VIRY.CZ

Ještě tady vydrž - konzultuji další postup

ok diky mooc..

máte icq?

Pokud nemáš ComboFix na ploše, přesuň jej tam (máš ho v Dokumenty!)
Otevři Poznámkový blok (Start -> Spustit -> napiš Notepad OK) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

ComboFix se spustí - počkej na log a vlož ho sem.

Kód: Vybrat vše

KillAll::

File::
c:\windows\system32\Drivers\Winbh30.sys
c:\program files\Norton Security Scan\Nss.exe

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbh30.sys]

Driver::
Winbh30.sys

Rootkit::
c:\windows\system32\Drivers\Winbh30.sys

ATJob::

385550827

Tady se omlouvam to nejak moc dlouho trvalo....

a predem dekuji za pomoc...

ComboFix 09-10-04.01 - admin 2009-10-04 21:58.10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1023.674 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Dokumenty\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\admin\Plocha\CFscript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

FILE ::
"c:\program files\Norton Security Scan\Nss.exe"
"c:\windows\system32\Drivers\Winbh30.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\program files\Norton Security Scan\Nss.exe

Nakažená kopie c:\windows\system32\drivers\dtscsi.sys byla nalezena a vyléčena.
Kitty ate it

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Winbh30

((((((((((((((((((((((((( Soubory vytvořené od 2009-09-04 do 2009-10-04 )))))))))))))))))))))))))))))))
.

2009-10-03 18:00 . 2009-10-03 18:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-03 10:27 . 2009-10-03 10:27 -------- d-----w- c:\program files\Trend Micro
2009-10-03 10:19 . 2009-10-03 10:20 -------- d-----w- c:\program files\Navilog1
2009-10-03 10:16 . 2008-11-06 00:03 -------- d-----w- C:\SDFix
2009-09-30 14:38 . 2009-09-30 14:39 -------- dc-h--w- c:\windows\ie8
2009-09-28 08:28 . 2009-09-28 08:28 -------- d-----w- c:\program files\CCleaner
2009-09-27 17:47 . 2009-09-27 18:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-27 17:47 . 2009-09-27 17:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-13 14:29 . 2009-09-13 14:34 -------- d-----w- c:\program files\FlatOut
2009-09-10 16:55 . 2009-09-10 16:55 -------- d-----w- c:\program files\EA Sports
2009-09-09 18:25 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 19:36 . 2008-07-30 20:05 -------- d-----w- c:\program files\Norton Security Scan
2009-10-04 15:14 . 2008-01-08 18:35 -------- d-----w- c:\program files\Call of Duty
2009-10-03 16:40 . 2008-05-27 14:11 -------- d-----w- c:\program files\Graffiti Studio 2.0
2009-10-01 18:06 . 2009-08-12 16:02 -------- d-----w- c:\program files\AoA Audio Extractor
2009-09-25 09:54 . 2009-09-02 14:32 -------- d-----w- c:\program files\Seznam.cz
2009-09-23 16:58 . 2009-08-31 16:50 -------- d-----w- c:\program files\Electronic Arts
2009-09-21 15:40 . 2009-06-30 15:19 -------- d-----w- c:\program files\Vietcong
2009-09-20 12:07 . 2007-05-12 15:15 -------- d-----w- c:\program files\Vietcong2
2009-09-18 16:01 . 2008-08-15 16:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-13 14:01 . 2007-08-22 15:09 2970 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-09-10 17:21 . 2009-03-05 17:09 -------- d-----w- c:\program files\Banner Maker Pro for Flash 3
2009-09-10 17:16 . 2008-03-30 10:09 -------- d-----w- c:\program files\City Interactive
2009-09-10 17:14 . 2008-07-04 11:17 -------- d-----w- c:\program files\Diablo II Shareware
2009-08-31 16:50 . 2006-11-10 13:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-15 09:27 . 2009-08-15 09:27 -------- d-----w- c:\program files\DsNET Corp
2009-08-13 12:55 . 2009-08-12 16:23 -------- d-----w- c:\program files\Winamp
2009-08-12 16:02 . 2009-08-12 16:02 -------- d-----w- c:\program files\YouTube Downloader
2009-08-10 16:45 . 2009-08-10 16:44 -------- d-----w- c:\program files\PhotoFiltre Studio
2009-08-10 12:41 . 2004-08-18 12:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2009-08-10 12:41 . 2004-08-18 12:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2009-08-10 12:36 . 2009-08-10 12:36 -------- d-----w- c:\program files\MSBuild
2009-08-10 12:35 . 2009-08-10 12:35 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 17:24 . 2006-11-09 16:56 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2006-11-09 16:56 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2006-11-15 02:25 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2006-11-09 16:56 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2006-11-09 16:56 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2004-08-18 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2006-11-09 16:56 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2008-03-01 08:02 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 17:23 . 2007-07-30 18:18 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 17:23 . 2006-11-09 16:56 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-18 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:04 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-18 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2002-10-06 18:37 . 2006-03-21 18:33 53760 ----a-w- c:\program files\zlib.dll
1996-12-02 15:44 . 1996-12-02 15:44 582144 ----a-w- c:\program files\Common Files\dao350.dll
2005-09-24 04:44 . 2008-07-30 19:02 77824 ----a-w- c:\program files\internet explorer\plugins\Kopie - nppdf32.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-03_19.04.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-04 20:08 . 2009-10-04 20:08 16384 c:\windows\temp\Perflib_Perfdata_f90.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2007-08-21 208946]
"Weather"="c:\progra~1\AWS\WEATHE~1\Weather.exe" [2004-11-08 1597440]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-02-21 949376]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"openvpn-gui"="c:\program files\OpenVPN\bin\openvpn-gui.exe" [2007-02-09 92160]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-12-02 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-12-17 61440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-11 1519616]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-07-22 28160]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-06-21 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-12-3 625952]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Basic Client.lnk - c:\program files\Dynu Systems\Basic\DynuBas.exe [2004-6-25 823296]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-11-12 528384]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RACServerLogon]
2007-09-11 09:03 57344 ----a-w- c:\windows\system32\RACServerLogon2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Roger Wilco\\roger.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"c:\\Program Files\\PCNetSoftware\\RAC Server\\RACs.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Vietcong2\\vc2ded.exe"=
"c:\\Program Files\\Vietcong2\\vietcong2.exe"=
"c:\\Program Files\\Vietcong\\vcded.exe"=
"c:\\Program Files\\Vietcong\\vietcong.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Graffiti Studio 2.0\\Graffiti Studio.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5425:TCP"= 5425:TCP:*:Disabled:CZ servr!

