========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2004.08.17 15:49:24 | 000,015,360 | ---- | M] (Microsoft Corporation)
< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2008.11.18 15:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Adobe
[2010.03.12 21:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Ahead
[2009.05.13 15:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Apple Computer
[2008.11.07 22:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\ATI
[2010.04.14 11:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Autodesk
[2010.07.19 16:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Azureus
[2009.05.03 21:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Capcom
[2008.11.11 13:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\CyberLink
[2010.07.05 16:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\DAEMON Tools
[2009.03.28 14:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\DAEMON Tools Lite
[2009.03.28 15:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\DAEMON Tools Pro
[2009.09.20 15:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Download Manager
[2010.09.11 10:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\dvdcss
[2009.01.28 13:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\EPSON
[2008.11.07 23:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\ESET
[2008.11.11 10:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\FaxCtr
[2008.12.14 01:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Help
[2009.06.08 16:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\ICQ
[2008.11.07 22:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Identities
[2008.11.07 22:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\InstallShield
[2008.11.18 15:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\InterTrust
[2010.03.06 14:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Kingston
[2010.08.05 20:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\LangSoft
[2008.11.19 14:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Leadertech
[2008.11.07 23:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Macromedia
[2009.10.06 21:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Malwarebytes
[2009.03.10 18:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Media Player Classic
[2009.01.20 22:59:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft
[2010.01.03 22:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\MOBILedit
[2008.11.08 11:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Mozilla
[2010.03.12 20:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Nero
[2009.09.04 20:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Nordic Games
[2009.01.02 01:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\ProtectDisc
[2008.11.11 00:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Publish Providers
[2010.08.09 18:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Raptr
[2010.03.06 14:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Security_File
[2008.12.05 16:04:55 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\SecuROM
[2010.09.04 14:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Skype
[2008.11.13 11:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Sony
[2009.12.21 21:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Sports Interactive
[2008.12.06 00:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Sun
[2010.02.04 19:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Tropico 3
[2009.01.14 14:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\TuneUp Software
[2010.04.14 16:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Ubisoft
[2009.03.10 18:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Uniblue
[2010.09.20 20:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\uTorrent
[2009.02.28 11:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\VitySoft
[2010.08.27 15:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\vlc
[2010.08.15 13:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Vso
[2009.07.03 11:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\WinRAR
< %APPDATA%\*.exe /s >
[2009.09.29 12:12:08 | 001,519,616 | ---- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Kingston\SecureTraveler.exe
[2008.11.07 22:42:33 | 000,009,158 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{5399ACAF-7B15-43D5-9233-4E797B184FD2}\ARPPRODUCTICON.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_124305e.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_12db153c.exe
[2010.09.20 21:08:56 | 000,005,430 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_154754de.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_16496df1.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_18be6784.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_26e91eb.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_294823.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_2cd672ae.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_39b32d12.exe
[2010.09.20 21:08:57 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_428b26a6.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_440d491c.exe
[2010.09.20 21:08:57 | 000,013,262 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_45091238.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_4ae13d6c.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_4d064db7.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_5af141bb.exe
[2010.09.20 21:08:57 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_644366bb.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_69525f90.exe
[2010.09.20 21:08:57 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_701f5d03.exe
[2010.09.20 21:08:57 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_74d4dc8.exe
[2010.09.20 21:08:57 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_7a5a767d.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_7e87390c.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_bb32ea6.exe
[2010.09.20 21:08:56 | 000,009,662 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_f3e99.exe
[2007.01.29 16:34:14 | 002,479,568 | ---- | M] ( ) -- C:\Documents and Settings\Lukáš\Data aplikací\Mozilla\Firefox\Profiles\y6oatlgg.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe
[2009.09.29 12:12:08 | 001,519,616 | ---- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Security_File\AP\SecureTraveler.exe
[2010.05.28 03:48:25 | 000,922,400 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Lukáš\Data aplikací\Sun\Java\JRERunOnce.exe
< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 09:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\autochk.exe
[2004.08.17 15:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\system32\autochk.exe
[2004.08.17 15:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\system32\dllcache\autochk.exe
< MD5 for: CDROM.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
[2008.04.14 09:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 09:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
[2007.05.17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 09:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\hal.dll
[2004.08.03 22:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\changer.sys
< MD5 for: ISAPNP.SYS >
[2001.10.25 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\isapnp.sys
< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
[2008.04.14 09:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.14 01:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
[2008.04.14 09:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
[2008.04.14 09:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\dllcache\smss.exe
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
[2004.08.17 16:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 09:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.14 01:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\drivers\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 09:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 09:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
[2008.04.14 09:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2010.09.21 17:57:38 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010.09.21 15:49:09 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010.09.21 17:57:38 | 040,632,320 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010.09.21 17:57:38 | 010,485,760 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2010.09.21 16:16:19 | 000,000,288 | ---- | M] () -- C:\WINDOWS\system32\$winnt$.inf
[2010.09.21 16:13:03 | 000,016,832 | ---- | M] () -- C:\WINDOWS\system32\amcompat.tlb
[2010.09.21 16:12:08 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\system32\cdplayer.exe.manifest
[2010.09.21 16:10:38 | 000,023,876 | ---- | M] () -- C:\WINDOWS\system32\emptyregdb.dat
[2010.09.21 16:18:47 | 000,298,848 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2010.09.21 16:12:13 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\system32\logonui.exe.manifest
[2010.09.21 16:12:08 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\system32\ncpa.cpl.manifest
[2010.09.21 16:13:03 | 000,023,392 | ---- | M] () -- C:\WINDOWS\system32\nscompat.tlb
[2010.09.21 16:12:08 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\system32\nwc.cpl.manifest
[2010.09.21 16:23:26 | 000,100,572 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2010.09.21 16:23:26 | 000,087,544 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2010.09.21 16:23:26 | 000,496,788 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2010.09.21 16:23:26 | 000,501,294 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2010.09.21 16:23:25 | 001,204,914 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2010.09.21 16:12:08 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\system32\sapi.cpl.manifest
[2010.09.21 16:12:13 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\system32\WindowsLogon.manifest
[2010.09.21 16:22:24 | 000,002,228 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[2010.09.21 16:12:08 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\system32\wuaucpl.cpl.manifest
< End of report >
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosim o kontrolu logu.
