VIRY.CZ

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2004.08.17 15:49:24 | 000,015,360 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2008.11.18 15:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Adobe
[2010.03.12 21:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Ahead
[2009.05.13 15:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Apple Computer
[2008.11.07 22:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\ATI
[2010.04.14 11:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Autodesk
[2010.07.19 16:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Azureus
[2009.05.03 21:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Capcom
[2008.11.11 13:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\CyberLink
[2010.07.05 16:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\DAEMON Tools
[2009.03.28 14:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\DAEMON Tools Lite
[2009.03.28 15:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\DAEMON Tools Pro
[2009.09.20 15:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Download Manager
[2010.09.11 10:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\dvdcss
[2009.01.28 13:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\EPSON
[2008.11.07 23:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\ESET
[2008.11.11 10:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\FaxCtr
[2008.12.14 01:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Help
[2009.06.08 16:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\ICQ
[2008.11.07 22:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Identities
[2008.11.07 22:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\InstallShield
[2008.11.18 15:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\InterTrust
[2010.03.06 14:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Kingston
[2010.08.05 20:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\LangSoft
[2008.11.19 14:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Leadertech
[2008.11.07 23:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Macromedia
[2009.10.06 21:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Malwarebytes
[2009.03.10 18:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Media Player Classic
[2009.01.20 22:59:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft
[2010.01.03 22:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\MOBILedit
[2008.11.08 11:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Mozilla
[2010.03.12 20:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Nero
[2009.09.04 20:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Nordic Games
[2009.01.02 01:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\ProtectDisc
[2008.11.11 00:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Publish Providers
[2010.08.09 18:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Raptr
[2010.03.06 14:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Security_File
[2008.12.05 16:04:55 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\SecuROM
[2010.09.04 14:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Skype
[2008.11.13 11:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Sony
[2009.12.21 21:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Sports Interactive
[2008.12.06 00:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Sun
[2010.02.04 19:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Tropico 3
[2009.01.14 14:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\TuneUp Software
[2010.04.14 16:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Ubisoft
[2009.03.10 18:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Uniblue
[2010.09.20 20:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\uTorrent
[2009.02.28 11:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\VitySoft
[2010.08.27 15:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\vlc
[2010.08.15 13:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\Vso
[2009.07.03 11:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lukáš\Data aplikací\WinRAR

< %APPDATA%\*.exe /s >
[2009.09.29 12:12:08 | 001,519,616 | ---- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Kingston\SecureTraveler.exe
[2008.11.07 22:42:33 | 000,009,158 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{5399ACAF-7B15-43D5-9233-4E797B184FD2}\ARPPRODUCTICON.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_124305e.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_12db153c.exe
[2010.09.20 21:08:56 | 000,005,430 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_154754de.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_16496df1.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_18be6784.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_26e91eb.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_294823.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_2cd672ae.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_39b32d12.exe
[2010.09.20 21:08:57 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_428b26a6.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_440d491c.exe
[2010.09.20 21:08:57 | 000,013,262 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_45091238.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_4ae13d6c.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_4d064db7.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_5af141bb.exe
[2010.09.20 21:08:57 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_644366bb.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_69525f90.exe
[2010.09.20 21:08:57 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_701f5d03.exe
[2010.09.20 21:08:57 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_74d4dc8.exe
[2010.09.20 21:08:57 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_7a5a767d.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_7e87390c.exe
[2010.09.20 21:08:56 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_bb32ea6.exe
[2010.09.20 21:08:56 | 000,009,662 | R--- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft\Installer\{DE6A7775-D036-4216-AD8A-2ACBAC49F532}\_f3e99.exe
[2007.01.29 16:34:14 | 002,479,568 | ---- | M] ( ) -- C:\Documents and Settings\Lukáš\Data aplikací\Mozilla\Firefox\Profiles\y6oatlgg.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe
[2009.09.29 12:12:08 | 001,519,616 | ---- | M] () -- C:\Documents and Settings\Lukáš\Data aplikací\Security_File\AP\SecureTraveler.exe
[2010.05.28 03:48:25 | 000,922,400 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Lukáš\Data aplikací\Sun\Java\JRERunOnce.exe

< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 09:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\autochk.exe
[2004.08.17 15:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\system32\autochk.exe
[2004.08.17 15:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\system32\dllcache\autochk.exe

< MD5 for: CDROM.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
[2008.04.14 09:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 09:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
[2007.05.17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 09:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\hal.dll
[2004.08.03 22:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\changer.sys

< MD5 for: ISAPNP.SYS >
[2001.10.25 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
[2008.04.14 09:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 01:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
[2008.04.14 09:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
[2008.04.14 09:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\dllcache\smss.exe
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
[2004.08.17 16:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 09:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 01:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 09:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 09:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
[2008.04.14 09:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010.09.21 17:57:38 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010.09.21 15:49:09 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010.09.21 17:57:38 | 040,632,320 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010.09.21 17:57:38 | 010,485,760 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.09.21 16:16:19 | 000,000,288 | ---- | M] () -- C:\WINDOWS\system32\$winnt$.inf
[2010.09.21 16:13:03 | 000,016,832 | ---- | M] () -- C:\WINDOWS\system32\amcompat.tlb
[2010.09.21 16:12:08 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\system32\cdplayer.exe.manifest
[2010.09.21 16:10:38 | 000,023,876 | ---- | M] () -- C:\WINDOWS\system32\emptyregdb.dat
[2010.09.21 16:18:47 | 000,298,848 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2010.09.21 16:12:13 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\system32\logonui.exe.manifest
[2010.09.21 16:12:08 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\system32\ncpa.cpl.manifest
[2010.09.21 16:13:03 | 000,023,392 | ---- | M] () -- C:\WINDOWS\system32\nscompat.tlb
[2010.09.21 16:12:08 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\system32\nwc.cpl.manifest
[2010.09.21 16:23:26 | 000,100,572 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2010.09.21 16:23:26 | 000,087,544 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2010.09.21 16:23:26 | 000,496,788 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2010.09.21 16:23:26 | 000,501,294 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2010.09.21 16:23:25 | 001,204,914 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2010.09.21 16:12:08 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\system32\sapi.cpl.manifest
[2010.09.21 16:12:13 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\system32\WindowsLogon.manifest
[2010.09.21 16:22:24 | 000,002,228 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[2010.09.21 16:12:08 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\system32\wuaucpl.cpl.manifest
< End of report >

Pokračujte podle návodu http://www.bleepingcomputer.com/combofi ... t-combofix

Ten log je strasne velky. Ma pres 500 000 znaku.

Log zazipujte a vložte ho do přílohy.

log jsem nahral na lezteckou postu.

http://leteckaposta.cz/220944520

Pokud nemáte, přesuňte Combofix na plochu

Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

Restore::
C:\windows\system32\Drivers\atapi.sys

Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

ComboFix 10-09-20.07 - Lukáš 21.09.2010 20:25:36.12.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3326.2606 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lukáš\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Lukáš\Plocha\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

Nakažená kopie c:\windows\system32\Drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\atapi.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-21 do 2010-09-21 )))))))))))))))))))))))))))))))
.

