Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Re: Prosím o kontrolu
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
BeryCB
- Vzorný návštěvník
- Příspěvky: 78
- Registrován: 01 lis 2006 12:52
- Bydliště: CB-CZ
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Tak, provedl jsem chkdsk /f/r nic to nenapsalo, po kontrole se normálně spustil OS.
Dále zasílám log z MBAM
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 5135
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975
17.11.2010 18:10:03
mbam-log-2010-11-17 (18-10-03).txt
Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 350200
Uplynulý čas: 2 hodina(y), 47 minuta(y), 46 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 1
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\Users\David.David-PC\Desktop\DVD\Sim City 4\EA.Games.Multi.Keygen.exe (Trojan.Agent.CK) -> No action taken.
Dále zasílám log z MBAM
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 5135
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975
17.11.2010 18:10:03
mbam-log-2010-11-17 (18-10-03).txt
Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 350200
Uplynulý čas: 2 hodina(y), 47 minuta(y), 46 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 1
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\Users\David.David-PC\Desktop\DVD\Sim City 4\EA.Games.Multi.Keygen.exe (Trojan.Agent.CK) -> No action taken.
Re: Prosím o kontrolu
V mbamu vše smažte.
Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
Spusťte combofix podle tohoto návoduhttp://www.bleepingcomputer.com/combofi ... t-combofix
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
BeryCB
- Vzorný návštěvník
- Příspěvky: 78
- Registrován: 01 lis 2006 12:52
- Bydliště: CB-CZ
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Posílám log z combofixu:
ComboFix 10-11-17.03 - David 18.11.2010 16:02:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2045.958 [GMT 1:00]
Spuštěný z: c:\users\David.David-PC\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\detoured.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-18 do 2010-11-18 )))))))))))))))))))))))))))))))
.
2010-11-18 15:18 . 2010-11-18 15:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-18 15:18 . 2010-11-18 15:18 -------- d-----w- c:\users\DAVID~1~DAV\AppData\Local\temp
2010-11-17 14:19 . 2010-11-17 14:19 -------- d-----w- c:\users\David.David-PC\AppData\Roaming\Malwarebytes
2010-11-17 14:19 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-17 14:19 . 2010-11-17 14:19 -------- d-----w- c:\programdata\Malwarebytes
2010-11-17 14:19 . 2010-11-17 14:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-17 14:19 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-16 22:14 . 2010-11-16 22:19 -------- d-----w- c:\program files\trend micro
2010-11-16 22:14 . 2010-11-16 22:15 -------- d-----w- C:\rsit
2010-11-16 20:16 . 2010-11-16 20:16 -------- d-----w- c:\program files\Common Files\Corel
2010-11-16 20:15 . 2010-11-16 20:15 -------- d-----w- c:\program files\Corel
2010-11-16 18:43 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A01A161-B313-4FE6-840A-25B5FDB86038}\mpengine.dll
2010-11-16 18:30 . 2010-11-16 18:30 -------- d-----w- c:\program files\rajce
2010-11-15 08:08 . 2010-11-15 08:09 -------- d-----w- C:\Sapeli
2010-11-10 14:50 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-10 08:43 . 2010-11-15 18:55 -------- d-----w- C:\Game
2010-11-09 19:11 . 2010-11-09 19:11 -------- d-----w- c:\users\David.David-PC\AppData\Roaming\Microsoft Games
2010-11-09 17:43 . 2010-11-09 17:43 -------- d-----w- c:\program files\Common Files\Skype
2010-11-08 18:20 . 2002-12-05 19:00 202240 ----a-w- c:\windows\patchw32.dll
2010-11-08 17:59 . 2002-12-05 13:12 692224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2010-11-08 17:59 . 2002-12-05 13:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2010-11-08 17:59 . 2002-12-02 14:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2010-11-08 17:59 . 2002-12-02 12:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2010-11-08 17:59 . 2002-12-02 12:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2010-11-08 17:59 . 2010-11-08 17:59 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2010-11-08 17:59 . 2010-11-08 17:59 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2010-10-26 19:03 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-26 19:03 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-26 19:03 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-24 09:54 . 2010-10-24 09:54 -------- d-----w- c:\windows\cs
2010-10-24 09:54 . 2010-09-22 22:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-10-24 09:52 . 2010-10-24 09:52 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-21 17:53 . 2010-10-21 17:53 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\cd54b0781cb71482c\InstallManager_WLE_WLE.exe
2010-10-21 17:52 . 2010-10-21 17:52 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\ad4a53c81cb71481f\MeshBetaRemover.exe
2010-10-21 17:51 . 2010-10-21 17:51 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\924117d81cb714819\DSETUP.dll
2010-10-21 17:51 . 2010-10-21 17:51 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\924117d81cb714819\DXSETUP.exe
2010-10-21 17:51 . 2010-10-21 17:51 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\924117d81cb714819\dsetup32.dll
2010-10-21 17:51 . 2010-10-21 17:51 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\8caae3081cb714817\DSETUP.dll
2010-10-21 17:51 . 2010-10-21 17:51 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\8caae3081cb714817\DXSETUP.exe
2010-10-21 17:51 . 2010-10-21 17:51 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\8caae3081cb714817\dsetup32.dll
2010-10-21 17:49 . 2010-11-07 17:56 -------- d-----w- c:\users\David.David-PC\AppData\Local\Windows Live
2010-10-21 17:47 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-02 16:13 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-30 15:15 . 2010-10-07 16:45 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-09-30 15:09 . 2010-10-07 16:49 21312 ----a-w- c:\windows\system32\authuitu.dll