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu.
Pokračujte podle návodu http://www.bleepingcomputer.com/combofi ... t-combofix
Re: Prosim o kontrolu logu.
Ten log je strasne velky. Ma pres 500 000 znaku.
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu.
Pokud nemáte, přesuňte Combofix na plochu
- Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.
Kód: Vybrat vše
Restore::
C:\windows\system32\Drivers\atapi.sys- Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
- Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
- Po aplikaci na Vás vypadne další log,vložte ho sem
Re: Prosim o kontrolu logu.
ComboFix 10-09-20.07 - Lukáš 21.09.2010 20:25:36.12.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3326.2606 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lukáš\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Lukáš\Plocha\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
Nakažená kopie c:\windows\system32\Drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\atapi.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-21 do 2010-09-21 )))))))))))))))))))))))))))))))
.
2010-09-21 14:14 . 2001-10-24 10:25 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2010-09-21 14:13 . 2004-08-17 13:49 6144 -c--a-w- c:\windows\system32\dllcache\ftpmib.dll
2010-09-21 14:11 . 2001-10-25 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-09-21 14:00 . 2001-10-25 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-09-21 14:00 . 2001-10-25 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-09-21 14:00 . 2001-10-25 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-09-21 14:00 . 2001-10-25 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-09-20 17:50 . 2010-09-20 17:50 -------- d-----w- C:\_OTL
2010-09-20 15:52 . 2010-09-20 15:52 -------- d-----w- C:\rsit
2010-09-17 15:59 . 2010-09-20 15:50 -------- d-----w- C:\ToolBar SD
2010-09-12 15:01 . 2010-09-12 15:02 -------- d-----w- C:\Mise do mafie 2
2010-09-04 18:28 . 2010-09-04 18:28 -------- d-----w- C:\mhdmdm
2010-09-04 15:51 . 2010-09-04 15:52 -------- d-----w- c:\program files\Austrian Truck Simulator
2010-09-04 12:42 . 2010-09-13 19:03 -------- d-----w- c:\program files\Share Rapid Uploader
2010-08-25 17:24 . 2010-07-07 01:58 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-08-25 17:24 . 2010-07-07 01:58 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-08-25 17:24 . 2010-07-07 01:57 4337664 ----a-w- c:\windows\system32\aticaldd.dll
2010-08-25 17:24 . 2010-07-07 01:29 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-08-25 17:24 . 2010-07-07 01:15 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-08-25 17:24 . 2009-05-11 21:35 118784 ----a-w- c:\windows\system32\atibtmon.exe
2010-08-25 17:24 . 2009-02-18 17:55 294912 ----a-w- c:\windows\system32\ATIODE.exe
2010-08-25 17:24 . 2009-02-03 20:52 45056 ----a-w- c:\windows\system32\ATIODCLI.exe
2010-08-25 17:24 . 2010-08-25 17:26 -------- d-----w- c:\program files\ATI
2010-08-25 17:23 . 2010-08-25 17:23 -------- d-----w- C:\ATI
2010-08-25 16:05 . 2010-08-25 16:18 -------- d-----w- c:\program files\Mafie 2
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-21 14:23 . 2001-10-25 14:00 496788 ----a-w- c:\windows\system32\perfh005.dat
2010-09-21 14:23 . 2001-10-25 14:00 100572 ----a-w- c:\windows\system32\perfc005.dat
2010-09-21 14:10 . 2008-11-07 20:31 23876 ----a-w- c:\windows\system32\emptyregdb.dat
2010-09-20 19:32 . 2010-09-20 19:32 1468534784 ----a-w- c:\documents and settings\Administrator\prf33.tmp
2010-09-20 19:27 . 2008-11-07 20:47 15600 ----a-w- c:\windows\gdrv.sys
2010-09-20 17:14 . 2009-06-28 13:42 -------- d-----w- c:\program files\ESET
2010-09-08 06:24 . 2010-07-30 18:35 -------- d-----w- c:\program files\City Interactive
2010-09-04 11:47 . 2010-01-20 16:23 -------- d-----w- c:\program files\Call of Duty Modern Warfare 2
2010-09-04 10:55 . 2008-11-08 10:49 -------- d-----w- c:\program files\ParadisePoker
2010-09-04 08:08 . 2008-11-07 22:12 -------- d-----w- c:\program files\CCleaner
2010-08-25 17:24 . 2008-11-07 20:39 -------- d-----w- c:\program files\ATI Technologies
2010-08-24 15:25 . 2009-02-27 15:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-09 16:20 . 2009-03-04 18:51 -------- d-----w- c:\program files\Sega
2010-08-09 15:44 . 2010-04-14 09:33 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-08-09 15:44 . 2010-04-14 09:33 -------- d-----w- c:\program files\AutoCAD 2010
2010-08-07 07:27 . 2010-08-07 07:27 -------- d-----w- c:\program files\Common Files\Java
2010-08-07 07:26 . 2008-12-05 22:38 -------- d-----w- c:\program files\Java
2010-07-25 17:00 . 2009-07-07 08:44 -------- d-----w- c:\program files\Ubisoft
2010-07-25 16:54 . 2008-11-07 20:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-24 08:48 . 2010-07-23 17:09 -------- d-----w- c:\program files\AIMP2