2010-09-21 14:14 . 2001-10-24 10:25 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2010-09-21 14:13 . 2004-08-17 13:49 6144 -c--a-w- c:\windows\system32\dllcache\ftpmib.dll
2010-09-21 14:11 . 2001-10-25 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-09-21 14:00 . 2001-10-25 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-09-21 14:00 . 2001-10-25 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-09-21 14:00 . 2001-10-25 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-09-21 14:00 . 2001-10-25 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-09-20 17:50 . 2010-09-20 17:50 -------- d-----w- C:\_OTL
2010-09-20 15:52 . 2010-09-20 15:52 -------- d-----w- C:\rsit
2010-09-17 15:59 . 2010-09-20 15:50 -------- d-----w- C:\ToolBar SD
2010-09-12 15:01 . 2010-09-12 15:02 -------- d-----w- C:\Mise do mafie 2
2010-09-04 18:28 . 2010-09-04 18:28 -------- d-----w- C:\mhdmdm
2010-09-04 15:51 . 2010-09-04 15:52 -------- d-----w- c:\program files\Austrian Truck Simulator
2010-09-04 12:42 . 2010-09-13 19:03 -------- d-----w- c:\program files\Share Rapid Uploader
2010-08-25 17:24 . 2010-07-07 01:58 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-08-25 17:24 . 2010-07-07 01:58 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-08-25 17:24 . 2010-07-07 01:57 4337664 ----a-w- c:\windows\system32\aticaldd.dll
2010-08-25 17:24 . 2010-07-07 01:29 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-08-25 17:24 . 2010-07-07 01:15 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-08-25 17:24 . 2009-05-11 21:35 118784 ----a-w- c:\windows\system32\atibtmon.exe
2010-08-25 17:24 . 2009-02-18 17:55 294912 ----a-w- c:\windows\system32\ATIODE.exe
2010-08-25 17:24 . 2009-02-03 20:52 45056 ----a-w- c:\windows\system32\ATIODCLI.exe
2010-08-25 17:24 . 2010-08-25 17:26 -------- d-----w- c:\program files\ATI
2010-08-25 17:23 . 2010-08-25 17:23 -------- d-----w- C:\ATI
2010-08-25 16:05 . 2010-08-25 16:18 -------- d-----w- c:\program files\Mafie 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-21 14:23 . 2001-10-25 14:00 496788 ----a-w- c:\windows\system32\perfh005.dat
2010-09-21 14:23 . 2001-10-25 14:00 100572 ----a-w- c:\windows\system32\perfc005.dat
2010-09-21 14:10 . 2008-11-07 20:31 23876 ----a-w- c:\windows\system32\emptyregdb.dat
2010-09-20 19:32 . 2010-09-20 19:32 1468534784 ----a-w- c:\documents and settings\Administrator\prf33.tmp
2010-09-20 19:27 . 2008-11-07 20:47 15600 ----a-w- c:\windows\gdrv.sys
2010-09-20 17:14 . 2009-06-28 13:42 -------- d-----w- c:\program files\ESET
2010-09-08 06:24 . 2010-07-30 18:35 -------- d-----w- c:\program files\City Interactive
2010-09-04 11:47 . 2010-01-20 16:23 -------- d-----w- c:\program files\Call of Duty Modern Warfare 2
2010-09-04 10:55 . 2008-11-08 10:49 -------- d-----w- c:\program files\ParadisePoker
2010-09-04 08:08 . 2008-11-07 22:12 -------- d-----w- c:\program files\CCleaner
2010-08-25 17:24 . 2008-11-07 20:39 -------- d-----w- c:\program files\ATI Technologies
2010-08-24 15:25 . 2009-02-27 15:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-09 16:20 . 2009-03-04 18:51 -------- d-----w- c:\program files\Sega
2010-08-09 15:44 . 2010-04-14 09:33 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-08-09 15:44 . 2010-04-14 09:33 -------- d-----w- c:\program files\AutoCAD 2010
2010-08-07 07:27 . 2010-08-07 07:27 -------- d-----w- c:\program files\Common Files\Java
2010-08-07 07:26 . 2008-12-05 22:38 -------- d-----w- c:\program files\Java
2010-07-25 17:00 . 2009-07-07 08:44 -------- d-----w- c:\program files\Ubisoft
2010-07-25 16:54 . 2008-11-07 20:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-24 08:48 . 2010-07-23 17:09 -------- d-----w- c:\program files\AIMP2
2010-07-17 03:00 . 2010-07-07 06:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-07 02:27 . 2007-06-15 01:58 5069312 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-07-07 01:53 . 2008-12-01 20:46 15499264 ----a-w- c:\windows\system32\atioglxx.dll
2010-07-07 01:50 . 2008-11-07 21:27 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-07-07 01:48 . 2008-11-07 20:39 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:47 . 2007-06-15 01:59 299520 ----a-w- c:\windows\system32\ati2dvag.dll
2010-07-07 01:41 . 2007-06-15 01:41 3869952 ----a-w- c:\windows\system32\ati3duag.dll
2010-07-07 01:33 . 2007-06-15 01:52 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-07-07 01:32 . 2007-03-23 20:23 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-07-07 01:32 . 2007-06-15 01:51 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-07-07 01:32 . 2007-06-15 01:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-07-07 01:32 . 2007-06-15 01:51 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-07-07 01:31 . 2007-06-15 01:50 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-07-07 01:29 . 2007-06-15 01:49 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-07-07 01:28 . 2007-06-15 01:31 2273920 ----a-w- c:\windows\system32\ativvaxx.dll
2010-07-07 01:27 . 2008-11-07 21:27 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-07-07 01:27 . 2008-11-07 21:27 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-07-07 01:25 . 2007-06-15 01:18 573440 ----a-w- c:\windows\system32\atikvmag.dll
2010-07-07 01:24 . 2007-06-15 01:14 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-07-07 01:24 . 2008-12-01 19:52 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-07-07 01:23 . 2007-06-15 01:17 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-07-07 01:19 . 2007-06-15 01:11 704512 ----a-w- c:\windows\system32\ati2cqag.dll
2010-07-07 01:15 . 2008-12-01 19:57 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-07-07 01:15 . 2007-06-15 01:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-09-21_15.27.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-21 18:31 . 2010-09-21 18:31 16384 c:\windows\temp\Perflib_Perfdata_2b4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-11 282624]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]

