Avast našel Win32:Jeefo

[vaclavka83]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-14 20:21:01
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\MILUJI~1\LOCALS~1\Temp\uwddqpog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

[Caroprd111]

Ještě druhý log z Gmeru.

[vaclavka83]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-14 21:40:56
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\MILUJI~1\LOCALS~1\Temp\uwddqpog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose [0xAB1A388E]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xAB1A30EC]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0xAB1A2DCE]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xAB1A4938]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0xAB1A2ED8]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0xAB1A2FC2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAB0E870C]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0xAB1A3BBC]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xAB1A33F4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAB0E8C10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAB0E864C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAB0E86B0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAB0E8D30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xAB0E91B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAB0E8CF0]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0xAB1A3526]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0xAB1A2BFC]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0xAB1A3B04]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xAB1A370C]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB98E0000, 0x235F87, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA806F300, 0x3AE88, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA418300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Miluji Tě\Plocha\gmer.exe[448] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10007B50 C:\Program Files\ATI Tray Tools\raphook.dll
.text C:\WINDOWS\Explorer.EXE[808] SHELL32.dll!SHFileOperationW 7CA70924 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[2376] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01737B50 C:\Program Files\ATI Tray Tools\raphook.dll
.text C:\Program Files\internet explorer\iexplore.exe[3252] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 414E54C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3252] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 415BDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3252] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 416B480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3252] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 416B4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3252] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 416B47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3252] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 416B4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3252] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 416B4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3252] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 416B4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3252] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 416B46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3712] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 414E54C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3712] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 415B9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3712] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 415AD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3712] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 415BDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3712] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4152467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3712] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 416B480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3712] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 416B4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3712] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 416B47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3712] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 416B4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3712] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 416B4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3712] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 416B4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3712] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 416B46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3712] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 415BDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3712] ole32.dll!OleLoadFromStream 77519C85 5 Bytes JMP 416B4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3724] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 414E54C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3724] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 415B9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3724] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 415AD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3724] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 415BDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3724] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4152467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3724] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 416B480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3724] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 416B4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3724] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 416B47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3724] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 416B4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3724] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 416B4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3724] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 416B4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3724] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 416B46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3724] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 415BDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3724] ole32.dll!OleLoadFromStream 77519C85 5 Bytes JMP 416B4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[752] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[752] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
IAT C:\Program Files\internet explorer\iexplore.exe[3712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[3724] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbstor \Device\00000081 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbstor \Device\00000082 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbstor \Device\00000083 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbstor \Device\00000084 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbstor \Device\0000007f sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00158315a39d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00158315a39d@001c35156852 0x26 0xB0 0xD0 0xE8 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC1 0x91 0x8A 0x58 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x91 0x83 0xC7 0x85 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x52 0xF6 0xEC 0x6C ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5E 0x3F 0xE3 0x3E ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x9B 0x2F 0x35 0x1D ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x9B 0x2F 0x35 0x1D ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x23 0x9B 0x67 0x4E ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7C 0xA5 0x17 0x84 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2F 0x7F 0xC3 0x59 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a39d
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a39d@001c35156852 0x26 0xB0 0xD0 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC1 0x91 0x8A 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x91 0x83 0xC7 0x85 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE3 0x40 0xA0 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x60 0x10 0xFB 0xB8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x9B 0x2F 0x35 0x1D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x9B 0x2F 0x35 0x1D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC1 0x46 0xA8 0x12 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00158315a39d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00158315a39d@001c35156852 0x26 0xB0 0xD0 0xE8 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC1 0x91 0x8A 0x58 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x91 0x83 0xC7 0x85 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE3 0x40 0xA0 0xF5 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x60 0x10 0xFB 0xB8 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x9B 0x2F 0x35 0x1D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x9B 0x2F 0x35 0x1D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC1 0x46 0xA8 0x12 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E58BE9AB-719F-00EB-A408-4E798BB7A8EA}

---- EOF - GMER 1.0.15 ----

[Caroprd111]

Pokud nemáte, přesuňte Combofix na plochu

• Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

File::
c:\windows\system32\drivers\PciBus.sys
c:\windows\S6E5A2265.tmp

RegLock::
[HKEY_USERS\S-1-5-21-1708537768-1123561945-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
[HKEY_USERS\S-1-5-21-1708537768-1123561945-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E58BE9AB-719F-00EB-A408-4E798BB7A8EA}*]

• Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
• Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
  
  
• Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[vaclavka83]

ComboFix 10-06-14.03 - Miluji Tě 15.06.2010 15:55:24.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3326.2743 [GMT 2:00]
Spuštěný z: c:\documents and settings\Miluji Tě\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Miluji Tě\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\S6E5A2265.tmp"
"c:\windows\system32\drivers\PciBus.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\S6E5A2265.tmp
c:\windows\system32\drivers\PciBus.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-15 do 2010-06-15 )))))))))))))))))))))))))))))))
.