2010-07-17 03:00 . 2010-07-07 06:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-07 02:27 . 2007-06-15 01:58 5069312 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-07-07 01:53 . 2008-12-01 20:46 15499264 ----a-w- c:\windows\system32\atioglxx.dll
2010-07-07 01:50 . 2008-11-07 21:27 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-07-07 01:48 . 2008-11-07 20:39 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:47 . 2007-06-15 01:59 299520 ----a-w- c:\windows\system32\ati2dvag.dll
2010-07-07 01:41 . 2007-06-15 01:41 3869952 ----a-w- c:\windows\system32\ati3duag.dll
2010-07-07 01:33 . 2007-06-15 01:52 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-07-07 01:32 . 2007-03-23 20:23 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-07-07 01:32 . 2007-06-15 01:51 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-07-07 01:32 . 2007-06-15 01:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-07-07 01:32 . 2007-06-15 01:51 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-07-07 01:31 . 2007-06-15 01:50 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-07-07 01:29 . 2007-06-15 01:49 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-07-07 01:28 . 2007-06-15 01:31 2273920 ----a-w- c:\windows\system32\ativvaxx.dll
2010-07-07 01:27 . 2008-11-07 21:27 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-07-07 01:27 . 2008-11-07 21:27 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-07-07 01:25 . 2007-06-15 01:18 573440 ----a-w- c:\windows\system32\atikvmag.dll
2010-07-07 01:24 . 2007-06-15 01:14 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-07-07 01:24 . 2008-12-01 19:52 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-07-07 01:23 . 2007-06-15 01:17 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-07-07 01:19 . 2007-06-15 01:11 704512 ----a-w- c:\windows\system32\ati2cqag.dll
2010-07-07 01:15 . 2008-12-01 19:57 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-07-07 01:15 . 2007-06-15 01:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-09-21_15.27.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-21 18:31 . 2010-09-21 18:31 16384 c:\windows\temp\Perflib_Perfdata_2b4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-11 282624]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]
[HKLM\~\startupfolder\C:^Documents and Settings^Lukáš^Nabídka Start^Programy^Po spuštění^FreeRapid 0.81.lnk]
backup=c:\windows\pss\FreeRapid 0.81.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2007-02-06 12:08 1953792 ----a-r- c:\windows\system32\JMRaidSetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2006-10-30 12:44 36864 ----a-r- c:\windows\JM\JMInsIDE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-09-10 12:53 1312080 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-11 11:06 282624 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-04-12 09:33 16132608 ----a-r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-29 16:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2003-09-29 15:39 155648 ----a-w- c:\program files\WinFast\WFTVFM\WFWIZ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Cas\\ParadiseCasino\\casino.exe"=
"c:\\Program Files\\Call of Duty Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Call of Duty Modern Warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Call of Duty Modern Warfare 2\\iw4mp.dat"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 pe3aqagb;Cobra 11 Environment Driver (pe3aqagb);c:\windows\system32\drivers\pe3aqagb.sys [28.1.2008 17:55 64624]
R0 pf2aqagb;Cobra 11 File System Driver (pf2aqagb);c:\windows\system32\drivers\pf2aqagb.sys [28.1.2008 17:55 83568]
R0 ps7aqagb;Cobra 11 Synchronization Driver (ps7aqagb);c:\windows\system32\drivers\ps7aqagb.sys [28.1.2008 17:54 68216]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 7:51 277736]
R2 BT848;WinFast VC100 WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [7.1.2009 11:48 76325]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 15:47 731840]
R2 Tv2kXbar;WinFast VC100 WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [7.1.2009 11:49 10005]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.11.2008 10:16 717296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 pr2aqagb;Cobra 11 Drivers Auto Removal (pr2aqagb);c:\windows\system32\pr2aqagb.exe svc --> c:\windows\system32\pr2aqagb.exe svc [?]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [7.11.2008 23:16 197908]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [7.11.2008 23:16 10405]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [7.11.2008 23:16 34422]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [13.11.2008 15:49 6085]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
.