[HKLM\~\startupfolder\C:^Documents and Settings^Lukáš^Nabídka Start^Programy^Po spuštění^FreeRapid 0.81.lnk]
backup=c:\windows\pss\FreeRapid 0.81.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2007-02-06 12:08 1953792 ----a-r- c:\windows\system32\JMRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2006-10-30 12:44 36864 ----a-r- c:\windows\JM\JMInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-09-10 12:53 1312080 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-11 11:06 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-04-12 09:33 16132608 ----a-r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-29 16:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2003-09-29 15:39 155648 ----a-w- c:\program files\WinFast\WFTVFM\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Cas\\ParadiseCasino\\casino.exe"=
"c:\\Program Files\\Call of Duty Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Call of Duty Modern Warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Call of Duty Modern Warfare 2\\iw4mp.dat"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pe3aqagb;Cobra 11 Environment Driver (pe3aqagb);c:\windows\system32\drivers\pe3aqagb.sys [28.1.2008 17:55 64624]
R0 pf2aqagb;Cobra 11 File System Driver (pf2aqagb);c:\windows\system32\drivers\pf2aqagb.sys [28.1.2008 17:55 83568]
R0 ps7aqagb;Cobra 11 Synchronization Driver (ps7aqagb);c:\windows\system32\drivers\ps7aqagb.sys [28.1.2008 17:54 68216]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 7:51 277736]
R2 BT848;WinFast VC100 WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [7.1.2009 11:48 76325]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 15:47 731840]
R2 Tv2kXbar;WinFast VC100 WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [7.1.2009 11:49 10005]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.11.2008 10:16 717296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 pr2aqagb;Cobra 11 Drivers Auto Removal (pr2aqagb);c:\windows\system32\pr2aqagb.exe svc --> c:\windows\system32\pr2aqagb.exe svc [?]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [7.11.2008 23:16 197908]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [7.11.2008 23:16 10405]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [7.11.2008 23:16 34422]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [13.11.2008 15:49 6085]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
.
------- Doplňkový sken -------
.
uStart Page =
mWindow Title =
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Lukáš\Data aplikací\Mozilla\Firefox\Profiles\y6oatlgg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - component: c:\documents and settings\Lukáš\Data aplikací\Mozilla\Firefox\Profiles\y6oatlgg.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
FF - component: c:\documents and settings\Lukáš\Data aplikací\Mozilla\Firefox\Profiles\y6oatlgg.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-484763869-1409082233-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-484763869-1409082233-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:38,80,6a,12,05,ce,1b,04,ac,95,4e,71,c5,06,c4,12,37,55,d6,87,e7,
94,fb,75,e7,96,6d,3b,b7,1f,1e,87,aa,ea,75,31,09,89,b8,f5,82,a3,86,2e,06,ed,\
"rkeysecu"=hex:bc,3f,c4,f8,42,21,02,d6,26,43,73,39,13,70,4b,dc
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(3364)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Celkový čas: 2010-09-21 20:35:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-21 18:35
ComboFix2.txt 2010-09-21 15:32
ComboFix3.txt 2010-09-21 13:47

Před spuštěním: Volných bajtů: 38 791 352 320
Po spuštění: Volných bajtů: 38 776 307 712

Current=4 Default=4 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - C5A0CBDD65571896F257446E9AF85C72

Odinstalujte všechny emulátory virtuálních mechanik.