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-02-21 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-09-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-09-15 74480]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-11-05 222456]
R2 PCNetSoftware RAC Server;PCNetSoftware RAC Server;c:\program files\PCNetSoftware\RAC Server\RACs.exe [2007-09-21 3026944]
R2 RACDriver;RAC driver;c:\program files\PCNetSoftware\RAC Server\RACDriver.sys [2007-09-21 8208]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2008-01-30 25216]
S2 DynuBasic;Dynu Basic Dynamic DNS Client v3.24;c:\program files\Dynu Systems\Basic\BasicSvc.exe [2004-06-25 159744]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2008-12-25 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2008-12-25 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2008-12-25 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2008-12-25 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2008-12-25 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2008-12-25 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2008-12-25 117672]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-15 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunCasino.exe
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\nt4sk49s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://home.gamingharbor.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\nt4sk49s.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 22:08
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1409082233-1637723038-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1409082233-1637723038-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:29,22,94,c5,e8,46,b7,3b,b3,16,31,73,ce,79,4b,82,04,2f,c4,01,a7,
5d,83,5f,f3,b8,0b,ed,a1,cc,cf,fd,2c,bf,d7,d5,05,eb,cd,48,8a,91,73,4c,e1,6a,\
"rkeysecu"=hex:05,b7,ff,79,c5,a3,f7,a5,48,49,b9,7c,b0,90,a8,a5

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1092)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\RACServerLogon2.dll

- - - - - - - > 'lsass.exe'(1160)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(3904)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\IncrediMail\bin\B4ImApp.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Spybot - Search & Destroy\SDHelper.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\progra~1\INCRED~1\bin\ImApp.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Celkový čas: 2009-10-04 22:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-10-04 20:19
ComboFix2.txt 2009-10-04 10:44
ComboFix3.txt 2009-10-03 20:52
ComboFix4.txt 2009-10-03 20:21
ComboFix5.txt 2009-10-04 19:24

Před spuštěním: Volných bajtů: 172,073,263,104
Po spuštění: Volných bajtů: 172,034,985,984

297 --- E O F --- 2009-10-01 13:26

sice jsi Combofix nechal v Dokumentech a ne na ploše a Anti Vir zůstal spuštěný, ale snad to i tak proběhlo regulérně.
Zkus jestli při spuštění hry problém přetrvává.

