Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Scan Rsit,prosim o zkontrolovani
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Scan Rsit,prosim o zkontrolovani
Prosim o z kontrolovani scanu,dekuji.
Re: Scan Rsit,prosim o zkontrolovani
Logfile of random's system information tool 1.06 (written by random/random)
Run by David at 2010-05-01 13:14:21
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 96 GB (20%) free of 477 GB
Total RAM: 3070 MB (61% free)
HijackThis download failed
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-493184601-2494964019-3008129617-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-493184601-2494964019-3008129617-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{AD178CE2-18A5-4B81-9E5B-050DC52D39CE}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\Program Files\ICQToolbar\toolbaru.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
4shared.com Toolbar - C:\Program Files\4shared.com\tb4sha.dll [2009-11-09 2331672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
TorrentMan Toolbar - C:\Program Files\TorrentMan\tbTorr.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-22 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre0.dll [2008-09-15 1784856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2010-03-18 1361208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]
{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre0.dll [2008-09-15 1784856]
{7c5c0f58-e061-457d-9033-77307f5ed00c} - TorrentMan Toolbar - C:\Program Files\TorrentMan\tbTorr.dll []
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-10-14 863688]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll []
{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - 4shared.com Toolbar - C:\Program Files\4shared.com\tb4sha.dll [2009-11-09 2331672]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2010-03-18 1361208]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-04-05 1008184]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-06-25 13535776]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-06-25 92704]
"WinSys2"=C:\Windows\system32\startup.exe [2008-07-09 57344]
"DelReg"=C:\Program Files\MSI\DualCoreCenter\DelReg.exe [2008-05-13 196608]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-02-13 4915200]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"36X Raid Configurer"=C:\Windows\system32\xRaidSetup.exe [2007-11-19 1970176]
"FightBoard"=C:\Program Files\REVOLTEC\FightBoard Advanced 1.00\FightBoard.exe [2006-11-27 2441216]
"NeroCheck"=C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-22 149280]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-02-08 774168]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2009-01-21 92168]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2010-03-17 106496]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-05 1233920]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-12-22 306088]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-04-05 125952]
"Google Update"=C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 135664]
"4shared Desktop"=C:\Program Files\4shared Desktop\desktop.exe [2009-12-07 3632640]
"ajpaggws"=C:\Users\David\AppData\Local\agedawdyq\peirfbltssd.exe [2010-05-01 270080]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
DualCoreCenter.lnk - C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8082172b-bdeb-11dd-8947-0021855aba5b}]
shell\AutoRun\command - F:\autorun.exe
======List of files/folders created in the last 1 months======
2010-05-01 13:14:21 ----D---- C:\rsit
2010-05-01 13:14:21 ----D---- C:\Program Files\trend micro
2010-04-28 04:35:12 ----D---- C:\audiograbber
2010-04-24 11:12:02 ----A---- C:\Windows\system32\AVERM.dll
2010-04-24 11:12:02 ----A---- C:\Windows\system32\AVEQT.dll
2010-04-24 11:12:01 ----D---- C:\Program Files\Ultra MKV Converter
2010-04-24 11:03:50 ----D---- C:\Program Files\mkvtoavi
2010-04-24 10:42:23 ----D---- C:\My video
2010-04-24 10:33:57 ----D---- C:\Program Files\RelevantKnowledge
2010-04-24 10:33:15 ----D---- C:\Program Files\A-one Video Convertor
2010-04-24 10:26:27 ----D---- C:\OutputFolder
2010-04-24 10:20:12 ----D---- C:\Users\David\AppData\Roaming\GetRightToGo
2010-04-24 09:44:47 ----D---- C:\Users\David\AppData\Roaming\Leawo
2010-04-24 09:44:37 ----D---- C:\Program Files\Leawo