------- Doplňkový sken -------
.
uStart Page =
mWindow Title =
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Lukáš\Data aplikací\Mozilla\Firefox\Profiles\y6oatlgg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - component: c:\documents and settings\Lukáš\Data aplikací\Mozilla\Firefox\Profiles\y6oatlgg.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
FF - component: c:\documents and settings\Lukáš\Data aplikací\Mozilla\Firefox\Profiles\y6oatlgg.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-484763869-1409082233-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-484763869-1409082233-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:38,80,6a,12,05,ce,1b,04,ac,95,4e,71,c5,06,c4,12,37,55,d6,87,e7,
94,fb,75,e7,96,6d,3b,b7,1f,1e,87,aa,ea,75,31,09,89,b8,f5,82,a3,86,2e,06,ed,\
"rkeysecu"=hex:bc,3f,c4,f8,42,21,02,d6,26,43,73,39,13,70,4b,dc
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
- - - - - - - > 'explorer.exe'(3364)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Celkový čas: 2010-09-21 20:35:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-21 18:35
ComboFix2.txt 2010-09-21 15:32
ComboFix3.txt 2010-09-21 13:47
Před spuštěním: Volných bajtů: 38 791 352 320
Po spuštění: Volných bajtů: 38 776 307 712
Current=4 Default=4 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - C5A0CBDD65571896F257446E9AF85C72
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3326.2606 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lukáš\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Lukáš\Plocha\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
Nakažená kopie c:\windows\system32\Drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\atapi.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-21 do 2010-09-21 )))))))))))))))))))))))))))))))
.
2010-09-21 14:14 . 2001-10-24 10:25 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2010-09-21 14:13 . 2004-08-17 13:49 6144 -c--a-w- c:\windows\system32\dllcache\ftpmib.dll
2010-09-21 14:11 . 2001-10-25 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-09-21 14:00 . 2001-10-25 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-09-21 14:00 . 2001-10-25 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-09-21 14:00 . 2001-10-25 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-09-21 14:00 . 2001-10-25 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-09-20 17:50 . 2010-09-20 17:50 -------- d-----w- C:\_OTL
2010-09-20 15:52 . 2010-09-20 15:52 -------- d-----w- C:\rsit
2010-09-17 15:59 . 2010-09-20 15:50 -------- d-----w- C:\ToolBar SD
2010-09-12 15:01 . 2010-09-12 15:02 -------- d-----w- C:\Mise do mafie 2
2010-09-04 18:28 . 2010-09-04 18:28 -------- d-----w- C:\mhdmdm
2010-09-04 15:51 . 2010-09-04 15:52 -------- d-----w- c:\program files\Austrian Truck Simulator
2010-09-04 12:42 . 2010-09-13 19:03 -------- d-----w- c:\program files\Share Rapid Uploader
2010-08-25 17:24 . 2010-07-07 01:58 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-08-25 17:24 . 2010-07-07 01:58 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-08-25 17:24 . 2010-07-07 01:57 4337664 ----a-w- c:\windows\system32\aticaldd.dll
2010-08-25 17:24 . 2010-07-07 01:29 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-08-25 17:24 . 2010-07-07 01:15 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-08-25 17:24 . 2009-05-11 21:35 118784 ----a-w- c:\windows\system32\atibtmon.exe
2010-08-25 17:24 . 2009-02-18 17:55 294912 ----a-w- c:\windows\system32\ATIODE.exe
2010-08-25 17:24 . 2009-02-03 20:52 45056 ----a-w- c:\windows\system32\ATIODCLI.exe
2010-08-25 17:24 . 2010-08-25 17:26 -------- d-----w- c:\program files\ATI
2010-08-25 17:23 . 2010-08-25 17:23 -------- d-----w- C:\ATI
2010-08-25 16:05 . 2010-08-25 16:18 -------- d-----w- c:\program files\Mafie 2
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-21 14:23 . 2001-10-25 14:00 496788 ----a-w- c:\windows\system32\perfh005.dat
2010-09-21 14:23 . 2001-10-25 14:00 100572 ----a-w- c:\windows\system32\perfc005.dat
2010-09-21 14:10 . 2008-11-07 20:31 23876 ----a-w- c:\windows\system32\emptyregdb.dat
2010-09-20 19:32 . 2010-09-20 19:32 1468534784 ----a-w- c:\documents and settings\Administrator\prf33.tmp
2010-09-20 19:27 . 2008-11-07 20:47 15600 ----a-w- c:\windows\gdrv.sys
2010-09-20 17:14 . 2009-06-28 13:42 -------- d-----w- c:\program files\ESET
2010-09-08 06:24 . 2010-07-30 18:35 -------- d-----w- c:\program files\City Interactive
2010-09-04 11:47 . 2010-01-20 16:23 -------- d-----w- c:\program files\Call of Duty Modern Warfare 2
2010-09-04 10:55 . 2008-11-08 10:49 -------- d-----w- c:\program files\ParadisePoker
2010-09-04 08:08 . 2008-11-07 22:12 -------- d-----w- c:\program files\CCleaner
2010-08-25 17:24 . 2008-11-07 20:39 -------- d-----w- c:\program files\ATI Technologies
2010-08-24 15:25 . 2009-02-27 15:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-09 16:20 . 2009-03-04 18:51 -------- d-----w- c:\program files\Sega
2010-08-09 15:44 . 2010-04-14 09:33 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-08-09 15:44 . 2010-04-14 09:33 -------- d-----w- c:\program files\AutoCAD 2010
