Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

worman (KONTROLA LOGOV) NOVÉ ..

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Uživatelský avatar
riffman
VIP
VIP
Příspěvky: 3203
Registrován: 20 říj 2004 07:00
Bydliště: České Budějovice
Kontaktovat uživatele:
Kontaktovat uživatele riffman

Re: worman (KONTROLA LOGOV)

#46 Příspěvek od riffman »

jo, jenom domazeme neplatny bejkarny:

pokud jste tak jeste neucinil, presunte Combofix na plochu

otevrete si Poznamkovy blok

do nej zkopirujte skript z nasledujiciho okna:

Kód: Vybrat vše

Driver::
JNS
KKGLMLO
YBZNHXLKK
ulozte vami vytvoreny textovy soubor jako CFScript.txt na plochu

po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:

Obrázek

po aplikaci by na vas mel vybafnout dalsi log, vlozte jej sem :)

Upozorneni: je mozne, ze po aplikaci skriptu a restartu nenabehnou Windows, v takovem pripade znovu restartujte, po restartu mackejte F8 a zvolte Posledni znamou fukncni konfiguraci :)
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Nahoru
worman
Návštěvník
Návštěvník
Příspěvky: 66
Registrován: 29 črc 2005 10:19
Bydliště: Europe

Re: worman (KONTROLA LOGOV)

#47 Příspěvek od worman »

V tom skopirovanom kode ma byt aj to "Driver"? Predtym som to tam nedal :|
Obrázek
Obrázek
Nahoru
Uživatelský avatar
riffman
VIP
VIP
Příspěvky: 3203
Registrován: 20 říj 2004 07:00
Bydliště: České Budějovice
Kontaktovat uživatele:
Kontaktovat uživatele riffman

Re: worman (KONTROLA LOGOV)

#48 Příspěvek od riffman »

ja jsem to tam taky prehlid :o ale jsou to jenom zbytky, tak se nedeste :)
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Nahoru
worman
Návštěvník
Návštěvník
Příspěvky: 66
Registrován: 29 črc 2005 10:19
Bydliště: Europe

Re: worman (KONTROLA LOGOV)

#49 Příspěvek od worman »

ComboFix 08-10-30.13 - Pekowski 2008-10-31 17:30:59.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1033.18.1004 [GMT 1:00]
Running from: C:\Users\Pekowski\Desktop\ComboFix.exe
Command switches used :: C:\Users\Pekowski\Desktop\CFScript.txt.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-31 )))))))))))))))))))))))))))))))
.