2010-04-24 09:10:40 ----A---- C:\test.txt
2010-04-24 09:10:30 ----D---- C:\Users\David\AppData\Roaming\dvdcss
2010-04-24 09:06:51 ----A---- C:\Windows\system32\WNASPI32.DLL
2010-04-24 09:06:50 ----A---- C:\temp.txt
2010-04-24 09:06:49 ----D---- C:\Program Files\3herosoft
2010-04-24 09:04:01 ----D---- C:\Program Files\Convert DVD to AVI
2010-04-23 16:11:51 ----D---- C:\Program Files\Webteh
2010-04-23 16:01:00 ----D---- C:\ProgramData\AVS4YOU
2010-04-23 16:00:45 ----D---- C:\Program Files\Common Files\AVSMedia
2010-04-23 16:00:45 ----A---- C:\Windows\system32\msxml3a.dll
2010-04-23 16:00:45 ----A---- C:\Windows\system32\msvcr70.dll
2010-04-23 16:00:45 ----A---- C:\Windows\system32\msvcp70.dll
2010-04-23 16:00:45 ----A---- C:\Windows\system32\mpg4c32.dll
2010-04-23 16:00:45 ----A---- C:\Windows\system32\mfc70.dll
2010-04-23 16:00:45 ----A---- C:\Windows\system32\mcdvd_32.dll
2010-04-23 16:00:44 ----D---- C:\Program Files\AVS4YOU
2010-04-22 14:48:17 ----D---- C:\ZANETA
2010-04-20 20:11:32 ----D---- C:\ProgramData\SweetIM
2010-04-20 20:11:32 ----D---- C:\Program Files\SweetIM
======List of files/folders modified in the last 1 months======
2010-05-01 13:14:21 ----RD---- C:\Program Files
2010-05-01 13:14:21 ----D---- C:\Windows\Temp
2010-05-01 13:14:21 ----D---- C:\Windows\Prefetch
2010-05-01 13:14:20 ----D---- C:\ProgramData\SKL
2010-05-01 13:14:19 ----D---- C:\Programme
2010-05-01 13:14:19 ----D---- C:\ProgramData\AL
2010-05-01 13:10:32 ----SHD---- C:\$Recycle.Bin
2010-05-01 13:10:15 ----RD---- C:\Users
2010-05-01 13:07:11 ----D---- C:\Windows\System32
2010-05-01 13:07:11 ----D---- C:\Windows\inf
2010-05-01 13:07:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-05-01 12:13:30 ----D---- C:\ProgramData\Spyware Terminator
2010-05-01 12:13:30 ----D---- C:\Program Files\Spyware Terminator
2010-05-01 05:34:20 ----D---- C:\Users\David\AppData\Roaming\4shared Desktop
2010-05-01 00:00:11 ----SHD---- C:\System Volume Information
2010-04-24 10:41:59 ----D---- C:\1
2010-04-24 10:39:01 ----D---- C:\Windows\system32\Tasks
2010-04-24 10:31:17 ----SHD---- C:\Windows\Installer
2010-04-24 09:44:44 ----D---- C:\Windows\winsxs
2010-04-24 09:10:35 ----D---- C:\6
2010-04-24 09:06:51 ----D---- C:\Windows\system32\drivers
2010-04-23 16:01:00 ----HD---- C:\ProgramData
2010-04-23 16:00:48 ----RSD---- C:\Windows\Fonts
2010-04-23 16:00:45 ----D---- C:\Windows
2010-04-23 16:00:45 ----D---- C:\Program Files\Common Files
2010-04-22 21:55:34 ----D---- C:\Users\David\AppData\Roaming\Skype
2010-04-09 19:14:38 ----D---- C:\Program Files\JDownloader
2010-04-03 21:09:26 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-07-19 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-04-05 350720]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 Aspi32;Aspi32; C:\Windows\System32\drivers\aspi32.sys [2009-10-11 16512]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-10-12 281760]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-10-12 25888]
R2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [2006-12-21 90688]
R2 SentinelFilter;SentinelFilter; \??\C:\Program Files\JDownloader\downloads\SURFCAM\SURFCAM\crack\SENTINELFILTER.SYS [2006-11-10 256256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-02-14 2061528]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-06-25 7468544]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 118784]
R3 SAgentDriver;SAgent Driver; \??\C:\Program Files\SoftActivity\SKL\sagendrv.sys [2009-01-07 31088]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2009-01-13 19336]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2009-01-13 49160]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-04-05 83328]
S3 alc9husw;alc9husw; C:\Windows\system32\drivers\alc9husw.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-04-05 5632]
S3 DualCoreCenter;DualCoreCenter; \??\C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys [2008-02-27 28160]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-04-05 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-04-05 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-04-05 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-04-05 6016]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2007-02-03 490784]