2010-08-07 07:27 . 2010-08-07 07:27 -------- d-----w- c:\program files\Common Files\Java
2010-08-07 07:26 . 2008-12-05 22:38 -------- d-----w- c:\program files\Java
2010-07-25 17:00 . 2009-07-07 08:44 -------- d-----w- c:\program files\Ubisoft
2010-07-25 16:54 . 2008-11-07 20:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-24 08:48 . 2010-07-23 17:09 -------- d-----w- c:\program files\AIMP2
2010-07-17 03:00 . 2010-07-07 06:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-07 02:27 . 2007-06-15 01:58 5069312 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-07-07 01:53 . 2008-12-01 20:46 15499264 ----a-w- c:\windows\system32\atioglxx.dll
2010-07-07 01:50 . 2008-11-07 21:27 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-07-07 01:48 . 2008-11-07 20:39 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:47 . 2007-06-15 01:59 299520 ----a-w- c:\windows\system32\ati2dvag.dll
2010-07-07 01:41 . 2007-06-15 01:41 3869952 ----a-w- c:\windows\system32\ati3duag.dll
2010-07-07 01:33 . 2007-06-15 01:52 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-07-07 01:32 . 2007-03-23 20:23 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-07-07 01:32 . 2007-06-15 01:51 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-07-07 01:32 . 2007-06-15 01:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-07-07 01:32 . 2007-06-15 01:51 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-07-07 01:31 . 2007-06-15 01:50 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-07-07 01:29 . 2007-06-15 01:49 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-07-07 01:28 . 2007-06-15 01:31 2273920 ----a-w- c:\windows\system32\ativvaxx.dll
2010-07-07 01:27 . 2008-11-07 21:27 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-07-07 01:27 . 2008-11-07 21:27 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-07-07 01:25 . 2007-06-15 01:18 573440 ----a-w- c:\windows\system32\atikvmag.dll
2010-07-07 01:24 . 2007-06-15 01:14 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-07-07 01:24 . 2008-12-01 19:52 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-07-07 01:23 . 2007-06-15 01:17 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-07-07 01:19 . 2007-06-15 01:11 704512 ----a-w- c:\windows\system32\ati2cqag.dll
2010-07-07 01:15 . 2008-12-01 19:57 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-07-07 01:15 . 2007-06-15 01:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-09-21_15.27.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-21 18:31 . 2010-09-21 18:31 16384 c:\windows\temp\Perflib_Perfdata_2b4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-11 282624]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]
[HKLM\~\startupfolder\C:^Documents and Settings^Lukáš^Nabídka Start^Programy^Po spuštění^FreeRapid 0.81.lnk]
backup=c:\windows\pss\FreeRapid 0.81.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2007-02-06 12:08 1953792 ----a-r- c:\windows\system32\JMRaidSetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2006-10-30 12:44 36864 ----a-r- c:\windows\JM\JMInsIDE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-09-10 12:53 1312080 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-11 11:06 282624 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-04-12 09:33 16132608 ----a-r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-29 16:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2003-09-29 15:39 155648 ----a-w- c:\program files\WinFast\WFTVFM\WFWIZ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Cas\\ParadiseCasino\\casino.exe"=
"c:\\Program Files\\Call of Duty Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Call of Duty Modern Warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Call of Duty Modern Warfare 2\\iw4mp.dat"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 pe3aqagb;Cobra 11 Environment Driver (pe3aqagb);c:\windows\system32\drivers\pe3aqagb.sys [28.1.2008 17:55 64624]
R0 pf2aqagb;Cobra 11 File System Driver (pf2aqagb);c:\windows\system32\drivers\pf2aqagb.sys [28.1.2008 17:55 83568]
R0 ps7aqagb;Cobra 11 Synchronization Driver (ps7aqagb);c:\windows\system32\drivers\ps7aqagb.sys [28.1.2008 17:54 68216]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 7:51 277736]
R2 BT848;WinFast VC100 WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [7.1.2009 11:48 76325]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 15:47 731840]
R2 Tv2kXbar;WinFast VC100 WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [7.1.2009 11:49 10005]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.11.2008 10:16 717296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 pr2aqagb;Cobra 11 Drivers Auto Removal (pr2aqagb);c:\windows\system32\pr2aqagb.exe svc --> c:\windows\system32\pr2aqagb.exe svc [?]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [7.11.2008 23:16 197908]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [7.11.2008 23:16 10405]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [7.11.2008 23:16 34422]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [13.11.2008 15:49 6085]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
.