2008-10-31 17:24 . 2008-10-31 17:24 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-10-31 17:24 . 2008-10-31 17:24 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-10-31 17:23 . 2008-10-31 17:23 <DIR> d-------- C:\Users\Pekowski\AppData\Roaming\SUPERAntiSpyware.com
2008-10-31 17:23 . 2008-10-31 17:23 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-10-31 17:22 . 2008-10-31 17:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-30 12:20 . 2008-10-31 16:00 <DIR> d-------- C:\Program Files\Crawler
2008-10-30 11:55 . 2008-10-30 12:00 <DIR> d-------- C:\Program Files\Anti Trojan Elite
2008-10-29 22:34 . 2008-10-30 01:49 <DIR> d-------- C:\Program Files\SmartShopper
2008-10-28 18:37 . 2008-08-12 04:39 443,392 --a------ C:\Windows\System32\win32spl.dll
2008-10-28 18:37 . 2008-09-18 05:56 147,456 --a------ C:\Windows\System32\Faultrep.dll
2008-10-28 18:37 . 2008-09-18 05:56 125,952 --a------ C:\Windows\System32\wersvc.dll
2008-10-22 23:09 . 2008-08-05 10:49 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-10-22 23:09 . 2008-08-05 10:49 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-10-22 23:09 . 2008-08-05 10:48 217,088 --a------ C:\Windows\System32\psisrndr.ax
2008-10-22 23:09 . 2008-08-05 10:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax
2008-10-22 23:09 . 2008-08-05 10:48 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-10-18 21:33 . 2008-10-18 21:33 <DIR> d-------- C:\Program Files\KONAMI
2008-10-15 22:37 . 2008-09-18 06:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 22:37 . 2008-09-18 06:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 22:37 . 2008-09-18 03:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-15 22:37 . 2008-10-02 02:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-15 22:37 . 2008-10-02 04:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-15 22:37 . 2008-08-27 02:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-02 19:21 . 2008-10-02 19:21 <DIR> d-------- C:\Users\Pekowski\AppData\Roaming\vlc
2008-10-02 18:07 . 2008-10-02 18:07 <DIR> d-------- C:\Program Files\VideoLAN
2008-09-30 21:02 . 2008-10-01 13:34 <DIR> d-------- C:\Program Files\EA GAMES
2008-09-26 08:08 . 2008-09-26 08:08 <DIR> d-------- C:\Windows\PCHEALTH
2008-09-26 08:08 . 2008-09-26 08:08 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-26 08:06 . 2008-09-26 08:06 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-09-26 08:02 . 2008-09-26 08:02 <DIR> dr-h----- C:\MSOCache
2008-09-22 19:02 . 2008-09-22 19:05 <DIR> d-a------ C:\Users\All Users\TEMP
2008-09-22 19:02 . 2008-09-22 19:05 <DIR> d-a------ C:\ProgramData\TEMP
2008-09-20 15:09 . 2008-10-30 12:01 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-09-20 15:09 . 2008-10-30 12:01 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-09-20 15:09 . 2008-10-30 12:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-20 14:56 . 2008-10-31 12:22 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-09-20 14:56 . 2008-09-22 16:37 97,928 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-09-20 14:56 . 2008-09-22 16:38 69,128 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-09-20 14:56 . 2008-09-22 16:37 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-09-20 14:55 . 2008-09-20 14:55 <DIR> d-------- C:\Program Files\AVG
2008-09-10 19:04 . 2008-07-31 02:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 19:04 . 2008-08-02 02:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 19:04 . 2008-06-26 04:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 19:04 . 2008-06-26 04:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 19:04 . 2008-05-08 20:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 19:04 . 2008-05-20 03:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 19:04 . 2008-06-26 04:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 19:04 . 2008-08-02 04:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-10 19:04 . 2008-07-31 04:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-01 21:19 . 2008-09-01 21:22 <DIR> d-------- C:\Users\Pekowski\AppData\Roaming\DivX
2008-09-01 21:18 . 2008-10-29 21:54 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-09-01 21:17 . 2008-10-29 21:55 <DIR> d-------- C:\Program Files\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-30 16:28 --------- d-----w C:\Users\Pekowski\AppData\Roaming\uTorrent
2008-10-29 20:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-16 01:09 --------- d-----w C:\Program Files\Windows Mail
2008-09-26 07:12 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-26 07:10 --------- d-----w C:\Program Files\MSBuild
2008-09-26 07:10 --------- d-----w C:\Program Files\Microsoft Works
2008-09-25 13:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-23 16:08 --------- d-----w C:\Program Files\ICQ6
2008-09-20 13:55 --------- d-----w C:\ProgramData\Avg8
2008-09-14 19:46 --------- d-----w C:\ProgramData\CyberLink
2008-09-14 19:46 --------- d-----w C:\Program Files\CyberLink
2008-09-14 12:57 --------- d-----w C:\Program Files\SopCast
2008-09-06 20:17 --------- d-----w C:\Users\Pekowski\AppData\Roaming\ICQ
2008-08-30 21:12 --------- d-----w C:\Program Files\Acer Inc
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-25 08:34 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-07-23 16:50 129,784 ------w C:\Windows\System32\pxafs.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-06-18 05:13 174 --sha-w C:\Program Files\desktop.ini
2008-06-10 08:45 56 ---ha-w C:\Users\All Users\ezsidmv.dat
2008-06-10 08:45 56 ---ha-w C:\ProgramData\ezsidmv.dat
.