Obrázek

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Obrázek

Start > Spustit (Win + R)

Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

Klikněte na OK

Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

Omlouvam se za spozdeni. Nebyl jsem vubec u pc. Tady davam ty logy.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

GMER

1.log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-09-21 20:57:42
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\LUK~1\LOCALS~1\Temp\awdiaaod.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

---- EOF - GMER 1.0.15 ----

2.log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-24 15:01:35
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\LUK~1\LOCALS~1\Temp\awdiaaod.sys

---- System - GMER 1.0.15 ----

SSDT 8A0F8580 ZwAssignProcessToJobObject
SSDT 8A0F9100 ZwDebugActiveProcess
SSDT 8A0F8B30 ZwDuplicateObject
SSDT 8A0F7CC0 ZwOpenProcess
SSDT 8A0F7FC0 ZwOpenThread
SSDT 8A0F89C0 ZwProtectVirtualMemory
SSDT 8A0F8860 ZwSetContextThread
SSDT 8A0F86E0 ZwSetInformationThread
SSDT 8A0F5700 ZwSetSecurityObject
SSDT 8A0F8420 ZwSuspendProcess
SSDT 8A0F82C0 ZwSuspendThread
SSDT 8A0F7E50 ZwTerminateProcess
SSDT 8A0F8150 ZwTerminateThread
SSDT 8A0F8F50 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.xreloc C:\WINDOWS\system32\drivers\ps7aqagb.sys unknown last section [0xB9F47000, 0x9F4, 0x40000040]
.text C:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xB8F33000, 0x253E67, 0xE8000020]
.reloc C:\WINDOWS\system32\drivers\acedrv11.sys section is executable [0xA80A2600, 0x25B0C, 0xE0000060]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA8043300, 0x3AF78, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA3E8300, 0x1BCE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[652] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Mozilla Firefox\firefox.exe[792] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3180] USER32.dll!TrackPopupMenu 77D84F16 5 Bytes JMP 103FDDE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0A 0x4C 0xF2 0xFE ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x63 0x84 0x95 0xC0 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDD 0x28 0x58 0x18 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9C 0x81 0xA0 0x52 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x8F 0x07 0x4F 0x4B ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x3E 0x2A 0xAD 0xF4 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x89 0x41 0x46 0xC0 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x24 0x03 0xB9 0x2B ...
Reg HKLM\SYSTEM\ControlSet002\Services\CiSvc\Enum@0 Root\LEGACY_CISVC\0000
Reg HKLM\SYSTEM\ControlSet002\Services\CiSvc\Enum@Count 1
Reg HKLM\SYSTEM\ControlSet002\Services\CiSvc\Enum@NextInstance 1
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\DriverScanner@AutoBackupLogFiles 0
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\DriverScanner@MaxSize 524288
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\DriverScanner@Retention 604800
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\DriverScanner@Sources UniblueCommon?DriverScanner?
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\DriverScanner@File %SystemRoot%\System32\config\DriverScanner.evt
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\DriverScanner\UniblueCommon (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\DriverScanner\UniblueCommon@EventMessageFile C:\Program Files\Uniblue\DriverScanner\UniblueCommon.dll
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\DriverScanner\UniblueCommon@TypesSupported 7
Reg HKLM\SYSTEM\ControlSet002\Services\napagent\LocalConfig\Enroll\HcsGroups (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System@clr_optimization_v4.0.30319_32-1 V4.0|Action=Block|Dir=In|App=C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe|Svc=clr_optimization_v4.0.30319_32|Name=Block traffic for clr_optimization_v4.0.30319_32|
Reg HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System@clr_optimization_v4.0.30319_32-2 V4.0|Action=Block|Dir=Out|App=C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe|Svc=clr_optimization_v4.0.30319_32|Name=Block traffic for clr_optimization_v4.0.30319_32|
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0A 0x4C 0xF2 0xFE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x63 0x84 0x95 0xC0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDD 0x28 0x58 0x18 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9C 0x81 0xA0 0x52 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x8F 0x07 0x4F 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x3E 0x2A 0xAD 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x89 0x41 0x46 0xC0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x24 0x03 0xB9 0x2B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x63 0x35 0x66 0x57 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0A 0x4C 0xF2 0xFE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBF 0x6E 0x45 0x77 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0x49 0xCF 0x67 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBC 0xB6 0xBD 0x91 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x28 0xE0 0x78 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x57 0xE1 0x8E 0x14 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0A 0x4C 0xF2 0xFE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x63 0x84 0x95 0xC0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x50 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7A 0x93 0x92 0x5F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDD 0x28 0x58 0x18 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9C 0x81 0xA0 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x8F 0x07 0x4F 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x3E 0x2A 0xAD 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x82 0x5C 0x21 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x89 0x41 0x46 0xC0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x24 0x03 0xB9 0x2B ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x57 0xE1 0x8E 0x14 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0A 0x4C 0xF2 0xFE ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x63 0x84 0x95 0xC0 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x50 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7A 0x93 0x92 0x5F ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDD 0x28 0x58 0x18 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9C 0x81 0xA0 0x52 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x8F 0x07 0x4F 0x4B ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x3E 0x2A 0xAD 0xF4 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x82 0x5C 0x21 0x62 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x89 0x41 0x46 0xC0 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x24 0x03 0xB9 0x2B ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x57 0xE1 0x8E 0x14 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0A 0x4C 0xF2 0xFE ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x63 0x84 0x95 0xC0 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x50 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7A 0x93 0x92 0x5F ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDD 0x28 0x58 0x18 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9C 0x81 0xA0 0x52 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x8F 0x07 0x4F 0x4B ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x3E 0x2A 0xAD 0xF4 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x82 0x5C 0x21 0x62 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x89 0x41 0x46 0xC0 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x24 0x03 0xB9 0x2B ...