------- Doplňkový sken -------
.
uStart Page =
mWindow Title =
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Lukáš\Data aplikací\Mozilla\Firefox\Profiles\y6oatlgg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - component: c:\documents and settings\Lukáš\Data aplikací\Mozilla\Firefox\Profiles\y6oatlgg.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
FF - component: c:\documents and settings\Lukáš\Data aplikací\Mozilla\Firefox\Profiles\y6oatlgg.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-484763869-1409082233-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-484763869-1409082233-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:38,80,6a,12,05,ce,1b,04,ac,95,4e,71,c5,06,c4,12,37,55,d6,87,e7,
94,fb,75,e7,96,6d,3b,b7,1f,1e,87,aa,ea,75,31,09,89,b8,f5,82,a3,86,2e,06,ed,\
"rkeysecu"=hex:bc,3f,c4,f8,42,21,02,d6,26,43,73,39,13,70,4b,dc
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
- - - - - - - > 'explorer.exe'(3364)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Celkový čas: 2010-09-21 20:35:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-21 18:35
ComboFix2.txt 2010-09-21 15:32
ComboFix3.txt 2010-09-21 13:47
Před spuštěním: Volných bajtů: 38 791 352 320
Po spuštění: Volných bajtů: 38 776 307 712
Current=4 Default=4 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - C5A0CBDD65571896F257446E9AF85C72
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu.
Odinstalujte všechny emulátory virtuálních mechanik. Stáhněte SPTD http://www.duplexsecure.com/en/downloads
- Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
- zvolte možnost Uninstall a restartujte PC.
Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe
- Klikněte na "Disable" a restartujte PC.
Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe Start > Spustit (Win + R)- Vyskočí okénko, zkopírujte do něj:
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -t- Klikněte na OK
- Vytvoří se log s názvem mbr.log, vložte ho sem.
Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878Re: Prosim o kontrolu logu.
Omlouvam se za spozdeni. Nebyl jsem vubec u pc. Tady davam ty logy.
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
GMER
1.log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-09-21 20:57:42
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\LUK~1\LOCALS~1\Temp\awdiaaod.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
---- EOF - GMER 1.0.15 ----
2.log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-24 15:01:35
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\LUK~1\LOCALS~1\Temp\awdiaaod.sys
---- System - GMER 1.0.15 ----
SSDT 8A0F8580 ZwAssignProcessToJobObject
SSDT 8A0F9100 ZwDebugActiveProcess
SSDT 8A0F8B30 ZwDuplicateObject
SSDT 8A0F7CC0 ZwOpenProcess
SSDT 8A0F7FC0 ZwOpenThread
SSDT 8A0F89C0 ZwProtectVirtualMemory
SSDT 8A0F8860 ZwSetContextThread
SSDT 8A0F86E0 ZwSetInformationThread
SSDT 8A0F5700 ZwSetSecurityObject
SSDT 8A0F8420 ZwSuspendProcess
SSDT 8A0F82C0 ZwSuspendThread
SSDT 8A0F7E50 ZwTerminateProcess
SSDT 8A0F8150 ZwTerminateThread
SSDT 8A0F8F50 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.xreloc C:\WINDOWS\system32\drivers\ps7aqagb.sys unknown last section [0xB9F47000, 0x9F4, 0x40000040]
.text C:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xB8F33000, 0x253E67, 0xE8000020]
.reloc C:\WINDOWS\system32\drivers\acedrv11.sys section is executable [0xA80A2600, 0x25B0C, 0xE0000060]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA8043300, 0x3AF78, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA3E8300, 0x1BCE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[652] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Mozilla Firefox\firefox.exe[792] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3180] USER32.dll!TrackPopupMenu 77D84F16 5 Bytes JMP 103FDDE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0A 0x4C 0xF2 0xFE ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x63 0x84 0x95 0xC0 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDD 0x28 0x58 0x18 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9C 0x81 0xA0 0x52 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x8F 0x07 0x4F 0x4B ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x3E 0x2A 0xAD 0xF4 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x89 0x41 0x46 0xC0 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x24 0x03 0xB9 0x2B ...
Reg HKLM\SYSTEM\ControlSet002\Services\CiSvc\Enum@0 Root\LEGACY_CISVC\0000
Reg HKLM\SYSTEM\ControlSet002\Services\CiSvc\Enum@Count 1
Reg HKLM\SYSTEM\ControlSet002\Services\CiSvc\Enum@NextInstance 1
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\DriverScanner@AutoBackupLogFiles 0
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\DriverScanner@MaxSize 524288
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\DriverScanner@Retention 604800
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\DriverScanner@Sources UniblueCommon?DriverScanner?