S3 RushTopDevice2;RushTopDevice2; \??\C:\Program Files\MSI\DualCoreCenter\RushTop.sys [2008-05-15 56320]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x86\Sandra.sys [2008-10-31 22432]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 systormflb;REVOLTEC FightBoard Advanced; C:\Windows\system32\DRIVERS\systormflb.sys []
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2009-01-13 29192]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2009-01-13 31240]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2009-01-13 14728]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-04-05 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-04-05 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-04-05 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-04-05 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-04-05 21504]
R2 LVPrcSrv;Process Monitor; c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-06-25 118784]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-12-06 66872]
R2 RelevantKnowledge;RelevantKnowledge; C:\Program Files\RelevantKnowledge\rlservice.exe [2009-12-22 49792]
R2 Salsvc;Salsvc; C:\Program Files\SoftActivity\SKL\alsvc.exe [2009-02-17 38768]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe []
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-04-05 21504]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-04-05 33800]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-04-05 523776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe [2008-11-03 98488]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-04-05 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-04-05 917504]
-----------------EOF-----------------
Run by David at 2010-05-01 13:14:21
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 96 GB (20%) free of 477 GB
Total RAM: 3070 MB (61% free)
HijackThis download failed
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-493184601-2494964019-3008129617-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-493184601-2494964019-3008129617-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{AD178CE2-18A5-4B81-9E5B-050DC52D39CE}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\Program Files\ICQToolbar\toolbaru.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
4shared.com Toolbar - C:\Program Files\4shared.com\tb4sha.dll [2009-11-09 2331672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
TorrentMan Toolbar - C:\Program Files\TorrentMan\tbTorr.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-22 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre0.dll [2008-09-15 1784856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2010-03-18 1361208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]
{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre0.dll [2008-09-15 1784856]
{7c5c0f58-e061-457d-9033-77307f5ed00c} - TorrentMan Toolbar - C:\Program Files\TorrentMan\tbTorr.dll []
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-10-14 863688]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll []
{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - 4shared.com Toolbar - C:\Program Files\4shared.com\tb4sha.dll [2009-11-09 2331672]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2010-03-18 1361208]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-04-05 1008184]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-06-25 13535776]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-06-25 92704]
"WinSys2"=C:\Windows\system32\startup.exe [2008-07-09 57344]
"DelReg"=C:\Program Files\MSI\DualCoreCenter\DelReg.exe [2008-05-13 196608]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-02-13 4915200]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"36X Raid Configurer"=C:\Windows\system32\xRaidSetup.exe [2007-11-19 1970176]
"FightBoard"=C:\Program Files\REVOLTEC\FightBoard Advanced 1.00\FightBoard.exe [2006-11-27 2441216]
"NeroCheck"=C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-22 149280]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-02-08 774168]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2009-01-21 92168]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2010-03-17 106496]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-05 1233920]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-12-22 306088]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-04-05 125952]
"Google Update"=C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 135664]