Jinak najdi v adresáři:
C:\Documents and Settings\admin\Local Settings\Temp\77e5_appcompat.txt
Klik pravým myšítkem -> Otevřít v programu -> Poznámkový blok
V textu klik levým kamkoliv do textu - > stisk Ctrl+A - označí vše -> Ctrl+C - zkopíruje do schránky
Dej Odpovědět ve svém příspěvku a Ctrl+V - vloží obsah textu do tvého příspěvku

Pro pokročilou hodinu další kolo zítra

mno.. bohužel problém stále přetrvává...
No ten soubor 77e5_appcompat.txt tam vubec neni v pc... dal jsem star- spustit a ten soubor a nic...
a jináč fáákt díky že pomáháte... snad se ten problém už konečně vyřeší...

BroOskeW píše:mno.. bohužel problém stále přetrvává...
No ten soubor 77e5_appcompat.txt tam vubec neni v pc... dal jsem star- spustit a ten soubor a nic

Tento počítač -> C:\Documents and Settings -> admin -> Local Settings -> Temp otevři a vyber si jeden soubor typu
(4znaky)_appcompat.txt -> Klik pravým myšítkem -> Otevřít v programu -> Poznámkový blok
Otevře se okno a v textu klik pravým -> Vybrat vše -> znovu pravým -> Kopírovat

Vrátíš se sem -> tlačítko odpovědět do okna klik pravým -> Vložit -> Odeslat

krok za krokem přesně jak to píšu

Jasný já vím ale ja tam ten soubour _appcompat.txt vubec nemam nic pod takovím nazvem..

Přesuň Combofix na plochu a udělej ještě jeden výmaz pomocí CFscriptu

Kód: Vybrat vše

DDS::
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTM
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunCasino.exe

Firefox::
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\nt4sk49s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://home.gamingharbor.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/sli ... pab&query=

ComboFix se spustí - počkej na log a vlož ho sem.[/quote]

Stáhni Ccleaner - odkaz v mém podpisu.

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.
Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Ten si můžeš nechat i na budoucí občasné čištění.

ComboFix 09-10-04.01 - admin 2009-10-05 19:40.11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1023.675 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Dokumenty\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\admin\Plocha\CFscript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

Nakažená kopie c:\windows\system32\drivers\dtscsi.sys byla nalezena a vyléčena.
Kitty ate it

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-05 do 2009-10-05 )))))))))))))))))))))))))))))))
.