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\DriverScanner@File %SystemRoot%\System32\config\DriverScanner.evt
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\DriverScanner\UniblueCommon (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\DriverScanner\UniblueCommon@EventMessageFile C:\Program Files\Uniblue\DriverScanner\UniblueCommon.dll
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\DriverScanner\UniblueCommon@TypesSupported 7
Reg HKLM\SYSTEM\ControlSet002\Services\napagent\LocalConfig\Enroll\HcsGroups (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System@clr_optimization_v4.0.30319_32-1 V4.0|Action=Block|Dir=In|App=C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe|Svc=clr_optimization_v4.0.30319_32|Name=Block traffic for clr_optimization_v4.0.30319_32|
Reg HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System@clr_optimization_v4.0.30319_32-2 V4.0|Action=Block|Dir=Out|App=C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe|Svc=clr_optimization_v4.0.30319_32|Name=Block traffic for clr_optimization_v4.0.30319_32|
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0A 0x4C 0xF2 0xFE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x63 0x84 0x95 0xC0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDD 0x28 0x58 0x18 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9C 0x81 0xA0 0x52 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x8F 0x07 0x4F 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x3E 0x2A 0xAD 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x89 0x41 0x46 0xC0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x24 0x03 0xB9 0x2B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x63 0x35 0x66 0x57 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0A 0x4C 0xF2 0xFE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBF 0x6E 0x45 0x77 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0x49 0xCF 0x67 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBC 0xB6 0xBD 0x91 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x28 0xE0 0x78 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x57 0xE1 0x8E 0x14 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0A 0x4C 0xF2 0xFE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x63 0x84 0x95 0xC0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x50 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7A 0x93 0x92 0x5F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDD 0x28 0x58 0x18 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9C 0x81 0xA0 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x8F 0x07 0x4F 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x3E 0x2A 0xAD 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x82 0x5C 0x21 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x89 0x41 0x46 0xC0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x24 0x03 0xB9 0x2B ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x57 0xE1 0x8E 0x14 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0A 0x4C 0xF2 0xFE ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x63 0x84 0x95 0xC0 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x50 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7A 0x93 0x92 0x5F ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDD 0x28 0x58 0x18 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9C 0x81 0xA0 0x52 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x8F 0x07 0x4F 0x4B ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x3E 0x2A 0xAD 0xF4 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x82 0x5C 0x21 0x62 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x89 0x41 0x46 0xC0 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x24 0x03 0xB9 0x2B ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x57 0xE1 0x8E 0x14 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0A 0x4C 0xF2 0xFE ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x63 0x84 0x95 0xC0 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x50 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7A 0x93 0x92 0x5F ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDD 0x28 0x58 0x18 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9C 0x81 0xA0 0x52 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x8F 0x07 0x4F 0x4B ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x3E 0x2A 0xAD 0xF4 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x82 0x5C 0x21 0x62 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x89 0x41 0x46 0xC0 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x24 0x03 0xB9 0x2B ...
---- EOF - GMER 1.0.15 ----
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
GMER
1.log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-09-21 20:57:42
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\LUK~1\LOCALS~1\Temp\awdiaaod.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
---- EOF - GMER 1.0.15 ----
2.log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-24 15:01:35
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\LUK~1\LOCALS~1\Temp\awdiaaod.sys
---- System - GMER 1.0.15 ----
SSDT 8A0F8580 ZwAssignProcessToJobObject
SSDT 8A0F9100 ZwDebugActiveProcess
SSDT 8A0F8B30 ZwDuplicateObject
SSDT 8A0F7CC0 ZwOpenProcess
SSDT 8A0F7FC0 ZwOpenThread
SSDT 8A0F89C0 ZwProtectVirtualMemory
SSDT 8A0F8860 ZwSetContextThread
SSDT 8A0F86E0 ZwSetInformationThread
SSDT 8A0F5700 ZwSetSecurityObject
SSDT 8A0F8420 ZwSuspendProcess
SSDT 8A0F82C0 ZwSuspendThread
SSDT 8A0F7E50 ZwTerminateProcess
SSDT 8A0F8150 ZwTerminateThread
SSDT 8A0F8F50 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.xreloc C:\WINDOWS\system32\drivers\ps7aqagb.sys unknown last section [0xB9F47000, 0x9F4, 0x40000040]
.text C:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xB8F33000, 0x253E67, 0xE8000020]
.reloc C:\WINDOWS\system32\drivers\acedrv11.sys section is executable [0xA80A2600, 0x25B0C, 0xE0000060]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA8043300, 0x3AF78, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA3E8300, 0x1BCE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[652] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Mozilla Firefox\firefox.exe[792] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3180] USER32.dll!TrackPopupMenu 77D84F16 5 Bytes JMP 103FDDE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0A 0x4C 0xF2 0xFE ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x63 0x84 0x95 0xC0 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDD 0x28 0x58 0x18 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9C 0x81 0xA0 0x52 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x8F 0x07 0x4F 0x4B ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x3E 0x2A 0xAD 0xF4 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x89 0x41 0x46 0xC0 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x24 0x03 0xB9 0x2B ...
Reg HKLM\SYSTEM\ControlSet002\Services\CiSvc\Enum@0 Root\LEGACY_CISVC\0000
Reg HKLM\SYSTEM\ControlSet002\Services\CiSvc\Enum@Count 1
Reg HKLM\SYSTEM\ControlSet002\Services\CiSvc\Enum@NextInstance 1
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\DriverScanner@AutoBackupLogFiles 0
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\DriverScanner@MaxSize 524288
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\DriverScanner@Retention 604800
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\DriverScanner@Sources UniblueCommon?DriverScanner?