"4shared Desktop"=C:\Program Files\4shared Desktop\desktop.exe [2009-12-07 3632640]
"ajpaggws"=C:\Users\David\AppData\Local\agedawdyq\peirfbltssd.exe [2010-05-01 270080]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
DualCoreCenter.lnk - C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8082172b-bdeb-11dd-8947-0021855aba5b}]
shell\AutoRun\command - F:\autorun.exe
======List of files/folders created in the last 1 months======
2010-05-01 13:14:21 ----D---- C:\rsit
2010-05-01 13:14:21 ----D---- C:\Program Files\trend micro
2010-04-28 04:35:12 ----D---- C:\audiograbber
2010-04-24 11:12:02 ----A---- C:\Windows\system32\AVERM.dll
2010-04-24 11:12:02 ----A---- C:\Windows\system32\AVEQT.dll
2010-04-24 11:12:01 ----D---- C:\Program Files\Ultra MKV Converter
2010-04-24 11:03:50 ----D---- C:\Program Files\mkvtoavi
2010-04-24 10:42:23 ----D---- C:\My video
2010-04-24 10:33:57 ----D---- C:\Program Files\RelevantKnowledge
2010-04-24 10:33:15 ----D---- C:\Program Files\A-one Video Convertor
2010-04-24 10:26:27 ----D---- C:\OutputFolder
2010-04-24 10:20:12 ----D---- C:\Users\David\AppData\Roaming\GetRightToGo
2010-04-24 09:44:47 ----D---- C:\Users\David\AppData\Roaming\Leawo
2010-04-24 09:44:37 ----D---- C:\Program Files\Leawo
2010-04-24 09:10:40 ----A---- C:\test.txt
2010-04-24 09:10:30 ----D---- C:\Users\David\AppData\Roaming\dvdcss
2010-04-24 09:06:51 ----A---- C:\Windows\system32\WNASPI32.DLL
2010-04-24 09:06:50 ----A---- C:\temp.txt
2010-04-24 09:06:49 ----D---- C:\Program Files\3herosoft
2010-04-24 09:04:01 ----D---- C:\Program Files\Convert DVD to AVI
2010-04-23 16:11:51 ----D---- C:\Program Files\Webteh
2010-04-23 16:01:00 ----D---- C:\ProgramData\AVS4YOU
2010-04-23 16:00:45 ----D---- C:\Program Files\Common Files\AVSMedia
2010-04-23 16:00:45 ----A---- C:\Windows\system32\msxml3a.dll
2010-04-23 16:00:45 ----A---- C:\Windows\system32\msvcr70.dll
2010-04-23 16:00:45 ----A---- C:\Windows\system32\msvcp70.dll
2010-04-23 16:00:45 ----A---- C:\Windows\system32\mpg4c32.dll
2010-04-23 16:00:45 ----A---- C:\Windows\system32\mfc70.dll
2010-04-23 16:00:45 ----A---- C:\Windows\system32\mcdvd_32.dll
2010-04-23 16:00:44 ----D---- C:\Program Files\AVS4YOU
2010-04-22 14:48:17 ----D---- C:\ZANETA
2010-04-20 20:11:32 ----D---- C:\ProgramData\SweetIM
2010-04-20 20:11:32 ----D---- C:\Program Files\SweetIM
======List of files/folders modified in the last 1 months======
2010-05-01 13:14:21 ----RD---- C:\Program Files
2010-05-01 13:14:21 ----D---- C:\Windows\Temp
2010-05-01 13:14:21 ----D---- C:\Windows\Prefetch
2010-05-01 13:14:20 ----D---- C:\ProgramData\SKL
2010-05-01 13:14:19 ----D---- C:\Programme
2010-05-01 13:14:19 ----D---- C:\ProgramData\AL
2010-05-01 13:10:32 ----SHD---- C:\$Recycle.Bin
2010-05-01 13:10:15 ----RD---- C:\Users
2010-05-01 13:07:11 ----D---- C:\Windows\System32
2010-05-01 13:07:11 ----D---- C:\Windows\inf
2010-05-01 13:07:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-05-01 12:13:30 ----D---- C:\ProgramData\Spyware Terminator
2010-05-01 12:13:30 ----D---- C:\Program Files\Spyware Terminator
2010-05-01 05:34:20 ----D---- C:\Users\David\AppData\Roaming\4shared Desktop
2010-05-01 00:00:11 ----SHD---- C:\System Volume Information
2010-04-24 10:41:59 ----D---- C:\1
2010-04-24 10:39:01 ----D---- C:\Windows\system32\Tasks
2010-04-24 10:31:17 ----SHD---- C:\Windows\Installer
2010-04-24 09:44:44 ----D---- C:\Windows\winsxs
2010-04-24 09:10:35 ----D---- C:\6
2010-04-24 09:06:51 ----D---- C:\Windows\system32\drivers
2010-04-23 16:01:00 ----HD---- C:\ProgramData
2010-04-23 16:00:48 ----RSD---- C:\Windows\Fonts
2010-04-23 16:00:45 ----D---- C:\Windows
2010-04-23 16:00:45 ----D---- C:\Program Files\Common Files
2010-04-22 21:55:34 ----D---- C:\Users\David\AppData\Roaming\Skype
2010-04-09 19:14:38 ----D---- C:\Program Files\JDownloader
2010-04-03 21:09:26 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-07-19 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-04-05 350720]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 Aspi32;Aspi32; C:\Windows\System32\drivers\aspi32.sys [2009-10-11 16512]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-10-12 281760]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-10-12 25888]
R2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [2006-12-21 90688]