((((((((((((((((((((((((((((( snapshot@2008-10-31_12.16.35,10 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-31 09:51:24 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-31 16:21:42 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-10-31 09:54:37 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-10-31 16:22:44 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-10-31 11:15:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-10-31 16:34:56 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-10-31 11:09:13 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-31 11:20:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-31 11:09:18 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008103120081101\index.dat
+ 2008-10-31 11:23:43 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008103120081101\index.dat
- 2008-10-31 11:09:13 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-31 11:20:54 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-31 11:09:13 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-31 11:20:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-31 11:11:46 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-10-31 16:30:37 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-10-31 09:55:45 101,250 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-31 16:27:34 101,250 ----a-w C:\Windows\System32\perfc009.dat
- 2008-10-31 09:55:45 587,178 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-31 16:27:34 587,178 ----a-w C:\Windows\System32\perfh009.dat
- 2008-10-31 09:56:07 14,536 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-15284500-3642714716-381978655-1000_UserData.bin
+ 2008-10-31 16:23:37 14,886 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-15284500-3642714716-381978655-1000_UserData.bin
- 2008-10-31 09:56:06 89,716 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-31 16:23:37 89,886 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-10-20 18:16:08 2,594 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-10-31 16:20:20 4,248 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-10-31 09:56:05 55,668 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-31 16:23:36 55,740 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 464168]
"BisonInst0402"="C:\Windows\BR040286.exe" [2007-05-09 69632]
"eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [2007-02-09 13312]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2008-01-19 227840]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 C:\Windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