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\DriverScanner@File %SystemRoot%\System32\config\DriverScanner.evt
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\DriverScanner\UniblueCommon (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\DriverScanner\UniblueCommon@EventMessageFile C:\Program Files\Uniblue\DriverScanner\UniblueCommon.dll
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\DriverScanner\UniblueCommon@TypesSupported 7
Reg HKLM\SYSTEM\ControlSet002\Services\napagent\LocalConfig\Enroll\HcsGroups (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System@clr_optimization_v4.0.30319_32-1 V4.0|Action=Block|Dir=In|App=C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe|Svc=clr_optimization_v4.0.30319_32|Name=Block traffic for clr_optimization_v4.0.30319_32|
Reg HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System@clr_optimization_v4.0.30319_32-2 V4.0|Action=Block|Dir=Out|App=C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe|Svc=clr_optimization_v4.0.30319_32|Name=Block traffic for clr_optimization_v4.0.30319_32|
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0A 0x4C 0xF2 0xFE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x63 0x84 0x95 0xC0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDD 0x28 0x58 0x18 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9C 0x81 0xA0 0x52 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x8F 0x07 0x4F 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x3E 0x2A 0xAD 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x89 0x41 0x46 0xC0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x24 0x03 0xB9 0x2B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x63 0x35 0x66 0x57 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0A 0x4C 0xF2 0xFE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBF 0x6E 0x45 0x77 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0x49 0xCF 0x67 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBC 0xB6 0xBD 0x91 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x28 0xE0 0x78 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x57 0xE1 0x8E 0x14 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0A 0x4C 0xF2 0xFE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x63 0x84 0x95 0xC0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x50 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7A 0x93 0x92 0x5F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDD 0x28 0x58 0x18 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9C 0x81 0xA0 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x8F 0x07 0x4F 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x3E 0x2A 0xAD 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x82 0x5C 0x21 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x89 0x41 0x46 0xC0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x24 0x03 0xB9 0x2B ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x57 0xE1 0x8E 0x14 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0A 0x4C 0xF2 0xFE ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x63 0x84 0x95 0xC0 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x50 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7A 0x93 0x92 0x5F ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDD 0x28 0x58 0x18 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9C 0x81 0xA0 0x52 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x8F 0x07 0x4F 0x4B ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x3E 0x2A 0xAD 0xF4 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x82 0x5C 0x21 0x62 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x89 0x41 0x46 0xC0 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x24 0x03 0xB9 0x2B ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x57 0xE1 0x8E 0x14 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0A 0x4C 0xF2 0xFE ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x63 0x84 0x95 0xC0 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x50 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7A 0x93 0x92 0x5F ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDD 0x28 0x58 0x18 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9C 0x81 0xA0 0x52 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x8F 0x07 0x4F 0x4B ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x3E 0x2A 0xAD 0xF4 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x82 0x5C 0x21 0x62 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x89 0x41 0x46 0xC0 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x24 0x03 0xB9 0x2B ...
---- EOF - GMER 1.0.15 ----
Re: Prosim o kontrolu logu.
Dobrý večer, záskok za kolegu 
Jak to vypadá s počítačem?
Jak to vypadá s počítačem?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosim o kontrolu logu.
Dobry den. Pc je lepsi ale neni to jeste porad ono.
Re: Prosim o kontrolu logu.
Nevím, co jste všechno s kolegou dělali. Dnes by se měl večer již ukázat na foru, tak to nechám na něm .
Ale pokud jste nedělali mbam
, tak mi klikněte do podpisu a udělejte ho
.Ale pokud jste nedělali mbam
, tak mi klikněte do podpisu a udělejte ho Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosim o kontrolu logu.
Toto jsme jeste nedelali.
Tady je vysledek
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4712
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
28.9.2010 19:45:56
mbam-log-2010-09-28 (19-45-56).txt
Typ skenu: Rychlý sken
Skenované objekty: 152494
Uplynulý čas: 5 minuta(y), 28 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\EWABQAF7KL (Trojan.FakeAlert) -> No action taken.
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Tady je vysledek
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4712
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
28.9.2010 19:45:56
mbam-log-2010-09-28 (19-45-56).txt
Typ skenu: Rychlý sken
Skenované objekty: 152494
Uplynulý čas: 5 minuta(y), 28 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\EWABQAF7KL (Trojan.FakeAlert) -> No action taken.
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4712
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
28.9.2010 20:34:40
mbam-log-2010-09-28 (20-34-40).txt
Typ skenu: Úplný sken (C:\|)
Skenované objekty: 242961
Uplynulý čas: 34 minuta(y), 30 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 2
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\Documents and Settings\Lukáš\Plocha\Phx_data\Res\EmuCfg.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Lukáš\Plocha\Phx_data\Res\GCFMgr.exe (Trojan.Agent) -> No action taken.
www.malwarebytes.org
Verze databáze: 4712
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
28.9.2010 20:34:40
mbam-log-2010-09-28 (20-34-40).txt
Typ skenu: Úplný sken (C:\|)
Skenované objekty: 242961
Uplynulý čas: 34 minuta(y), 30 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 2
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\Documents and Settings\Lukáš\Plocha\Phx_data\Res\EmuCfg.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Lukáš\Plocha\Phx_data\Res\GCFMgr.exe (Trojan.Agent) -> No action taken.
Přispějete na provoz fóra?