R2 SentinelFilter;SentinelFilter; \??\C:\Program Files\JDownloader\downloads\SURFCAM\SURFCAM\crack\SENTINELFILTER.SYS [2006-11-10 256256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-02-14 2061528]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-06-25 7468544]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 118784]
R3 SAgentDriver;SAgent Driver; \??\C:\Program Files\SoftActivity\SKL\sagendrv.sys [2009-01-07 31088]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2009-01-13 19336]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2009-01-13 49160]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-04-05 83328]
S3 alc9husw;alc9husw; C:\Windows\system32\drivers\alc9husw.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-04-05 5632]
S3 DualCoreCenter;DualCoreCenter; \??\C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys [2008-02-27 28160]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-04-05 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-04-05 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-04-05 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-04-05 6016]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2007-02-03 490784]
S3 RushTopDevice2;RushTopDevice2; \??\C:\Program Files\MSI\DualCoreCenter\RushTop.sys [2008-05-15 56320]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x86\Sandra.sys [2008-10-31 22432]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 systormflb;REVOLTEC FightBoard Advanced; C:\Windows\system32\DRIVERS\systormflb.sys []
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2009-01-13 29192]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2009-01-13 31240]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2009-01-13 14728]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-04-05 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-04-05 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-04-05 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-04-05 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-04-05 21504]
R2 LVPrcSrv;Process Monitor; c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-06-25 118784]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-12-06 66872]
R2 RelevantKnowledge;RelevantKnowledge; C:\Program Files\RelevantKnowledge\rlservice.exe [2009-12-22 49792]
R2 Salsvc;Salsvc; C:\Program Files\SoftActivity\SKL\alsvc.exe [2009-02-17 38768]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe []
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-04-05 21504]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-04-05 33800]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-04-05 523776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe [2008-11-03 98488]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-04-05 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-04-05 917504]
-----------------EOF-----------------
Re: Scan Rsit,prosim o zkontrolovani
Hezké odpoledne 
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe - ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Scan Rsit,prosim o zkontrolovani
dobry den
Re: Scan Rsit,prosim o zkontrolovani
ComboFix 10-04-30.03 - virus 01.05.2010 13:43:57.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.420.1029.18.3070.1959 [GMT 2:00]
Spuštěný z: c:\users\virus\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 100331-2] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 100331-2] *disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\MSVCP71.DLL
c:\program files\RelevantKnowledge\MSVCR71.DLL
c:\program files\RelevantKnowledge\rlls.dll.vir
c:\program files\RelevantKnowledge\rlls64.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\program files\RelevantKnowledge\rlvknlg64.exe
C:\test.txt
c:\users\David\AppData\Local\agedawdyq
c:\users\David\AppData\Local\agedawdyq\peirfbltssd.exe
c:\windows\localsys64.exe
c:\windows\system32\64dlls.exe
c:\windows\system32\intel64.exe
c:\windows\system32\ntos.exe
c:\windows\system32\oembios.exe
c:\windows\system32\sdra64.exe
c:\windows\system32\Startup.exe
c:\windows\system32\swin32.exe
c:\windows\system32\twex.exe
c:\windows\system32\twext.exe
c:\windows\system32\wsnpoema.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_RelevantKnowledge
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-01 do 2010-05-01 )))))))))))))))))))))))))))))))
.