2010-09-30 15:09 . 2010-10-07 16:49 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-15 02:50 . 2010-05-17 21:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-13 13:56 . 2010-10-14 06:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 06:01 . 2010-10-14 06:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-14 06:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-14 06:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-14 06:58 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56 . 2010-10-14 06:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04 . 2010-10-14 06:58 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-14 06:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-14 06:58 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-07 15:12 . 2010-07-04 08:33 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2009-01-16 17:02 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2009-01-16 17:02 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2009-01-16 17:02 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2009-01-16 17:02 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2009-01-16 17:02 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2009-01-16 17:02 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-06 16:20 . 2010-10-14 06:58 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-14 06:58 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-14 06:58 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-14 06:58 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-14 06:58 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:46 . 2010-10-14 06:57 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-14 06:57 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-14 06:57 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-14 06:57 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37 . 2010-10-14 06:58 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33 . 2010-10-26 19:03 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-26 19:03 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-26 19:03 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-26 19:03 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-20 16:05 . 2010-10-14 06:57 867328 ----a-w- c:\windows\system32\wmpmde.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-14 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-09-29 842816]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe" [2004-06-22 729088]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-1 813584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9ca87c2e17f4;Google Update Service (gupdate1c9ca87c2e17f4);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-01 133104]
R2 RDMPLocalService;RDM+ Local Service;c:\program files\RDM+\rdmpserv.exe [x]
R3 AF9035BDA;GIGABYTE U7200 DVB-T Devices;c:\windows\system32\Drivers\AF9035BDA.sys [2008-05-29 244096]
R3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
R3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
R3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\Drivers\Axtmvprt.sys [2007-03-26 38784]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [x]
R3 WMSvc;Služba webové správy;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-21 11264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\DRIVERS\Amddfltr.sys [2008-01-07 15416]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-16 717296]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-09-30 1051968]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-03-26 595248]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2008-04-15 34128]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-23 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-04-17 114528]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-26 40752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-01 18:02]
2010-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-01 18:02]
2010-11-18 c:\windows\Tasks\User_Feed_Synchronization-{1E01882A-5CAA-4494-B8EF-7AE9806DDC1A}.job
- c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://webtv.starnet.cz/
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=83&bd=Pavilion&pf=cnnb
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
TCP: {19563086-6D16-4BBB-8434-B8B2856D237A} = 89.31.40.3,89.31.40.13
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\users\David.David-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lh25ofhn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\DigitalPersona\Bin\firefoxext\components\dpffcli.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\users\David.David-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lh25ofhn.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-18 16:25
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002
CreateFile("\\.\PHYSICALDRIVE0"): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
device: opened successfully
user: error reading MBR
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys Amddfltr.sys storport.sys hal.dll ahcix86s.sys
c:\windows\system32\DRIVERS\Amddfltr.sys Advanced Micro Devices AMD disk lower filter driver
c:\windows\system32\DRIVERS\ahcix86s.sys AMD Technologies Inc. AMD Technology AHCI Compatible Controller
1 ntkrnlpa!IofCallDriver[0x83046962] -> \Device\Harddisk0\DR0[0x880B72E0]
3 CLASSPNP[0x836C78B3] -> ntkrnlpa!IofCallDriver[0x83046962] -> [0x87FB4470]
5 Amddfltr[0x89FD30B6] -> ntkrnlpa!IofCallDriver[0x83046962] -> \Device\0000009b[0x86FFD280]
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x72; }
user != kernel MBR !!!
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-4192760969-4199030301-1648227922-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(4144)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\DigitalPersona\Bin\DpoSet.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\IDT\WDM\sttray.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2010-11-18 16:42:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-18 15:42
Před spuštěním: Volných bajtů: 126 725 521 408
Po spuštění: Volných bajtů: 126 769 885 184
Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - D8D72A570188F6C973A7A9DB1DAE4DC5
ComboFix 10-11-17.03 - David 18.11.2010 16:02:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2045.958 [GMT 1:00]
Spuštěný z: c:\users\David.David-PC\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\detoured.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-18 do 2010-11-18 )))))))))))))))))))))))))))))))
.