C:\Users\Pekowski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll,avgrsstx.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
--a------ 2007-01-17 17:01 151552 C:\Acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-09-01 16:08 173304 C:\Program Files\ICQ6\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 16:07 1828136 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2006-12-08 09:24 614400 C:\PROGRA~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 15:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 02:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 03:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
--a------ 2008-01-29 17:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2004-11-22 16:18 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
--a------ 2006-11-05 21:48 57344 C:\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 08:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{99692A0A-9C86-4529-A6AB-EFA136359B76}"= UDP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{32D1BF4D-9708-4ADF-B4DE-31A54FB8B874}"= TCP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{3F9FACDB-6163-42A9-82C8-70F2168372CA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FD99441F-1A85-47BC-8E1E-A1017C822B1C}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{431DE57B-1584-409D-B555-EA1101BB014A}C:\\program files\\icqlite\\icqlite.exe"= UDP:C:\program files\icqlite\icqlite.exe:ICQLite
"UDP Query User{8EF417C5-0849-4BC6-AD47-6BE6894B3369}C:\\program files\\icqlite\\icqlite.exe"= TCP:C:\program files\icqlite\icqlite.exe:ICQLite
"{8E9668B5-5AB7-4697-B9C7-D3E4AA4EB03E}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{03A4C476-8B33-4438-8A19-A14940E0C22B}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{452F5721-3071-4180-80F8-E00C174033F2}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{FFF90095-B635-42BB-A748-B057B90B9083}C:\\my programs\\nhl\\fifa_mirc\\fifa_mirc\\mirc.exe"= UDP:C:\my programs\nhl\fifa_mirc\fifa_mirc\mirc.exe:mIRC
"UDP Query User{907B1AD5-1C77-4F39-A752-599A0DB62DCC}C:\\my programs\\nhl\\fifa_mirc\\fifa_mirc\\mirc.exe"= TCP:C:\my programs\nhl\fifa_mirc\fifa_mirc\mirc.exe:mIRC
"TCP Query User{D4D2F1F5-570A-4F06-A0EF-74BAE6D4C0D7}C:\\my programs\\nhl\\fifa_mirc\\fifa_mirc\\mirc.exe"= UDP:C:\my programs\nhl\fifa_mirc\fifa_mirc\mirc.exe:mIRC
"UDP Query User{570FD367-263D-4F47-81C0-5A0071C4A8A5}C:\\my programs\\nhl\\fifa_mirc\\fifa_mirc\\mirc.exe"= TCP:C:\my programs\nhl\fifa_mirc\fifa_mirc\mirc.exe:mIRC
"TCP Query User{3605FA54-6B73-4EE1-B1B1-F68105ADBE5C}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{360E7E02-41B8-426F-AB8E-0D2F5DC8E6A9}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{267AD6DC-F40F-4E9C-9E8A-D31557C4E8FF}D:\\instal games\\3do\\heroes3\\heroes3.exe"= UDP:D:\instal games\3do\heroes3\heroes3.exe:Heroes of Might and Magic® III
"UDP Query User{1E184511-8018-43B4-B6DD-89D1FEBE49FC}D:\\instal games\\3do\\heroes3\\heroes3.exe"= TCP:D:\instal games\3do\heroes3\heroes3.exe:Heroes of Might and Magic® III
"TCP Query User{EB91A035-D785-4D52-A0D1-3D167A8D05E7}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{F5545B6A-DAD2-45D3-B1E3-DAEACCD21D96}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"{51611557-BCA8-4CDD-9DB7-E502F5C40F57}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{58BCD144-8F9C-4402-B931-487A79115D90}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{A3218522-07F2-4A40-857D-D3CB87CECC1F}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{2C79D543-5C2F-4773-8701-D28C6D43FEA6}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{91534AD3-CDB9-4ED4-97E0-60D1B3683008}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{CE4D34C2-4D80-4542-9508-CE9B74CB8A57}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{93FE2FB2-E2AD-4FA7-9F42-0B640504873A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{821514BB-4EF0-4554-98B5-AF030708EDBB}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{B85AF630-12FD-40BD-99CE-9B085AE44E6C}C:\\my programs\\nhl\\irc\\mirc.exe"= UDP:C:\my programs\nhl\irc\mirc.exe:mIRC
"UDP Query User{B452DAFA-AD6D-42CA-AA08-75F01D849F08}C:\\my programs\\nhl\\irc\\mirc.exe"= TCP:C:\my programs\nhl\irc\mirc.exe:mIRC
"TCP Query User{F628FB9B-63C1-4DC8-B161-6BB4BE18E29C}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{223D24B6-6A09-4DE7-AE79-1B9FBBA2734E}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{25E12809-B89B-4882-8688-EF5FB0CE7A8A}"= UDP:C:\My Programs\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{6188EAFF-18BF-462E-BEDF-63CDB2916C81}"= TCP:C:\My Programs\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"TCP Query User{260A9EC7-06A4-4419-B2C7-C3B18ECEB344}C:\\users\\pekowski\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\pekowski\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{0D1C1ED7-1917-43DB-85BC-C34D1E9E4EA8}C:\\users\\pekowski\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\pekowski\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{EA8BC839-14AC-4B3B-92EF-66F2B8835279}C:\\my programs\\nhl\\irc\\mirc.exe"= UDP:C:\my programs\nhl\irc\mirc.exe:mIRC