2009-10-03 18:00 . 2009-10-03 18:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-03 10:27 . 2009-10-03 10:27 -------- d-----w- c:\program files\Trend Micro
2009-10-03 10:19 . 2009-10-03 10:20 -------- d-----w- c:\program files\Navilog1
2009-10-03 10:16 . 2008-11-06 00:03 -------- d-----w- C:\SDFix
2009-09-30 14:38 . 2009-09-30 14:39 -------- dc-h--w- c:\windows\ie8
2009-09-28 08:28 . 2009-09-28 08:28 -------- d-----w- c:\program files\CCleaner
2009-09-27 17:47 . 2009-09-27 18:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-27 17:47 . 2009-09-27 17:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-13 14:29 . 2009-09-13 14:34 -------- d-----w- c:\program files\FlatOut
2009-09-10 16:55 . 2009-09-10 16:55 -------- d-----w- c:\program files\EA Sports
2009-09-09 18:25 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 19:36 . 2008-07-30 20:05 -------- d-----w- c:\program files\Norton Security Scan
2009-10-04 15:14 . 2008-01-08 18:35 -------- d-----w- c:\program files\Call of Duty
2009-10-03 16:40 . 2008-05-27 14:11 -------- d-----w- c:\program files\Graffiti Studio 2.0
2009-10-01 18:06 . 2009-08-12 16:02 -------- d-----w- c:\program files\AoA Audio Extractor
2009-09-25 09:54 . 2009-09-02 14:32 -------- d-----w- c:\program files\Seznam.cz
2009-09-23 16:58 . 2009-08-31 16:50 -------- d-----w- c:\program files\Electronic Arts
2009-09-21 15:40 . 2009-06-30 15:19 -------- d-----w- c:\program files\Vietcong
2009-09-20 12:07 . 2007-05-12 15:15 -------- d-----w- c:\program files\Vietcong2
2009-09-18 16:01 . 2008-08-15 16:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-13 14:01 . 2007-08-22 15:09 2970 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-09-10 17:21 . 2009-03-05 17:09 -------- d-----w- c:\program files\Banner Maker Pro for Flash 3
2009-09-10 17:16 . 2008-03-30 10:09 -------- d-----w- c:\program files\City Interactive
2009-09-10 17:14 . 2008-07-04 11:17 -------- d-----w- c:\program files\Diablo II Shareware
2009-08-31 16:50 . 2006-11-10 13:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-15 09:27 . 2009-08-15 09:27 -------- d-----w- c:\program files\DsNET Corp
2009-08-13 12:55 . 2009-08-12 16:23 -------- d-----w- c:\program files\Winamp
2009-08-12 16:02 . 2009-08-12 16:02 -------- d-----w- c:\program files\YouTube Downloader
2009-08-10 16:45 . 2009-08-10 16:44 -------- d-----w- c:\program files\PhotoFiltre Studio
2009-08-10 12:41 . 2004-08-18 12:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2009-08-10 12:41 . 2004-08-18 12:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2009-08-10 12:36 . 2009-08-10 12:36 -------- d-----w- c:\program files\MSBuild
2009-08-10 12:35 . 2009-08-10 12:35 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 17:24 . 2006-11-09 16:56 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2006-11-09 16:56 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2006-11-15 02:25 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2006-11-09 16:56 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2006-11-09 16:56 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2004-08-18 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2006-11-09 16:56 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2008-03-01 08:02 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 17:23 . 2007-07-30 18:18 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 17:23 . 2006-11-09 16:56 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-18 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:04 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-18 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2002-10-06 18:37 . 2006-03-21 18:33 53760 ----a-w- c:\program files\zlib.dll
1996-12-02 15:44 . 1996-12-02 15:44 582144 ----a-w- c:\program files\Common Files\dao350.dll
2005-09-24 04:44 . 2008-07-30 19:02 77824 ----a-w- c:\program files\internet explorer\plugins\Kopie - nppdf32.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2007-08-21 208946]
"Weather"="c:\progra~1\AWS\WEATHE~1\Weather.exe" [2004-11-08 1597440]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-02-21 949376]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"openvpn-gui"="c:\program files\OpenVPN\bin\openvpn-gui.exe" [2007-02-09 92160]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-12-02 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-12-17 61440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-11 1519616]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-07-22 28160]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-06-21 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-12-3 625952]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Basic Client.lnk - c:\program files\Dynu Systems\Basic\DynuBas.exe [2004-6-25 823296]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-11-12 528384]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RACServerLogon]
2007-09-11 09:03 57344 ----a-w- c:\windows\system32\RACServerLogon2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Roger Wilco\\roger.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"c:\\Program Files\\PCNetSoftware\\RAC Server\\RACs.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Vietcong2\\vc2ded.exe"=
"c:\\Program Files\\Vietcong2\\vietcong2.exe"=
"c:\\Program Files\\Vietcong\\vcded.exe"=
"c:\\Program Files\\Vietcong\\vietcong.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Graffiti Studio 2.0\\Graffiti Studio.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5425:TCP"= 5425:TCP:*:Disabled:CZ servr!

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-02-21 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-09-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-09-15 74480]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-11-05 222456]
R2 PCNetSoftware RAC Server;PCNetSoftware RAC Server;c:\program files\PCNetSoftware\RAC Server\RACs.exe [2007-09-21 3026944]
R2 RACDriver;RAC driver;c:\program files\PCNetSoftware\RAC Server\RACDriver.sys [2007-09-21 8208]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2008-01-30 25216]
S2 DynuBasic;Dynu Basic Dynamic DNS Client v3.24;c:\program files\Dynu Systems\Basic\BasicSvc.exe [2004-06-25 159744]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2008-12-25 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2008-12-25 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2008-12-25 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2008-12-25 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2008-12-25 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2008-12-25 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2008-12-25 117672]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-15 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunCasino.exe
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\nt4sk49s.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - component: c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\nt4sk49s.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-05 19:49
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1409082233-1637723038-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1409082233-1637723038-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:e9,be,b8,e3,27,49,33,c3,6a,62,16,07,37,21,6a,db,e4,92,24,6c,53,
76,61,63,eb,85,3f,36,09,27,d1,3e,c9,a1,3a,4a,22,b9,9f,1a,ec,e6,6d,8d,9e,76,\
"rkeysecu"=hex:8c,ca,ec,e2,1d,82,c3,a2,4e,e5,fc,0e,06,0b,e3,92