2010-11-18 15:18 . 2010-11-18 15:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-18 15:18 . 2010-11-18 15:18 -------- d-----w- c:\users\DAVID~1~DAV\AppData\Local\temp
2010-11-17 14:19 . 2010-11-17 14:19 -------- d-----w- c:\users\David.David-PC\AppData\Roaming\Malwarebytes
2010-11-17 14:19 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-17 14:19 . 2010-11-17 14:19 -------- d-----w- c:\programdata\Malwarebytes
2010-11-17 14:19 . 2010-11-17 14:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-17 14:19 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-16 22:14 . 2010-11-16 22:19 -------- d-----w- c:\program files\trend micro
2010-11-16 22:14 . 2010-11-16 22:15 -------- d-----w- C:\rsit
2010-11-16 20:16 . 2010-11-16 20:16 -------- d-----w- c:\program files\Common Files\Corel
2010-11-16 20:15 . 2010-11-16 20:15 -------- d-----w- c:\program files\Corel
2010-11-16 18:43 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A01A161-B313-4FE6-840A-25B5FDB86038}\mpengine.dll
2010-11-16 18:30 . 2010-11-16 18:30 -------- d-----w- c:\program files\rajce
2010-11-15 08:08 . 2010-11-15 08:09 -------- d-----w- C:\Sapeli
2010-11-10 14:50 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-10 08:43 . 2010-11-15 18:55 -------- d-----w- C:\Game
2010-11-09 19:11 . 2010-11-09 19:11 -------- d-----w- c:\users\David.David-PC\AppData\Roaming\Microsoft Games
2010-11-09 17:43 . 2010-11-09 17:43 -------- d-----w- c:\program files\Common Files\Skype
2010-11-08 18:20 . 2002-12-05 19:00 202240 ----a-w- c:\windows\patchw32.dll
2010-11-08 17:59 . 2002-12-05 13:12 692224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2010-11-08 17:59 . 2002-12-05 13:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2010-11-08 17:59 . 2002-12-02 14:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2010-11-08 17:59 . 2002-12-02 12:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2010-11-08 17:59 . 2002-12-02 12:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2010-11-08 17:59 . 2010-11-08 17:59 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2010-11-08 17:59 . 2010-11-08 17:59 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2010-10-26 19:03 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-26 19:03 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-26 19:03 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-24 09:54 . 2010-10-24 09:54 -------- d-----w- c:\windows\cs
2010-10-24 09:54 . 2010-09-22 22:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-10-24 09:52 . 2010-10-24 09:52 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-21 17:53 . 2010-10-21 17:53 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\cd54b0781cb71482c\InstallManager_WLE_WLE.exe
2010-10-21 17:52 . 2010-10-21 17:52 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\ad4a53c81cb71481f\MeshBetaRemover.exe
2010-10-21 17:51 . 2010-10-21 17:51 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\924117d81cb714819\DSETUP.dll
2010-10-21 17:51 . 2010-10-21 17:51 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\924117d81cb714819\DXSETUP.exe
2010-10-21 17:51 . 2010-10-21 17:51 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\924117d81cb714819\dsetup32.dll
2010-10-21 17:51 . 2010-10-21 17:51 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\8caae3081cb714817\DSETUP.dll
2010-10-21 17:51 . 2010-10-21 17:51 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\8caae3081cb714817\DXSETUP.exe
2010-10-21 17:51 . 2010-10-21 17:51 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\8caae3081cb714817\dsetup32.dll
2010-10-21 17:49 . 2010-11-07 17:56 -------- d-----w- c:\users\David.David-PC\AppData\Local\Windows Live
2010-10-21 17:47 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-02 16:13 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-30 15:15 . 2010-10-07 16:45 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-09-30 15:09 . 2010-10-07 16:49 21312 ----a-w- c:\windows\system32\authuitu.dll
2010-09-30 15:09 . 2010-10-07 16:49 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-15 02:50 . 2010-05-17 21:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-13 13:56 . 2010-10-14 06:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 06:01 . 2010-10-14 06:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-14 06:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-14 06:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-14 06:58 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56 . 2010-10-14 06:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04 . 2010-10-14 06:58 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-14 06:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-14 06:58 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-07 15:12 . 2010-07-04 08:33 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2009-01-16 17:02 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2009-01-16 17:02 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2009-01-16 17:02 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2009-01-16 17:02 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2009-01-16 17:02 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2009-01-16 17:02 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-06 16:20 . 2010-10-14 06:58 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-14 06:58 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-14 06:58 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-14 06:58 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-14 06:58 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:46 . 2010-10-14 06:57 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-14 06:57 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-14 06:57 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-14 06:57 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37 . 2010-10-14 06:58 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33 . 2010-10-26 19:03 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-26 19:03 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-26 19:03 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-26 19:03 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-20 16:05 . 2010-10-14 06:57 867328 ----a-w- c:\windows\system32\wmpmde.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-14 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-09-29 842816]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe" [2004-06-22 729088]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-1 813584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9ca87c2e17f4;Google Update Service (gupdate1c9ca87c2e17f4);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-01 133104]
R2 RDMPLocalService;RDM+ Local Service;c:\program files\RDM+\rdmpserv.exe [x]