"UDP Query User{4DA1BBBD-58A5-48B3-B05F-ECE182F3E2C5}C:\\my programs\\nhl\\irc\\mirc.exe"= TCP:C:\my programs\nhl\irc\mirc.exe:mIRC
"{50F0699F-0385-4FBE-8A8A-5C2A29D99B0C}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{7DC77EE6-6BE7-44AF-A6E7-24563CCE2C1C}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{95106BE4-2877-4C2A-9685-A16FD3BB60AC}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{82DE3A49-2E68-4BD1-A61F-00B33768E6C1}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{FD080D91-69A9-434D-AEBF-2FB719B17843}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{579D20D8-5205-4D37-92E6-27D8C9D8D62E}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher
"TCP Query User{2227DCAB-5CCB-43C0-8962-EBA93D44E133}C:\\users\\pekowski\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\pekowski\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{34A77338-EE99-43A4-A1FA-8E2C0FE645F7}C:\\users\\pekowski\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\pekowski\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{F739FA14-E76C-4893-B261-3AB07D15C793}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast
"UDP Query User{C16E976D-8934-46F2-8B27-BB7B321BD52F}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast
"TCP Query User{519707E6-561A-40CF-869B-FA6CDE6FD505}C:\\world of warcraft\\wow-2.4.2-engb-downloader.exe"= UDP:C:\world of warcraft\wow-2.4.2-engb-downloader.exe:Blizzard Downloader
"UDP Query User{7B5D71BF-D458-4FBF-9EAE-291A5A56D5F8}C:\\world of warcraft\\wow-2.4.2-engb-downloader.exe"= TCP:C:\world of warcraft\wow-2.4.2-engb-downloader.exe:Blizzard Downloader
"TCP Query User{D738D6E8-0FBA-4B79-B9A2-26D9540701CC}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{CBD801A9-D7FA-4DF7-B218-407980532F89}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{ED751B80-F492-4BB8-8552-43396A750533}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{C1ACB985-F01A-4F7D-9FA7-F8083AF18DBE}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"{BE402F41-A8C0-41A9-979C-310AF1C0F6B2}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{FBF9A3EF-B6FB-4530-AA78-D407F28E8B76}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"TCP Query User{B7A8BCAF-0034-4E00-B886-A5AB7F996A43}C:\\program files\\anno 1701\\anno1701.exe"= UDP:C:\program files\anno 1701\anno1701.exe:Anno 1701
"UDP Query User{C61FE430-4D67-4D35-BEF5-33372799B64F}C:\\program files\\anno 1701\\anno1701.exe"= TCP:C:\program files\anno 1701\anno1701.exe:Anno 1701
"{9781EA11-859A-41CC-8A1F-DEE3618970CA}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9CFDB5DA-8F77-4D74-BEE2-DBDB08F31815}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{1C213D13-B236-44ED-9D6C-CA058BEFABF8}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{49A33802-4364-43A0-A9B7-5900AB13686B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7282253C-AEBD-4EBF-B503-32D1BFBA1A91}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D88E3DEC-262F-460B-9CF9-52B0A1826418}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{13E00C74-3192-4A40-ADEF-0643F30A574B}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 20264]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 16680]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 60712]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-09-22 97928]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-22 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-22 231704]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-06 2464768]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-09-22 69128]
S3 JNS;JNS;C:\Users\Pekowski\AppData\Local\Temp\JNS.exe [ ]
S3 KKGLMLO;KKGLMLO;C:\Users\Pekowski\AppData\Local\Temp\KKGLMLO.exe [ ]
S3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
S3 YBZNHXLKK;YBZNHXLKK;C:\Users\Pekowski\AppData\Local\Temp\YBZNHXLKK.exe [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12dab9d5-f9b0-11dc-8e41-001b38218ea9}]
\shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb954b22-8f29-11dd-9684-001b38218ea9}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASENUM
*Newly Created Service* - SASKUTIL
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 17:35:05
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-31 17:36:39
ComboFix-quarantined-files.txt 2008-10-31 16:36:34
ComboFix2.txt 2008-10-31 15:10:30
ComboFix3.txt 2008-10-31 11:17:36