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1104)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\RACServerLogon2.dll

- - - - - - - > 'lsass.exe'(1164)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2009-10-05 19:54
ComboFix-quarantined-files.txt 2009-10-05 17:53
ComboFix2.txt 2009-10-04 20:21
ComboFix3.txt 2009-10-04 10:44
ComboFix4.txt 2009-10-03 20:52
ComboFix5.txt 2009-10-05 17:36

Před spuštěním: Volných bajtů: 171,946,192,896
Po spuštění: Volných bajtů: 171,961,122,816

248 --- E O F --- 2009-10-01 13:26

a ten druhej ukol s cleaner to stím mám taky udelat?

Také nevím jestli je to potrebny ale ukázalo se tam ze tam byl výskyt rokytu takze to chtelo rr pc.. nevím jetsli je to dulezite ale objevilo se to tam a taky predtim jeste nejaka chybova sprava... dal jsem informace.. a zase ten ab...

zkusíme rootkita odhalit

http://www.viry.cz/forum/viewtopic.php?f=29&t=62878 - návod včetně odkazu na stažení

výsledné logy budou dva - oba sem dej

GMER 1.0.15.15125 - http://www.gmer.net
Rootkit quick scan 2009-10-06 16:33:53
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\admin\LOCALS~1\Temp\fwdoyaob.sys

---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwEnumerateKey [0xF72B8C22]
SSDT sptd.sys ZwEnumerateValueKey [0xF72B8F9A]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86DCF450

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )

---- EOF - GMER 1.0.15 ----

tedka druhy log ...

GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-06 17:53:40
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\admin\LOCALS~1\Temp\fwdoyaob.sys

---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xF72B8AC8]
SSDT sptd.sys ZwEnumerateKey [0xF72B8C22]
SSDT sptd.sys ZwEnumerateValueKey [0xF72B8F9A]
SSDT sptd.sys ZwOpenKey [0xF72B898E]
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess [0xF07D48AC]
SSDT sptd.sys ZwQueryKey [0xF72B9064]
SSDT sptd.sys ZwQueryValueKey [0xF72B8EFC]
SSDT sptd.sys ZwSetValueKey [0xF72B90EC]
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess [0xF07D4812]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
? C:\WINDOWS\System32\Drivers\SPTD0877.SYS Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F56BA4F0 16 Bytes [82, 9B, 0F, AA, 6B, 1D, 12, ...]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 F56BA501 19 Bytes [90, 6B, F5, 26, 54, 3A, 66, ...]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 25 F56BA515 11 Bytes [15, D4, FE, BB, 84, 1A, B7, ...] {ADC EAX, 0x84bbfed4; SBB DH, [EDI-0x6b380ce]}
? C:\WINDOWS\System32\Drivers\dtscsi.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\internet explorer\iexplore.exe[2676] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 414E51FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2676] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 415B9521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2676] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 415ACB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2676] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 415BD3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2676] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 415243F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2676] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 416B3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2676] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 416B3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2676] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 416B3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2676] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 416B3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2676] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 416B3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2676] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 416B3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2676] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 416B3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2676] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 415BD408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2676] ole32.dll!OleLoadFromStream 77519C85 5 Bytes JMP 416B3F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3600] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 414E51FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3600] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 415BD3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3600] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 416B3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3600] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 416B3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3600] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 416B3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3600] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 416B3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3600] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 416B3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3600] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 416B3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3600] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 416B3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F72B4AD2] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F72B4C0E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72B4B96] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72B576C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72B5642] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72D7056] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [1002DE60] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRect] [1002DED0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [1002DEF0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowLongA] [1002DEF0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[540] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\internet explorer\iexplore.exe[2676] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86DCF450

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )

Device \Driver\00000039 \Device\00000050 sptd.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{489F5A9E-FD15-4AD2-B685-9E399D5D0E67} 8601E728
Device \Driver\Ftdisk \Device\HarddiskVolume1 86DCFEB0
Device \Driver\Cdrom \Device\CdRom0 86BC3910
Device \FileSystem\Rdbss \Device\FsWrap 86B230E8
Device \Driver\Cdrom \Device\CdRom1 86BC3910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F722EB40] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort0 [F722EB40] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort1 [F722EB40] atapi.sys[unknown section]
Device \Driver\nvata \Device\00000075 86DCF940
Device \Driver\NetBT \Device\NetBt_Wins_Export 8601E728
Device \Driver\NetBT \Device\NetbiosSmb 8601E728
Device \Driver\Disk \Device\Harddisk0\DR0 86DCF688
Device \Driver\nvata \Device\NvAta0 86DCF940
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86B720E8
Device \Driver\nvata \Device\NvAta1 86DCF940
Device \Driver\NetBT \Device\NetBT_Tcpip_{E9A85878-1B6F-40B4-A0FC-CC53DEF58FEE} 8601E728
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86B720E8
Device \FileSystem\Npfs \Device\NamedPipe 86B45DE0
Device \Driver\Ftdisk \Device\FtControl 86DCFEB0
Device \FileSystem\Msfs \Device\Mailslot 86A586E0
Device \Driver\NetBT \Device\NetBT_Tcpip_{B11B188B-EB3C-44A0-BA89-B488009DACFF} 8601E728
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 867A42F8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 867A42F8
Device \FileSystem\Cdfs \Cdfs 867FB408

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 -1150945310
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -817086391
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 387646217
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7D 0x82 0xAA 0xAD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x79 0xA1 0xC6 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x83 0xA5 0x90 0x41 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7D 0x82 0xAA 0xAD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x79 0xA1 0xC6 0x27 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x83 0xA5 0x90 0x41 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7D 0x82 0xAA 0xAD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x79 0xA1 0xC6 0x27 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x83 0xA5 0x90 0x41 ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\admin\Dokumenty\ICQ\487605113\ReceivedFiles\370842059 Blackout..\blaster.jpg 56510 bytes
File C:\Documents and Settings\admin\Dokumenty\ICQ\487605113\ReceivedFiles\370842059 Blackout..\chariot.jpg 57556 bytes
File C:\Documents and Settings\admin\Dokumenty\ICQ\487605113\ReceivedFiles\370842059 Blackout..\tanker.jpg 74377 bytes
File C:\Documents and Settings\admin\Dokumenty\ICQ\487605113\ReceivedFiles\396658687 TwiTch..\24-403~Borat-Posters.jpg 40245 bytes
File C:\Documents and Settings\admin\Dokumenty\ICQ\487605113\ReceivedFiles\396658687 TwiTch..\ja new.jpg 31874 bytes
File C:\Documents and Settings\admin\Dokumenty\ICQ\487605113\ReceivedFiles\396658687 TwiTch..\josef.jpg 129869 bytes
File C:\Documents and Settings\admin\Dokumenty\ICQ\487605113\ReceivedFiles\396658687 TwiTch..\pepa.bmp 564054 bytes
File C:\Documents and Settings\admin\Dokumenty\ICQ\487605113\ReceivedFiles\396658687 TwiTch..\Thumbs.db 17408 bytes
File C:\Documents and Settings\admin\Dokumenty\ICQ\487605113\ReceivedFiles\396658687 TwiTch..\untitled.bmp 2359350 bytes

---- EOF - GMER 1.0.15 ----

Otevři správce úloh (Ctrl+Alt+Del) - záložka "Procesy" - daemon.exe a TeaTimer.exe -> Ukončit proces

Stáhni a nainstaluj
http://www.stahuj.centrum.cz/utility_a_ ... staller/?g
Odinstaluj program - DAEMON Tools
označ vše co najde a dej smazat.

Totéž s programem - Spybot - Search & Destroy

Klik na T-cleaner v mém podpisu - stáhni a spusť.

Klik na SVI v mém podpisu a podle návodu vyčisti Body obnovy

Až to bude - nový log z RSIT

VIRY.CZ

_appcompat.txt

Re: _appcompat.txt

Re: _appcompat.txt

Re: _appcompat.txt

Re: _appcompat.txt

Re: _appcompat.txt

Re: _appcompat.txt

Re: _appcompat.txt

Re: _appcompat.txt

Re: _appcompat.txt

Re: _appcompat.txt

Re: _appcompat.txt

Re: _appcompat.txt

Re: _appcompat.txt

Re: _appcompat.txt

Re: _appcompat.txt