R3 AF9035BDA;GIGABYTE U7200 DVB-T Devices;c:\windows\system32\Drivers\AF9035BDA.sys [2008-05-29 244096]
R3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
R3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
R3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\Drivers\Axtmvprt.sys [2007-03-26 38784]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [x]
R3 WMSvc;Služba webové správy;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-21 11264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\DRIVERS\Amddfltr.sys [2008-01-07 15416]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-16 717296]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-09-30 1051968]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-03-26 595248]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2008-04-15 34128]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-23 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-04-17 114528]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-26 40752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-01 18:02]
2010-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-01 18:02]
2010-11-18 c:\windows\Tasks\User_Feed_Synchronization-{1E01882A-5CAA-4494-B8EF-7AE9806DDC1A}.job
- c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://webtv.starnet.cz/
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=83&bd=Pavilion&pf=cnnb
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
TCP: {19563086-6D16-4BBB-8434-B8B2856D237A} = 89.31.40.3,89.31.40.13
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\users\David.David-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lh25ofhn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\DigitalPersona\Bin\firefoxext\components\dpffcli.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\users\David.David-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lh25ofhn.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-18 16:25
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002
CreateFile("\\.\PHYSICALDRIVE0"): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
device: opened successfully
user: error reading MBR
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys Amddfltr.sys storport.sys hal.dll ahcix86s.sys
c:\windows\system32\DRIVERS\Amddfltr.sys Advanced Micro Devices AMD disk lower filter driver
c:\windows\system32\DRIVERS\ahcix86s.sys AMD Technologies Inc. AMD Technology AHCI Compatible Controller
1 ntkrnlpa!IofCallDriver[0x83046962] -> \Device\Harddisk0\DR0[0x880B72E0]
3 CLASSPNP[0x836C78B3] -> ntkrnlpa!IofCallDriver[0x83046962] -> [0x87FB4470]
5 Amddfltr[0x89FD30B6] -> ntkrnlpa!IofCallDriver[0x83046962] -> \Device\0000009b[0x86FFD280]
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x72; }
user != kernel MBR !!!
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-4192760969-4199030301-1648227922-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(4144)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\DigitalPersona\Bin\DpoSet.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\IDT\WDM\sttray.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2010-11-18 16:42:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-18 15:42
Před spuštěním: Volných bajtů: 126 725 521 408
Po spuštění: Volných bajtů: 126 769 885 184
Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - D8D72A570188F6C973A7A9DB1DAE4DC5
Re: Prosím o kontrolu
Máte jen jeden disk, jeden oddíl a jeden systém?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
BeryCB
- Vzorný návštěvník
- Příspěvky: 78
- Registrován: 01 lis 2006 12:52
- Bydliště: CB-CZ
- Kontaktovat uživatele:
Re: Prosím o kontrolu
disk byl od zacatku rozdelen. Ta druha cast ma podstatne mensi kapacitu a od zacatku byla temer plna. Jestl myslite operacni system, tak ten mam jeden, Vista. Od zakoupeni jsem disk nijak dale nerozdeloval.
Re: Prosím o kontrolu
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
BeryCB
- Vzorný návštěvník
- Příspěvky: 78
- Registrován: 01 lis 2006 12:52
- Bydliště: CB-CZ
- Kontaktovat uživatele:
Re: Prosím o kontrolu
log1:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-19 19:53:24
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000009a WDC_WD32 rev.1.13
Running: gmer.exe; Driver: C:\Users\DAVID~1.DAV\AppData\Local\Temp\pglcapod.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9EEDFBAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x9EEDF9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x9EEDFB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdePort0 86E271F8
Device \Driver\atapi \Device\Ide\IdePort1 86E271F8
Device \Driver\ahpricxu \Device\Scsi\ahpricxu1 888E41F8
Device \Driver\ahpricxu \Device\Scsi\ahpricxu1Port8Path0Target0Lun0 888E41F8
Device \Driver\JMCR \Device\Scsi\JMCR1 888D51F8
Device \Driver\JMCR \Device\Scsi\JMCR2 888D51F8
Device \Driver\JMCR \Device\Scsi\JMCR3 888D51F8
Device \Driver\JMCR \Device\Scsi\JMCR4 888D51F8
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 86E481F8
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-19 19:53:24
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000009a WDC_WD32 rev.1.13
Running: gmer.exe; Driver: C:\Users\DAVID~1.DAV\AppData\Local\Temp\pglcapod.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9EEDFBAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x9EEDF9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x9EEDFB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdePort0 86E271F8
Device \Driver\atapi \Device\Ide\IdePort1 86E271F8
Device \Driver\ahpricxu \Device\Scsi\ahpricxu1 888E41F8
Device \Driver\ahpricxu \Device\Scsi\ahpricxu1Port8Path0Target0Lun0 888E41F8
Device \Driver\JMCR \Device\Scsi\JMCR1 888D51F8
Device \Driver\JMCR \Device\Scsi\JMCR2 888D51F8
Device \Driver\JMCR \Device\Scsi\JMCR3 888D51F8
Device \Driver\JMCR \Device\Scsi\JMCR4 888D51F8
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 86E481F8
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
-
BeryCB
- Vzorný návštěvník
- Příspěvky: 78
- Registrován: 01 lis 2006 12:52
- Bydliště: CB-CZ
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Tak bohužel druhý log asi nedodám, jelikož při dalším scanování notebook zamrzne, monitor se jakoby rozmaže a po chvíli se vypne. Zkoušel jsem gmer spustit jako správce i normálně a pokaždé to udělalo to samé 
Re: Prosím o kontrolu
Zkoušel jste nouzový režim? ( po restartu mačkejte F8)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
BeryCB
- Vzorný návštěvník
- Příspěvky: 78
- Registrován: 01 lis 2006 12:52
- Bydliště: CB-CZ
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Ted už mi to běží, ale musel jsem odškrtnout "Devices" v tom pravém sloupečku. Hodím sem pak alespon log bez "Devices" a ráno zkusim v nouzovém režimu.