Pre-Run: 31 967 547 392 bytes free
Post-Run: 31,843,016,704 bytes free

309 --- E O F --- 2008-10-30 19:55:07
Obrázek
Obrázek
Nahoru
Uživatelský avatar
riffman
VIP
VIP
Příspěvky: 3203
Registrován: 20 říj 2004 07:00
Bydliště: České Budějovice
Kontaktovat uživatele:
Kontaktovat uživatele riffman

Re: worman (KONTROLA LOGOV)

#50 Příspěvek od riffman »

neco je blbe, je to tam furt...

stahnete GMER , rozbalte a spustte

probehne sken, po jehoz ukonceni na vas bafnou vysledky

pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte

v pripade potizi je tady k dispozici navod :)
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Nahoru
worman
Návštěvník
Návštěvník
Příspěvky: 66
Registrován: 29 črc 2005 10:19
Bydliště: Europe

Re: worman (KONTROLA LOGOV)

#51 Příspěvek od worman »

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-01 08:49:19
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.14 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x8C8BBF20]

INT 0x92 ? 842C5BF8
INT 0xA2 ? 842C5BF8
INT 0xB2 ? 842C5BF8
INT 0xB3 ? 85D46BF8
INT 0xB3 ? 85D46BF8
INT 0xB3 ? 85D46BF8
INT 0xB3 ? 85D46BF8

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!KeSetTimerEx + 854 822CCE18 4 Bytes [ 20, BF, 8B, 8C ]
? System32\Drivers\spcq.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload 8C19E46F 5 Bytes JMP 85D461D8
.text a9mp8xd5.SYS 87795000 22 Bytes [ 26, 42, 5D, 82, 10, 41, 5D, ... ]
.text a9mp8xd5.SYS 87795017 159 Bytes [ 00, 32, 07, 51, 87, 3D, 05, ... ]
.text a9mp8xd5.SYS 877950B7 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text a9mp8xd5.SYS 877950CE 80 Bytes [ 00, 00, 26, 00, 00, 00, E0, ... ]
.text a9mp8xd5.SYS 8779511F 194 Bytes [ 7E, 38, 40, 39, 82, 3B, C4, ... ]
.text ...

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [874076D2] \SystemRoot\System32\Drivers\spcq.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [87407040] \SystemRoot\System32\Drivers\spcq.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [874077FC] \SystemRoot\System32\Drivers\spcq.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [874070BE] \SystemRoot\System32\Drivers\spcq.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8740713C] \SystemRoot\System32\Drivers\spcq.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [87417048] \SystemRoot\System32\Drivers\spcq.sys
IAT \SystemRoot\System32\Drivers\a9mp8xd5.SYS[ataport.SYS!AtaPortNotification] F73BFF33
IAT \SystemRoot\System32\Drivers\a9mp8xd5.SYS[ataport.SYS!AtaPortWritePortUchar] B85F0B75
IAT \SystemRoot\System32\Drivers\a9mp8xd5.SYS[ataport.SYS!AtaPortWritePortUlong] FFFFFFFE
IAT \SystemRoot\System32\Drivers\a9mp8xd5.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 08C25D5E
IAT \SystemRoot\System32\Drivers\a9mp8xd5.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 5D8B5300
IAT \SystemRoot\System32\Drivers\a9mp8xd5.SYS[ataport.SYS!AtaPortGetScatterGatherList] 74DF3B0C
IAT \SystemRoot\System32\Drivers\a9mp8xd5.SYS[ataport.SYS!AtaPortReadPortUchar] 01FB8311
IAT \SystemRoot\System32\Drivers\a9mp8xd5.SYS[ataport.SYS!AtaPortStallExecution] 5F5B0C74
IAT \SystemRoot\System32\Drivers\a9mp8xd5.SYS[ataport.SYS!AtaPortGetParentBusType] FFFFFEB8
IAT \SystemRoot\System32\Drivers\a9mp8xd5.SYS[ataport.SYS!AtaPortRequestCallback] C25D5EFF
IAT \SystemRoot\System32\Drivers\a9mp8xd5.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 7E390008
IAT \SystemRoot\System32\Drivers\a9mp8xd5.SYS[ataport.SYS!AtaPortGetUnCachedExtension] C7077524
IAT \SystemRoot\System32\Drivers\a9mp8xd5.SYS[ataport.SYS!AtaPortCompleteRequest] 31642446
IAT \SystemRoot\System32\Drivers\a9mp8xd5.SYS[ataport.SYS!AtaPortMoveMemory] 7E39877A
IAT \SystemRoot\System32\Drivers\a9mp8xd5.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] C7077528
IAT \SystemRoot\System32\Drivers\a9mp8xd5.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 31902846
IAT \SystemRoot\System32\Drivers\a9mp8xd5.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 468B877A
IAT \SystemRoot\System32\Drivers\a9mp8xd5.SYS[ataport.SYS!AtaPortReadPortUshort] 244E8B2C
IAT \SystemRoot\System32\Drivers\a9mp8xd5.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7468016A
IAT \SystemRoot\System32\Drivers\a9mp8xd5.SYS[ataport.SYS!AtaPortInitialize] 500000FA
IAT \SystemRoot\System32\Drivers\a9mp8xd5.SYS[ataport.SYS!AtaPortGetDeviceBase] C73BD1FF
IAT \SystemRoot\System32\Drivers\a9mp8xd5.SYS[ataport.SYS!AtaPortDeviceStateChange] 5F5B0C75