2010-06-15 13:46 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-14 15:04 . 2010-06-14 15:13 -------- d-----w- C:\UsbFix
2010-06-14 14:16 . 2010-06-14 14:30 -------- d-----w- c:\program files\trend micro
2010-06-14 14:15 . 2010-06-14 14:17 -------- d-----w- C:\rsit
2010-06-12 12:38 . 2010-06-12 12:39 921636 ----a-w- C:\PA7302.DAT
2010-06-11 13:37 . 2010-06-11 13:37 -------- d-----w- c:\program files\Common Files\DirectX
2010-06-11 13:07 . 2008-04-24 03:05 47616 ----a-w- c:\windows\system32\Remove.exe
2010-06-11 13:07 . 2009-04-28 08:08 461824 ----a-w- c:\windows\system32\drivers\PAC7302.SYS
2010-06-11 13:07 . 2007-11-02 09:07 6656 ----a-w- c:\windows\system32\CoInst_071029.dll
2010-06-11 13:07 . 2010-06-13 16:55 -------- d-----w- c:\program files\Common Files\iLook 300
2010-06-11 13:07 . 2010-06-11 13:09 -------- d-----w- c:\windows\PixArt
2010-06-10 14:14 . 2008-01-04 11:34 11832 ----a-w- c:\windows\system32\drivers\AsInsHelp64.sys
2010-06-10 14:14 . 2008-01-04 11:34 10216 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys
2010-06-09 15:34 . 2010-05-06 10:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-06 15:28 . 2010-06-13 16:16 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-06 15:28 . 2010-06-13 16:16 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-06 15:28 . 2010-06-13 15:53 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-05-28 16:02 . 2007-06-29 12:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2010-05-28 16:01 . 2010-05-28 16:02 -------- d-----w- c:\program files\AMD
2010-05-26 19:07 . 2010-05-26 19:07 -------- d-----w- c:\windows\Downloaded Installations
2010-05-25 19:02 . 2010-05-25 19:02 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-25 18:01 . 2010-06-13 16:42 -------- d-----w- c:\program files\ATI Tray Tools
2010-05-20 15:19 . 2010-05-20 15:19 -------- d-----w- c:\windows\system32\Futuremark
2010-05-20 15:19 . 2007-08-20 08:05 27672 ----a-r- c:\windows\system32\drivers\Entech.sys
2010-05-20 15:19 . 2004-06-22 13:44 5632 ----a-w- c:\windows\system32\drivers\Entech64.sys
2010-05-20 15:17 . 2010-06-13 16:26 -------- d-----w- c:\program files\3DMark06
2010-05-19 13:22 . 2010-06-10 15:25 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-17 17:00 . 2010-05-17 17:45 -------- d-----w- c:\windows\MRLH

