-01-15 17:31:00 . 2008-10-17 14:15:26 -------- d-----w- C:\Program Files\Common Files\Adobe
2010-01-10 08:49:56 . 2009-04-06 14:10:40 -------- d-----w- C:\Program Files\WinClamAVShield
2010-01-08 21:36:30 . 2008-10-26 19:28:54 45056 ----a-w- C:\WINDOWS\NCUNINST.EXE
2010-01-07 15:07:14 . 2010-01-20 19:14:53 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07:04 . 2010-01-20 19:14:51 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-01-05 16:38:46 . 2010-01-17 10:54:57 133448 ----a-w- C:\WINDOWS\system32\drivers\CFRMD.sys
2009-12-21 19:08:42 . 2008-04-14 06:52:06 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2009-12-19 21:23:09 . 2009-04-06 14:09:27 -------- d-----w- C:\Program Files\Spyware Terminator
2009-12-19 13:37:44 . 2009-12-19 13:37:44 68060 ---ha-w- C:\WINDOWS\system32\mlfcache.dat
2009-12-19 13:19:53 . 2009-12-19 13:19:53 -------- d-----w- C:\Program Files\Google
2009-12-18 16:25:43 . 2009-12-18 16:25:43 -------- d-----w- C:\Program Files\AviSynth 2.5
2009-12-18 14:24:20 . 2008-10-29 16:47:12 524 ----a-w- C:\WINDOWS\bpfdat.dat
2009-12-15 14:12:55 . 2009-12-14 13:51:35 -------- d-----w- C:\Program Files\Zaparit
2009-12-11 20:37:30 . 2009-12-11 20:37:30 -------- d-----w- C:\Program Files\Counter-Strike Source
2009-12-10 13:16:33 . 2009-10-03 18:06:39 -------- d-----w- C:\Program Files\Valve
2009-12-08 17:53:03 . 2009-12-08 17:53:03 -------- d-----w- C:\Program Files\Alcohol Soft
2009-12-08 15:11:36 . 2009-12-08 15:11:35 716272 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys.12650733
2009-12-08 13:53:30 . 2008-10-17 17:34:44 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2009-12-08 09:31:31 . 2009-12-08 09:31:31 355584 ----a-w- C:\WINDOWS\system32\TuneUpDefragService.exe
2009-12-08 09:29:37 . 2009-12-08 09:29:37 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-06 18:38:38 . 2009-12-06 18:37:42 6559733 ----a-w- C:\WINDOWS\REGBK02.ZIP
2009-12-04 09:24:15 . 2009-12-02 09:24:15 131604 ----a-w- C:\WINDOWS\cscmon.bin
2009-12-03 14:18:36 . 2009-12-19 12:53:11 26000 ----a-w- C:\WINDOWS\system32\PteVideo.dll
2009-11-24 23:54:29 . 2008-10-17 14:14:55 1280480 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2009-11-24 23:51:09 . 2008-10-17 14:15:05 93424 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2009-11-24 23:49:07 . 2008-10-17 14:15:08 48560 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2009-11-24 23:48:57 . 2008-10-17 14:15:08 23120 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2009-11-24 23:47:54 . 2008-10-17 14:15:07 27408 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2009-11-24 23:47:28 . 2008-10-17 14:15:06 97480 ----a-w- C:\WINDOWS\system32\AvastSS.scr
2009-11-23 20:37:30 . 2009-11-23 20:36:43 6561857 ----a-w- C:\WINDOWS\REGBK01.ZIP
2009-11-21 16:03:06 . 2008-04-14 06:51:38 471552 ----a-w- C:\WINDOWS\AppPatch\aclayers.dll
2009-10-27 08:53:24 . 2009-10-27 08:53:24 8192 ----a-w- C:\WINDOWS\system32\CSC.exe
2006-05-03 09:06:54 . 2009-12-18 16:25:27 163328 --sh--r- C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 . 2009-12-18 16:25:27 31232 --sh--r- C:\WINDOWS\system32\msfDX.dll
2008-03-16 12:30:52 . 2009-12-18 16:25:27 216064 --sh--r- C:\WINDOWS\system32\nbDX.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-21_18.35.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-23 07:10:45 . 2010-01-23 07:10:45 16384 C:\WINDOWS\Temp\Perflib_Perfdata_644.dat
+ 2010-01-23 07:10:45 . 2010-01-23 07:10:45 16384 C:\WINDOWS\Temp\Perflib_Perfdata_214.dat
+ 2001-10-25 11:00:00 . 2010-01-22 23:25:00 72040 C:\WINDOWS\system32\perfc009.dat
- 2001-10-25 11:00:00 . 2010-01-21 18:27:22 72040 C:\WINDOWS\system32\perfc009.dat
+ 2007-08-13 16:54:10 . 2009-12-21 19:08:38 55296 C:\WINDOWS\system32\msfeedsbs.dll
- 2007-08-13 16:54:10 . 2009-10-29 07:43:48 55296 C:\WINDOWS\system32\msfeedsbs.dll