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Windows\Explorer.EXE[2412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74B27BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74B698C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74B2D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74B1F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74B27599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74B1E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74B5B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74B2D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74B2012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74B20095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74B171F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74BAD802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74B475E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74B1DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74B1668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74B166BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74B21E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 84C571F8
Device \FileSystem\udfs \UdfsCdRom 85B471F8
Device \FileSystem\udfs \UdfsDisk 85B471F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 842C71F8
Device \Driver\PCI_PNP5952 \Device\00000050 spcq.sys
Device \Driver\usbohci \Device\USBPDO-0 85AE31F8
Device \Driver\usbohci \Device\USBPDO-1 85AE31F8
Device \Driver\usbehci \Device\USBPDO-2 85AC01F8
Device \Driver\netbt \Device\NetBT_Tcpip_{22477F51-8738-4F32-A1E3-7E8CFBF27AB9} 8612F500
Device \Driver\netbt \Device\NetBT_Tcpip_{273C7CE9-7987-4A21-B9BB-A76F50F33FE1} 8612F500
Device \Driver\volmgr \Device\HarddiskVolume1 842C71F8
Device \Driver\volmgr \Device\HarddiskVolume2 842C71F8
Device \Driver\cdrom \Device\CdRom0 85AF71F8
Device \Driver\volmgr \Device\HarddiskVolume3 842C71F8
Device \Driver\cdrom \Device\CdRom1 85AF71F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84C561F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 84C561F8
Device \Driver\atapi \Device\Ide\IdePort0 84C561F8
Device \Driver\atapi \Device\Ide\IdePort1 84C561F8
Device \Driver\atapi \Device\Ide\IdePort2 84C561F8
Device \Driver\atapi \Device\Ide\IdePort3 84C561F8
Device \Driver\netbt \Device\NetBt_Wins_Export 8612F500
Device \Driver\Smb \Device\NetbiosSmb 8620F1F8
Device \Driver\iScsiPrt \Device\RaidPort0 84C281F8
Device \Driver\usbohci \Device\USBFDO-0 85AE31F8
Device \Driver\usbohci \Device\USBFDO-1 85AE31F8
Device \Driver\usbehci \Device\USBFDO-2 85AC01F8
Device \Driver\sptd \Device\780919702 spcq.sys
Device \Driver\a9mp8xd5 \Device\Scsi\a9mp8xd51Port5Path0Target0Lun0 84C26500
Device \Driver\a9mp8xd5 \Device\Scsi\a9mp8xd51 84C26500
Device \FileSystem\cdfs \Cdfs 85A041F8

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0A 0x90 0xD9 0x42 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x24 0x08 0xC1 0xFE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x09 0x44 0xFF 0x44 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0A 0x90 0xD9 0x42 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x24 0x08 0xC1 0xFE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x09 0x44 0xFF 0x44 ...