-
BeryCB
- Vzorný návštěvník
- Příspěvky: 78
- Registrován: 01 lis 2006 12:52
- Bydliště: CB-CZ
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Takže zasílám log2 bez "Devices"
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-19 23:52:57
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000009a WDC_WD32 rev.1.13
Running: gmer.exe; Driver: C:\Users\DAVID~1.DAV\AppData\Local\Temp\pglcapod.sys
---- System - GMER 1.0.15 ----
INT 0x61 ? 88896BF8
INT 0x61 ? 88896BF8
INT 0x61 ? 88896BF8
INT 0x71 ? 86090BF8
INT 0x71 ? 86090BF8
INT 0x71 ? 86090BF8
INT 0x71 ? 86090BF8
INT 0x71 ? 88896BF8
INT 0x71 ? 88896BF8
INT 0xA2 ? 86092BF8
INT 0xB0 ? 9EFC8CD0
INT 0xB2 ? 86092BF8
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\spyy.sys Systém nemůže nalézt uvedenou cestu. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9DC06000, 0x1FA4DA, 0xE8000020]
.text USBPORT.SYS!DllUnload 9E1EF41B 5 Bytes JMP 888961D8
.text ab60kuga.SYS 9E66C000 2 Bytes [82, F3]
.text ab60kuga.SYS 9E66C003 19 Bytes [83, 6C, F2, 00, 83, 60, BF, ...] {SUB DWORD [EDX+ESI*8+0x0], -0x7d; PUSHA ; MOV EDI, 0xbec08300; ADD [EBX-0x7cff0958], AL; ADD [EAX], AL}
.text ab60kuga.SYS 9E66C017 84 Bytes [00, 32, E7, 70, 80, 3D, E5, ...]
.text ab60kuga.SYS 9E66C06C 82 Bytes [90, 1E, 08, 83, 98, 1E, 0E, ...]
.text ab60kuga.SYS 9E66C0BF 13 Bytes [83, 00, 00, 00, 00, 00, 00, ...] {ADD DWORD [EAX], 0x0; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[372] kernel32.dll!SetUnhandledExceptionFilter 779EA84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806056D2] \SystemRoot\System32\Drivers\spyy.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80605040] \SystemRoot\System32\Drivers\spyy.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806057FC] \SystemRoot\System32\Drivers\spyy.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806050BE] \SystemRoot\System32\Drivers\spyy.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8060513C] \SystemRoot\System32\Drivers\spyy.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [80615048] \SystemRoot\System32\Drivers\spyy.sys
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortNotification] CC000CC2
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortMoveMemory] 00012284
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\services.exe[692] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002
IAT C:\Windows\system32\services.exe[692] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [742E7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7433A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [742EBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [742DF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [742E75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [742DE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74318395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [742EDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [742DFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [742DFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [742D71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7436CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7430C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [742DD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [742D6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [742D687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [742E2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186d43a9d
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186d43a9d@001d6e9527ed 0xF4 0xE0 0x65 0x68 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186d43a9d@00249f339778 0x20 0xBA 0x8A 0x5A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186d43a9d@0019b74ffcda 0xF7 0x6A 0x44 0x66 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186d43a9d@347e395718b4 0xE0 0x84 0x8B 0xC5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186d43a9d@c8979f842397 0x9C 0x5D 0xF1 0x21 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0xD1 0x9F 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x15 0xB9 0x9C 0x9C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCD 0x93 0xEA 0x41 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186d43a9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186d43a9d@001d6e9527ed 0xF4 0xE0 0x65 0x68 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186d43a9d@00249f339778 0x20 0xBA 0x8A 0x5A ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186d43a9d@0019b74ffcda 0xF7 0x6A 0x44 0x66 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186d43a9d@347e395718b4 0xE0 0x84 0x8B 0xC5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0xD1 0x9F 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x15 0xB9 0x9C 0x9C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFD 0xC9 0xDC 0x7F ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186d43a9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186d43a9d@001d6e9527ed 0xF4 0xE0 0x65 0x68 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186d43a9d@00249f339778 0x20 0xBA 0x8A 0x5A ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186d43a9d@0019b74ffcda 0xF7 0x6A 0x44 0x66 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186d43a9d@347e395718b4 0xE0 0x84 0x8B 0xC5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0xD1 