---- EOF - GMER 1.0.15 ----

Dobrý večer, záskok za kolegu

Jak to vypadá s počítačem?

Dobry den. Pc je lepsi ale neni to jeste porad ono.

Nevím, co jste všechno s kolegou dělali. Dnes by se měl večer již ukázat na foru, tak to nechám na něm

.

Ale pokud jste nedělali mbam

, tak mi klikněte do podpisu a udělejte ho

Toto jsme jeste nedelali.

Tady je vysledek

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4712

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

28.9.2010 19:45:56
mbam-log-2010-09-28 (19-45-56).txt

Typ skenu: Rychlý sken
Skenované objekty: 152494
Uplynulý čas: 5 minuta(y), 28 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\EWABQAF7KL (Trojan.FakeAlert) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Zdravím

Vše smažte a dejte úplný sken, log vložte sem.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4712

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

28.9.2010 20:34:40
mbam-log-2010-09-28 (20-34-40).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 242961
Uplynulý čas: 34 minuta(y), 30 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Documents and Settings\Lukáš\Plocha\Phx_data\Res\EmuCfg.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Lukáš\Plocha\Phx_data\Res\GCFMgr.exe (Trojan.Agent) -> No action taken.

VIRY.CZ

Prosim o kontrolu logu.

Re: Prosim o kontrolu logu.

Re: Prosim o kontrolu logu.

Re: Prosim o kontrolu logu.

Re: Prosim o kontrolu logu.

Re: Prosim o kontrolu logu.

Re: Prosim o kontrolu logu.

Re: Prosim o kontrolu logu.

Re: Prosim o kontrolu logu.

Re: Prosim o kontrolu logu.

Re: Prosim o kontrolu logu.

Re: Prosim o kontrolu logu.

Re: Prosim o kontrolu logu.

Re: Prosim o kontrolu logu.

Re: Prosim o kontrolu logu.

Re: Prosim o kontrolu logu.