---- EOF - GMER 1.0.14 ----
Obrázek
Obrázek
Nahoru
Uživatelský avatar
riffman
VIP
VIP
Příspěvky: 3203
Registrován: 20 říj 2004 07:00
Bydliště: České Budějovice
Kontaktovat uživatele:
Kontaktovat uživatele riffman

Re: worman (KONTROLA LOGOV)

#52 Příspěvek od riffman »

:?: v mem podpisu najdete odkaz SUPERAntispyware ; stahnete jej a provedte kompletni sken dle navodu v odkazu
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Nahoru
worman
Návštěvník
Návštěvník
Příspěvky: 66
Registrován: 29 črc 2005 10:19
Bydliště: Europe

Re: worman (KONTROLA LOGOV)

#53 Příspěvek od worman »

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/01/2008 at 10:13 AM

Application Version : 4.21.1004

Core Rules Database Version : 3555
Trace Rules Database Version: 1543

Scan type : Complete Scan
Total Scan Time : 00:36:42

Memory items scanned : 635
Memory threats detected : 0
Registry items scanned : 8123
Registry threats detected : 0
File items scanned : 26504
File threats detected : 1
Obrázek
Obrázek
Nahoru
Uživatelský avatar
riffman
VIP
VIP
Příspěvky: 3203
Registrován: 20 říj 2004 07:00
Bydliště: České Budějovice
Kontaktovat uživatele:
Kontaktovat uživatele riffman

Re: worman (KONTROLA LOGOV)

#54 Příspěvek od riffman »

jeden soubor detekovan - smazal jste ho? o jaky soubor slo?
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Nahoru
worman
Návštěvník
Návštěvník
Příspěvky: 66
Registrován: 29 črc 2005 10:19
Bydliště: Europe

Re: worman (KONTROLA LOGOV)

#55 Příspěvek od worman »

Ano vymazal bol oznaceny ako Adware tracking cookies, chcete aj presne cestu kde to bolo? V akom je to vlastne stave co mam zle v PC? :o
Obrázek
Obrázek
Nahoru
Uživatelský avatar
riffman
VIP
VIP
Příspěvky: 3203
Registrován: 20 říj 2004 07:00
Bydliště: České Budějovice
Kontaktovat uživatele:
Kontaktovat uživatele riffman

Re: worman (KONTROLA LOGOV)

#56 Příspěvek od riffman »

prave ze ted uz nic :) protoze SAS to dodelal :)
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Nahoru
worman
Návštěvník
Návštěvník
Příspěvky: 66
Registrován: 29 črc 2005 10:19
Bydliště: Europe

Re: worman (KONTROLA LOGOV)

#57 Příspěvek od worman »

Tak ok a dakujem :) :)
Obrázek
Obrázek
Nahoru
Uživatelský avatar
riffman
VIP
VIP
Příspěvky: 3203
Registrován: 20 říj 2004 07:00
Bydliště: České Budějovice
Kontaktovat uživatele:
Kontaktovat uživatele riffman

Re: worman (KONTROLA LOGOV)

#58 Příspěvek od riffman »

nemate zac :)
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Nahoru
worman
Návštěvník
Návštěvník
Příspěvky: 66
Registrován: 29 črc 2005 10:19
Bydliště: Europe

Re: worman (KONTROLA LOGOV)

#59 Příspěvek od worman »

Dobry den prajem, odvtedy ako sme to dali ze vraj do poriadkuz mam problemy s nacitavanim DVD hier v mojej DVD-romke, napriklad nemozem naistalovat World of Warcraft a ani nespusti sam istalaciu a ked otvorim DVD tak su tam subory instalacne ale nedaju sa mi otvorit su to MPQ subory. Zistil som ze problem je v registroch lebo nikdy mi to nerobilo az teraz potom co sme riesili tych Adware minule. Prosim o pomoc lebo tato hra mi isla na mojom kompiku a teraz mi to nejde lebo naposledy sa urobilo nieco zle:(
Obrázek
Obrázek
Nahoru
Uživatelský avatar
riffman
VIP
VIP
Příspěvky: 3203
Registrován: 20 říj 2004 07:00
Bydliště: České Budějovice
Kontaktovat uživatele:
Kontaktovat uživatele riffman

Re: worman (KONTROLA LOGOV)

#60 Příspěvek od riffman »

http://www.viry.cz/forum/viewtopic.php?t=17549 - nekde je tam navod jak opravit problemy s mechanikama
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“