0x9F 0xF4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x15 0xB9 0x9C 0x9C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFD 0xC9 0xDC 0x7F ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\002186d43a9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\002186d43a9d@001d6e9527ed 0xF4 0xE0 0x65 0x68 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\002186d43a9d@00249f339778 0x20 0xBA 0x8A 0x5A ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\002186d43a9d@0019b74ffcda 0xF7 0x6A 0x44 0x66 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\002186d43a9d@347e395718b4 0xE0 0x84 0x8B 0xC5 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\002186d43a9d@c8979f842397 0x3D 0xBC 0xA4 0x4C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0xD1 0x9F 0xF4 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x15 0xB9 0x9C 0x9C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x72 0x91 0xC6 0xF5 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\002186d43a9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\002186d43a9d@001d6e9527ed 0xF4 0xE0 0x65 0x68 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\002186d43a9d@00249f339778 0x20 0xBA 0x8A 0x5A ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\002186d43a9d@0019b74ffcda 0xF7 0x6A 0x44 0x66 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\002186d43a9d@347e395718b4 0xE0 0x84 0x8B 0xC5 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\002186d43a9d@c8979f842397 0x3D 0xBC 0xA4 0x4C ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0xD1 0x9F 0xF4 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x15 0xB9 0x9C 0x9C ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x72 0x91 0xC6 0xF5 ...
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\002186d43a9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\002186d43a9d@001d6e9527ed 0xF4 0xE0 0x65 0x68 ...
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\002186d43a9d@00249f339778 0x20 0xBA 0x8A 0x5A ...
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\002186d43a9d@0019b74ffcda 0xF7 0x6A 0x44 0x66 ...
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\002186d43a9d@347e395718b4 0xE0 0x84 0x8B 0xC5 ...
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\002186d43a9d@c8979f842397 0x3D 0xBC 0xA4 0x4C ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0xD1 0x9F 0xF4 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x15 0xB9 0x9C 0x9C ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x72 0x91 0xC6 0xF5 ...
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\002186d43a9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\002186d43a9d@001d6e9527ed 0xF4 0xE0 0x65 0x68 ...
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\002186d43a9d@00249f339778 0x20 0xBA 0x8A 0x5A ...
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\002186d43a9d@0019b74ffcda 0xF7 0x6A 0x44 0x66 ...
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\002186d43a9d@347e395718b4 0xE0 0x84 0x8B 0xC5 ...
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\002186d43a9d@c8979f842397 0xFC 0x48 0x04 0x21 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0xD1 0x9F 0xF4 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x15 0xB9 0x9C 0x9C ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x72 0x91 0xC6 0xF5 ...
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\002186d43a9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\002186d43a9d@001d6e9527ed 0xF4 0xE0 0x65 0x68 ...
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\002186d43a9d@00249f339778 0x20 0xBA 0x8A 0x5A ...
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\002186d43a9d@0019b74ffcda 0xF7 0x6A 0x44 0x66 ...
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\002186d43a9d@347e395718b4 0xE0 0x84 0x8B 0xC5 ...
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\002186d43a9d@c8979f842397 0x16 0x02 0x10 0xEB ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0xD1 0x9F 0xF4 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x15 0xB9 0x9C 0x9C ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x72 0x91 0xC6 0xF5 ...
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\002186d43a9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\002186d43a9d@001d6e9527ed 0xF4 0xE0 0x65 0x68 ...
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\002186d43a9d@00249f339778 0x20 0xBA 0x8A 0x5A ...
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\002186d43a9d@0019b74ffcda 0xF7 0x6A 0x44 0x66 ...
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\002186d43a9d@347e395718b4 0xE0 0x84 0x8B 0xC5 ...
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\002186d43a9d@c8979f842397 0x16 0x02 0x10 0xEB ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0xD1 0x9F 0xF4 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x15 0xB9 0x9C 0x9C ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x72 0x91 0xC6 0xF5 ...
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\002186d43a9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\002186d43a9d@001d6e9527ed 0xF4 0xE0 0x65 0x68 ...
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\002186d43a9d@00249f339778 0x20 0xBA 0x8A 0x5A ...
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\002186d43a9d@0019b74ffcda 0xF7 0x6A 0x44 0x66 ...