+ 2010-01-22 07:16:52 . 2010-01-22 07:16:52 85019 C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-04-14 06:51:46 . 2009-10-29 07:43:48 25600 C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-14 06:51:46 . 2009-12-21 19:08:38 25600 C:\WINDOWS\system32\jsproxy.dll
+ 2009-08-28 16:57:11 . 2009-12-21 19:08:42 12800 C:\WINDOWS\system32\dllcache\xpshims.dll
- 2009-08-28 16:57:11 . 2009-10-29 07:43:54 12800 C:\WINDOWS\system32\dllcache\xpshims.dll
+ 2008-08-26 08:26:59 . 2009-12-21 19:08:38 55296 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-08-26 08:26:59 . 2009-10-29 07:43:48 55296 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-08-13 16:54:10 . 2009-10-29 07:43:48 25600 C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-13 16:54:10 . 2009-12-21 19:08:38 25600 C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2010-01-22 07:07:17 . 2009-10-29 07:43:54 12800 C:\WINDOWS\ie8updates\KB978207-IE8\xpshims.dll
+ 2010-01-22 07:07:17 . 2009-10-29 07:43:48 55296 C:\WINDOWS\ie8updates\KB978207-IE8\msfeedsbs.dll
+ 2010-01-22 07:07:17 . 2009-10-29 07:43:48 25600 C:\WINDOWS\ie8updates\KB978207-IE8\jsproxy.dll
+ 2001-10-25 11:00:00 . 2010-01-22 23:25:00 444164 C:\WINDOWS\system32\perfh009.dat
- 2001-10-25 11:00:00 . 2010-01-21 18:27:22 444164 C:\WINDOWS\system32\perfh009.dat
- 2008-04-14 06:51:54 . 2009-10-29 07:43:53 206848 C:\WINDOWS\system32\occache.dll
+ 2008-04-14 06:51:54 . 2009-12-21 19:08:41 206848 C:\WINDOWS\system32\occache.dll
- 2007-08-13 16:54:10 . 2009-10-29 07:43:48 594432 C:\WINDOWS\system32\msfeeds.dll
+ 2007-08-13 16:54:10 . 2009-12-21 19:08:38 594432 C:\WINDOWS\system32\msfeeds.dll
+ 2009-10-28 03:31:14 . 2009-10-28 03:31:14 257440 C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe
+ 2008-04-14 06:51:44 . 2009-12-21 19:08:37 184320 C:\WINDOWS\system32\iepeers.dll
- 2008-04-14 06:51:44 . 2009-10-29 07:43:47 184320 C:\WINDOWS\system32\iepeers.dll
- 2008-04-14 06:51:44 . 2009-10-29 07:43:43 387584 C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-14 06:51:44 . 2009-12-21 19:08:35 387584 C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-14 06:52:28 . 2009-12-21 13:18:29 173056 C:\WINDOWS\system32\ie4uinit.exe
- 2008-04-14 06:52:28 . 2009-10-28 14:40:47 173056 C:\WINDOWS\system32\ie4uinit.exe
- 2008-08-20 05:10:41 . 2009-10-29 07:43:54 916480 C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-08-20 05:10:41 . 2009-12-21 19:08:42 916480 C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-08-13 16:44:06 . 2009-12-21 19:08:41 206848 C:\WINDOWS\system32\dllcache\occache.dll
- 2007-08-13 16:44:06 . 2009-10-29 07:43:53 206848 C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-08-26 08:26:59 . 2009-12-21 19:08:38 594432 C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-08-26 08:26:59 . 2009-10-29 07:43:48 594432 C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2009-08-28 16:57:12 . 2009-12-21 19:08:37 246272 C:\WINDOWS\system32\dllcache\ieproxy.dll
- 2009-08-28 16:57:12 . 2009-10-29 07:43:47 246272 C:\WINDOWS\system32\dllcache\ieproxy.dll
+ 2007-08-13 16:54:10 . 2009-12-21 19:08:37 184320 C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-08-13 16:54:10 . 2009-10-29 07:43:47 184320 C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-08-13 16:39:50 . 2009-10-29 07:43:43 387584 C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2007-08-13 16:39:50 . 2009-12-21 19:08:35 387584 C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2007-08-13 16:39:06 . 2009-12-21 13:18:29 173056 C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-08-13 16:39:06 . 2009-10-28 14:40:47 173056 C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2010-01-22 07:07:17 . 2009-10-29 07:43:54 916480 C:\WINDOWS\ie8updates\KB978207-IE8\wininet.dll
+ 2010-01-22 07:07:18 . 2009-05-26 11:40:44 391032 C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\updspapi.dll
+ 2010-01-22 07:07:18 . 2008-07-08 12:59:43 233848 C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe
+ 2010-01-22 07:07:17 . 2009-10-29 07:43:53 206848 C:\WINDOWS\ie8updates\KB978207-IE8\occache.dll
+ 2010-01-22 07:07:17 . 2009-10-29 07:43:48 594432 C:\WINDOWS\ie8updates\KB978207-IE8\msfeeds.dll
+ 2010-01-22 07:07:17 . 2009-10-29 07:43:47 246272 C:\WINDOWS\ie8updates\KB978207-IE8\ieproxy.dll
+ 2010-01-22 07:07:17 . 2009-10-29 07:43:47 184320 C:\WINDOWS\ie8updates\KB978207-IE8\iepeers.dll
+ 2010-01-22 07:07:17 . 2009-10-29 07:43:43 387584 C:\WINDOWS\ie8updates\KB978207-IE8\iedkcs32.dll
+ 2010-01-22 07:07:17 . 2009-10-28 14:40:47 173056 C:\WINDOWS\ie8updates\KB978207-IE8\ie4uinit.exe
+ 2008-04-14 06:52:06 . 2009-12-21 19:08:42 1208832 C:\WINDOWS\system32\urlmon.dll
- 2008-04-14 06:52:06 . 2009-10-29 07:43:54 1208832 C:\WINDOWS\system32\urlmon.dll
+ 2008-04-14 06:51:50 . 2009-12-21 19:08:41 5942784 C:\WINDOWS\system32\mshtml.dll
- 2007-08-13 16:34:04 . 2009-10-29 07:43:48 1985536 C:\WINDOWS\system32\iertutil.dll
+ 2007-08-13 16:34:04 . 2009-12-21 19:08:38 1985536 C:\WINDOWS\system32\iertutil.dll
+ 2008-08-20 05:10:41 . 2009-12-21 19:08:42 1208832 C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-08-20 05:10:41 . 2009-10-29 07:43:54 1208832 C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-08-20 05:10:42 . 2009-12-21 19:08:41 5942784 C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-08-26 08:26:58 . 2009-12-21 19:08:38 1985536 C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-08-26 08:26:58 . 2009-10-29 07:43:48 1985536 C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2010-01-22 07:07:17 . 2009-10-29 07:43:54 1208832 C:\WINDOWS\ie8updates\KB978207-IE8\urlmon.dll
+ 2010-01-22 07:07:17 . 2009-10-29 07:43:52 5940736 C:\WINDOWS\ie8updates\KB978207-IE8\mshtml.dll
+ 2010-01-22 07:07:17 . 2009-10-29 07:43:48 1985536 C:\WINDOWS\ie8updates\KB978207-IE8\iertutil.dll
+ 2009-10-27 19:31:38 . 2009-10-27 19:31:38 1956816 C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2007-08-13 16:54:10 . 2009-12-21 19:08:37 11070464 C:\WINDOWS\system32\ieframe.dll
+ 2008-10-03 17:26:29 . 2009-12-21 19:08:37 11070464 C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2010-01-22 07:07:17 . 2009-10-29 07:43:46 11069952 C:\WINDOWS\ie8updates\KB978207-IE8\ieframe.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2009-10-09 11:11:12 25623336]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2009-03-11 16:22:48 2912256]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2010-01-17 14:36:42 4608]
"Advanced SystemCare 3"="C:\Udržba\Advanced SystemCare 3\AWC.exe" [2009-11-20 12:51:34 2335880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 23:51:40 81000]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2009-05-27 15:14:56 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-10-11 03:17:36 149280]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 06:39:00 16862720]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40:44 155648]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2004-06-28 02:33:34 57344]
"C-Media Mixer"="Mixer.exe" [2002-10-15 17:00:20 1818624]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 11:32:18 203264]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 00:57:28 35760]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 14:57:56 948672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 06:52:18 15360]
C:\Documents and Settings\PC\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Di ý.lnk - C:\Documents and Settings\PC\Dokumenty\Di ý.xls [2008-10-17 573440]
PopTray.lnk - C:\Program Files\PopTray\PopTray.exe [2008-10-17 1666048]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věroźˇ.lnk - C:\R…zn‚\Vyroci\Vyroci32.exe [2001-2-27 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
Zatím díky moc.
-
Rudy
- Site Admin
- Příspěvky: 119390
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola logu
Log vypadá OK, 1 položka smazána.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?