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-14 14:15 . 2008-07-04 13:18 -------- d-----w- c:\program files\Spyware Terminator
2010-06-13 17:13 . 2009-04-18 09:58 -------- d-----w- c:\program files\WinRAR 3.8
2010-06-13 17:11 . 2009-02-19 16:36 -------- d-----w- c:\program files\Verdict Free
2010-06-13 17:11 . 2009-06-19 15:28 -------- d-----w- c:\program files\total commander 7.04
2010-06-13 17:09 . 2008-10-20 15:33 -------- d-----w- c:\program files\Software Informer
2010-06-13 17:09 . 2008-09-11 13:56 -------- d-----w- c:\program files\Real
2010-06-13 17:08 . 2008-07-10 19:27 -------- d-----w- c:\program files\QuickTime
2010-06-13 17:07 . 2008-09-15 17:51 -------- d-----w- c:\program files\OpenOffice2.4
2010-06-13 17:06 . 2009-02-07 22:01 -------- d-----w- c:\program files\OpenAL
2010-06-13 17:04 . 2009-08-23 10:43 -------- d-----w- c:\program files\K-Lite Codec Pack 5.0.5
2010-06-13 17:01 . 2009-06-08 08:10 -------- d-----w- c:\program files\ImgBurn
2010-06-13 17:00 . 2009-10-20 17:59 -------- d-----w- c:\program files\ICQ6Toolbar
2010-06-13 17:00 . 2010-04-16 16:54 -------- d-----w- c:\program files\GoldWave
2010-06-13 17:00 . 2009-10-20 17:50 -------- d-----w- c:\program files\ICQ6.5
2010-06-13 17:00 . 2009-08-15 18:56 -------- d-----w- c:\program files\HD Tune
2010-06-13 16:59 . 2008-11-21 15:47 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2010-06-13 16:59 . 2008-10-20 15:33 -------- d-----w- c:\program files\Free Download Manager
2010-06-13 16:58 . 2009-03-09 17:25 -------- d-----w- c:\program files\DivX
2010-06-13 16:50 . 2009-07-26 13:22 -------- d-----w- c:\program files\CCleaner
2010-06-13 16:33 . 2009-05-20 11:37 -------- d-----w- c:\program files\Apple Software Update
2010-06-13 16:33 . 2010-02-12 15:44 -------- d-----w- c:\program files\AMDAGP
2010-06-13 15:53 . 2008-07-02 19:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-10 14:38 . 2006-03-02 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-06-10 14:38 . 2006-03-02 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-06-10 14:23 . 2010-04-29 12:04 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-06-10 14:14 . 2008-07-02 19:47 -------- d-----w- c:\program files\ASUS
2010-05-20 15:19 . 2009-02-07 22:01 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2010-05-06 20:59 . 2008-07-03 16:44 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2008-07-03 16:44 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2008-07-03 16:44 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2008-07-03 16:44 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2008-07-03 16:44 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2008-07-03 16:44 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2008-07-03 16:44 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2008-07-03 16:44 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-06 10:35 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2006-03-02 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-22 13:44 . 2008-07-04 13:21 -------- d-----w- c:\program files\WinClamAVShield
2010-04-20 05:32 . 2006-03-02 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 01:05 . 2008-07-03 17:35 -------- d-----w- c:\program files\Java
2010-04-16 14:42 . 2010-04-16 14:42 21120 ----a-w- c:\windows\system32\drivers\nchssvad.sys
2010-04-14 16:47 . 2008-07-03 16:44 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-12 15:29 . 2010-04-20 01:05 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-07 02:42 . 2007-02-02 20:03 4687872 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-04-07 02:02 . 2010-05-20 13:05 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-04-07 02:02 . 2010-05-20 13:05 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-04-07 02:01 . 2010-05-20 13:05 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-04-07 02:00 . 2010-05-20 13:05 3981312 ----a-w- c:\windows\system32\aticaldd.dll
2010-04-07 01:52 . 2010-05-20 13:05 14356480 ----a-w- c:\windows\system32\atioglxx.dll
2010-04-07 01:46 . 2010-05-20 13:05 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-04-07 01:45 . 2007-02-02 20:03 300544 ----a-w- c:\windows\system32\ati2dvag.dll
2010-04-07 01:41 . 2007-02-02 19:46 3620288 ----a-w- c:\windows\system32\ati3duag.dll
2010-04-07 01:31 . 2010-05-20 13:05 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-04-07 01:30 . 2010-05-20 13:05 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-04-07 01:30 . 2010-05-20 13:05 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-04-07 01:30 . 2010-05-20 13:05 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-04-07 01:30 . 2010-05-20 13:05 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-04-07 01:28 . 2010-05-20 13:05 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-04-07 01:28 . 2007-02-02 19:40 2220928 ----a-w- c:\windows\system32\ativvaxx.dll
2010-04-07 01:27 . 2010-05-20 13:05 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-04-07 01:27 . 2010-05-20 13:05 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-04-07 01:27 . 2010-05-20 13:05 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-04-07 01:26 . 2010-05-20 13:05 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-04-07 01:23 . 2010-05-20 13:05 585728 ----a-w- c:\windows\system32\atikvmag.dll
2010-04-07 01:21 . 2010-05-20 13:05 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-04-07 01:21 . 2010-05-20 13:05 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-04-07 01:20 . 2010-05-20 13:05 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-04-07 01:15 . 2007-02-02 19:20 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-04-07 01:15 . 2010-05-20 13:05 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-04-07 01:14 . 2010-05-20 13:05 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-04-07 01:14 . 2010-05-20 13:05 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-03-28 16:46 . 2010-03-28 16:46 0 ----a-w- c:\windows\ativpsrm.bin
2010-03-26 16:21 . 2010-04-04 08:59 5883936 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-03-26 16:01 . 2010-04-04 08:59 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2010-03-26 16:01 . 2010-04-04 08:59 9721888 ----a-w- c:\windows\RTLCPL.EXE
2010-03-26 16:01 . 2010-04-04 08:59 19522592 ----a-w- c:\windows\RTHDCPL.EXE
2010-03-26 16:01 . 2009-12-31 06:23 129568 ----a-w- c:\windows\RtkAudioService.exe
2010-03-26 16:01 . 2010-04-04 08:59 64032 ----a-w- c:\windows\ALCMTR.EXE
2010-03-26 16:01 . 2010-04-04 08:59 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2010-03-20 13:52 . 2008-08-26 13:15 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-17 15:06 . 2010-05-20 13:05 202234 ----a-w- c:\windows\system32\atiicdxx.dat
2008-07-02 19:02 . 2008-08-26 12:12 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-07-02 19:02 . 2008-08-26 12:12 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-07-02 19:02 . 2008-08-26 12:12 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-07-02 19:02 . 2008-08-26 12:12 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-07-02 19:02 . 2008-08-26 12:12 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"OpwareSE4"="c:\program files\Tiskarna\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-08 2176512]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Miluji TŘ\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ATI Tray Tools.lnk - c:\program files\ATI Tray Tools\atitray.exe [2010-4-22 883200]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Samsung Multimedia Keyboard.lnk - c:\program files\SAMSUNG\Samsung Multimedia Keyboard\gpkbd.exe [2008-7-2 585728]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\docume~1\ALLUSE~1\DATAAP~1\SPYWAR~1\sp_rsdel.exe \??\c:\docume~1\ALLUSE~1\DATAAP~1\SPYWAR~1\sp_rsdel.dat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Games\\Far Cry2\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.7.2008 18:44 164048]
R1 atitray;atitray;c:\program files\ATI Tray Tools\atitray.sys [22.4.2010 6:15 19232]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [4.7.2008 15:18 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.7.2008 18:44 19024]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [20.10.2009 19:59 222968]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [2.7.2008 22:49 17408]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [31.12.2009 8:23 1691480]
S3 AmdTools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys --> c:\windows\system32\DRIVERS\AmdTools.sys [?]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [2.7.2008 22:49 14848]
S3 NCHSSVAD;SoundTap Recorder;c:\windows\system32\drivers\nchssvad.sys [16.4.2010 16:42 21120]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25.1.2008 11:12 25088]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS --> c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [?]
S3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys --> c:\windows\system32\drivers\wfeaglxt.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.1.2009 16:37 721904]
.
Obsah adresáře 'Naplánované úlohy'