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\002186d43a9d@347e395718b4 0xE0 0x84 0x8B 0xC5 ...
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\002186d43a9d@c8979f842397 0x9C 0x5D 0xF1 0x21 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0xD1 0x9F 0xF4 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x15 0xB9 0x9C 0x9C ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCD 0x93 0xEA 0x41 ...
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-19 23:52:57
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000009a WDC_WD32 rev.1.13
Running: gmer.exe; Driver: C:\Users\DAVID~1.DAV\AppData\Local\Temp\pglcapod.sys
---- System - GMER 1.0.15 ----
INT 0x61 ? 88896BF8
INT 0x61 ? 88896BF8
INT 0x61 ? 88896BF8
INT 0x71 ? 86090BF8
INT 0x71 ? 86090BF8
INT 0x71 ? 86090BF8
INT 0x71 ? 86090BF8
INT 0x71 ? 88896BF8
INT 0x71 ? 88896BF8
INT 0xA2 ? 86092BF8
INT 0xB0 ? 9EFC8CD0
INT 0xB2 ? 86092BF8
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\spyy.sys Systém nemůže nalézt uvedenou cestu. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9DC06000, 0x1FA4DA, 0xE8000020]
.text USBPORT.SYS!DllUnload 9E1EF41B 5 Bytes JMP 888961D8
.text ab60kuga.SYS 9E66C000 2 Bytes [82, F3]
.text ab60kuga.SYS 9E66C003 19 Bytes [83, 6C, F2, 00, 83, 60, BF, ...] {SUB DWORD [EDX+ESI*8+0x0], -0x7d; PUSHA ; MOV EDI, 0xbec08300; ADD [EBX-0x7cff0958], AL; ADD [EAX], AL}
.text ab60kuga.SYS 9E66C017 84 Bytes [00, 32, E7, 70, 80, 3D, E5, ...]
.text ab60kuga.SYS 9E66C06C 82 Bytes [90, 1E, 08, 83, 98, 1E, 0E, ...]
.text ab60kuga.SYS 9E66C0BF 13 Bytes [83, 00, 00, 00, 00, 00, 00, ...] {ADD DWORD [EAX], 0x0; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[372] kernel32.dll!SetUnhandledExceptionFilter 779EA84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806056D2] \SystemRoot\System32\Drivers\spyy.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80605040] \SystemRoot\System32\Drivers\spyy.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806057FC] \SystemRoot\System32\Drivers\spyy.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806050BE] \SystemRoot\System32\Drivers\spyy.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8060513C] \SystemRoot\System32\Drivers\spyy.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [80615048] \SystemRoot\System32\Drivers\spyy.sys
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortNotification] CC000CC2
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortMoveMemory] 00012284
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0
IAT \SystemRoot\System32\Drivers\ab60kuga.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\services.exe[692] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002
IAT C:\Windows\system32\services.exe[692] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [742E7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7433A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [742EBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [742DF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [742E75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [742DE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74318395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [742EDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [742DFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [742DFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [742D71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7436CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7430C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [742DD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [742D6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [742D687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [742E2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186d43a9d
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186d43a9d@001d6e9527ed 0xF4 0xE0 0x65 0x68 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186d43a9d@00249f339778 0x20 0xBA 0x8A 0x5A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186d43a9d@0019b74ffcda 0xF7 0x6A 0x44 0x66 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186d43a9d@347e395718b4 0xE0 0x84 0x8B 0xC5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186d43a9d@c8979f842397 0x9C 0x5D 0xF1 0x21 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0xD1 0x9F 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x15 0xB9 0x9C 0x9C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCD 0x93 0xEA 0x41 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186d43a9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186d43a9d@001d6e9527ed 0xF4 0xE0 0x65 0x68 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186d43a9d@00249f339778 0x20 0xBA 0x8A 0x5A ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186d43a9d@0019b74ffcda 0xF7 0x6A 0x44 0x66 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186d43a9d@347e395718b4 0xE0 0x84 0x8B 0xC5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0xD1 0x9F 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x15 0xB9 0x9C 0x9C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFD 0xC9 0xDC 0x7F ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186d43a9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186d43a9d@001d6e9527ed 0xF4 0xE0 0x65 0x68 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186d43a9d@00249f339778 0x20 0xBA 0x8A 0x5A ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186d43a9d@0019b74ffcda 0xF7 0x6A 0x44 0x66 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186d43a9d@347e395718b4 0xE0 0x84 0x8B 0xC5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0xD1 0x9F 0xF4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x15 0xB9 0x9C 0x9C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFD 0xC9 0xDC 0x7F ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\002186d43a9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\002186d43a9d@001d6e9527ed 0xF4 0xE0 0x65 0x68 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\002186d43a9d@00249f339778 0x20 0xBA 0x8A 0x5A ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\002186d43a9d@0019b74ffcda 0xF7 0x6A 0x44 0x66 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\002186d43a9d@347e395718b4 0xE0 0x84 0x8B 0xC5 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\002186d43a9d@c8979f842397 0x3D 0xBC 0xA4 0x4C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0xD1 0x9F 0xF4 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x15 0xB9 0x9C 0x9C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x72 0x91 0xC6 0xF5 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\002186d43a9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\002186d43a9d@001d6e9527ed 0xF4 0xE0 0x65 0x68 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\002186d43a9d@00249f339778 0x20 0xBA 0x8A 0x5A ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\002186d43a9d@0019b74ffcda 0xF7 0x6A 0x44 0x66 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\002186d43a9d@347e395718b4 0xE0 0x84 0x8B 0xC5 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\002186d43a9d@c8979f842397 0x3D 0xBC 0xA4 0x4C ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0xD1 0x9F 0xF4 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x15 0xB9 0x9C 0x9C ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x72 0x91 0xC6 0xF5 ...
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\002186d43a9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\002186d43a9d@001d6e9527ed 0xF4 0xE0 0x65 0x68 ...
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\002186d43a9d@00249f339778 0x20 0xBA 0x8A 0x5A ...
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\002186d43a9d@0019b74ffcda 0xF7 0x6A 0x44 0x66 ...
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\002186d43a9d@347e395718b4 0xE0 0x84 0x8B 0xC5 ...
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\002186d43a9d@c8979f842397 0x3D 0xBC 0xA4 0x4C ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0xD1 0x9F 0xF4 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x15 0xB9 0x9C 0x9C ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x72 0x91 0xC6 0xF5 ...
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\002186d43a9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\002186d43a9d@001d6e9527ed 0xF4 0xE0 0x65 0x68 ...
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\002186d43a9d@00249f339778 0x20 0xBA 0x8A 0x5A ...
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\002186d43a9d@0019b74ffcda 0xF7 0x6A 0x44 0x66 ...
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\002186d43a9d@347e395718b4 0xE0 0x84 0x8B 0xC5 ...
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\002186d43a9d@c8979f842397 0xFC 0x48 0x04 0x21 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0xD1 0x9F 0xF4 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x15 0xB9 0x9C 0x9C ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x72 0x91 0xC6 0xF5 ...
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\002186d43a9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\002186d43a9d@001d6e9527ed 0xF4 0xE0 0x65 0x68 ...
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\002186d43a9d@00249f339778 0x20 0xBA 0x8A 0x5A ...
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\002186d43a9d@0019b74ffcda 0xF7 0x6A 0x44 0x66 ...
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\002186d43a9d@347e395718b4 0xE0 0x84 0x8B 0xC5 ...
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\002186d43a9d@c8979f842397 0x16 0x02 0x10 0xEB ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0xD1 0x9F 0xF4 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x15 0xB9 0x9C 0x9C ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x72 0x91 0xC6 0xF5 ...
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\002186d43a9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\002186d43a9d@001d6e9527ed 0xF4 0xE0 0x65 0x68 ...
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\002186d43a9d@00249f339778 0x20 0xBA 0x8A 0x5A ...
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\002186d43a9d@0019b74ffcda 0xF7 0x6A 0x44 0x66 ...
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\002186d43a9d@347e395718b4 0xE0 0x84 0x8B 0xC5 ...
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\002186d43a9d@c8979f842397 0x16 0x02 0x10 0xEB ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0xD1 0x9F 0xF4 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x15 0xB9 0x9C 0x9C ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x72 0x91 0xC6 0xF5 ...
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\002186d43a9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\002186d43a9d@001d6e9527ed 0xF4 0xE0 0x65 0x68 ...
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\002186d43a9d@00249f339778 0x20 0xBA 0x8A 0x5A ...
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\002186d43a9d@0019b74ffcda 0xF7 0x6A 0x44 0x66 ...
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\002186d43a9d@347e395718b4 0xE0 0x84 0x8B 0xC5 ...
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\002186d43a9d@c8979f842397 0x9C 0x5D 0xF1 0x21 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0xD1 0x9F 0xF4 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x15 0xB9 0x9C 0x9C ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCD 0x93 0xEA 0x41 ...
---- EOF - GMER 1.0.15 ----
Re: Prosím o kontrolu
Fajn, co počítač?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
BeryCB
- Vzorný návštěvník
- Příspěvky: 78
- Registrován: 01 lis 2006 12:52
- Bydliště: CB-CZ
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Tak počítač snad bude OK, ještě jsem ho projel CureItem, Avastem a Spybotem.
Zatim děkuji, kdyby něco, tak se jistě ozvu
Zatim děkuji, kdyby něco, tak se jistě ozvu
Re: Prosím o kontrolu
Ještě mi neutíkejte 
Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Pokud nemáte, přesuňte Combofix na plochu-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
Mbr::
Firefox::
FF - ProfilePath - c:\users\David.David-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lh25ofhn.default\
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
DDS::
Default_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
uSearchAssistant = hxxp://search.qip.ru/ie
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?