2010-06-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2010-06-15 c:\windows\Tasks\User_Feed_Synchronization-{1A8E86E7-CA55-42CD-A2E6-39BDF2F60382}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-15 15:59
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1708537768-1123561945-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1708537768-1123561945-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E58BE9AB-719F-00EB-A408-4E798BB7A8EA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1708537768-1123561945-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d3,9c,9a,75,79,6f,81,10,05,08,eb,c5,15,f0,15,55,6a,e8,fe,41,a0,66,f6,
49,88,be,91,4d,0e,28,65,8c,39,25,20,58,ca,41,6c,f0,61,41,aa,1a,54,06,84,48,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1708537768-1123561945-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:e3,bf,30,4f,36,25,0c,88,a9,50,8a,28,de,40,6c,c5,04,fe,aa,90,8a,
8c,95,5c,95,ae,e6,20,f6,59,cc,65,dd,3e,1c,4c,43,a5,a6,58,c5,a8,ab,2e,b3,49,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2010-06-15 16:01:30
ComboFix-quarantined-files.txt 2010-06-15 14:01
ComboFix2.txt 2010-06-14 16:57

Před spuštěním: Volných bajtů: 13 687 676 928
Po spuštění: Volných bajtů: 13 684 764 672

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 11326E0E47D2609CE4178E118CF5523E

[Caroprd111]

Pokračujte podle návodu http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

[vaclavka83]

Autoscan: completed 2 minutes ago (events: 2, objects: 272244, time: 00:37:52)
15.6.2010 18:16:04 Task started
15.6.2010 18:53:56 Task completed

[Caroprd111]

Jak to vypadá s PC

[vaclavka83]

Nevím co přesně máte na mysli?

[Caroprd111]

Rychlost, stabilitu atp.

[vaclavka83]

Vypadáto dobře. Ale nevim jak odzkoušet stabylitu, když nemůžu spustit nějaké aplikace.

[Caroprd111]

Aplikace, které nejdou spustit, přeinstalujte.

[vaclavka83]

Takže vše co je v truhle avastu mam dát smazat?

[vaclavka83]

Můžu dát čištění registru cccleanerem?

[Caroprd111]

Co přesně je v truhle Avastu CCleaner použít můžete.