2010-05-01 11:48 . 2010-05-01 11:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-01 11:48 . 2010-05-01 11:48 -------- d-----w- c:\users\David\AppData\Local\temp
2010-05-01 11:48 . 2010-05-01 11:50 -------- d-----w- c:\users\virus\AppData\Local\temp
2010-05-01 11:14 . 2010-05-01 11:14 -------- d-----w- C:\rsit
2010-05-01 11:14 . 2010-05-01 11:14 -------- d-----w- c:\program files\trend micro
2010-05-01 11:11 . 2010-05-01 11:11 -------- d-----w- c:\users\virus\AppData\Local\Mozilla
2010-05-01 10:12 . 2010-05-01 10:13 5632 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-05-01 10:12 . 2010-05-01 10:13 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-05-01 10:12 . 2010-05-01 10:13 133120 ----a-w- c:\programdata\Spyware Terminator\sp_rsdrv2.sys
2010-04-28 02:35 . 2010-04-28 02:35 -------- d-----w- C:\audiograbber
2010-04-24 09:12 . 2007-04-12 12:19 129024 ----a-w- c:\windows\system32\AVERM.dll
2010-04-24 09:12 . 2006-09-26 11:57 28672 ----a-w- c:\windows\system32\AVEQT.dll
2010-04-24 09:12 . 2010-04-24 09:12 -------- d-----w- c:\program files\Ultra MKV Converter
2010-04-24 09:03 . 2010-04-24 09:03 -------- d-----w- c:\program files\mkvtoavi
2010-04-24 08:42 . 2010-04-24 08:44 -------- d-----w- C:\My video
2010-04-24 08:33 . 2010-04-24 08:35 -------- d-----w- c:\program files\A-one Video Convertor
2010-04-24 08:26 . 2010-04-24 10:00 -------- d-----w- C:\OutputFolder
2010-04-24 08:20 . 2010-04-24 08:20 -------- d-----w- c:\users\David\AppData\Roaming\GetRightToGo
2010-04-24 07:45 . 2010-04-24 07:45 -------- d-----w- c:\users\David\.dvdcss
2010-04-24 07:44 . 2010-04-24 08:31 -------- d-----w- c:\users\David\AppData\Roaming\Leawo
2010-04-24 07:44 . 2010-04-24 08:31 -------- d-----w- c:\program files\Leawo
2010-04-24 07:10 . 2010-04-24 07:10 -------- d-----w- c:\users\David\AppData\Roaming\dvdcss
2010-04-24 07:06 . 2009-10-11 13:58 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2010-04-24 07:06 . 2009-10-11 13:58 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2010-04-24 07:06 . 2010-04-24 07:06 -------- d-----w- c:\program files\3herosoft
2010-04-24 07:04 . 2010-04-24 07:04 -------- d-----w- c:\program files\Convert DVD to AVI
2010-04-23 14:11 . 2010-04-23 14:11 -------- d-----w- c:\program files\Webteh
2010-04-23 14:01 . 2010-04-23 14:01 -------- d-----w- c:\programdata\AVS4YOU
2010-04-23 14:00 . 2010-04-24 08:27 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-04-23 14:00 . 2008-11-24 10:00 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-04-23 14:00 . 2008-11-24 10:00 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-04-23 14:00 . 2008-11-24 10:00 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-04-23 14:00 . 2008-11-24 10:00 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-04-23 14:00 . 2008-11-24 10:00 413760 ----a-w- c:\windows\system32\mpg4c32.dll
2010-04-23 14:00 . 2008-11-24 10:00 261632 ----a-w- c:\windows\system32\mcdvd_32.dll
2010-04-23 14:00 . 2010-04-24 08:27 -------- d-----w- c:\program files\AVS4YOU
2010-04-22 12:48 . 2010-04-26 02:28 -------- d-----w- C:\ZANETA
2010-04-20 18:11 . 2010-04-20 18:11 -------- d-----w- c:\program files\SweetIM
2010-04-20 18:11 . 2010-04-20 18:11 -------- d-----w- c:\programdata\SweetIM
2010-04-20 17:44 . 2010-04-20 17:49 1925088 ----a-w- c:\users\David\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 11:51 . 2009-11-04 16:14 -------- d-----w- c:\programdata\AL
2010-05-01 11:50 . 2009-11-04 16:14 -------- d-----w- c:\programdata\SKL
2010-05-01 11:43 . 2007-01-08 21:15 607346 ----a-w- c:\windows\system32\perfh005.dat
2010-05-01 11:43 . 2007-01-08 21:15 119760 ----a-w- c:\windows\system32\perfc005.dat
2010-05-01 11:10 . 2010-05-01 11:10 48992 ----a-w- c:\users\virus\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-01 10:13 . 2008-11-10 16:29 -------- d-----w- c:\programdata\Spyware Terminator
2010-05-01 10:13 . 2008-11-10 16:29 -------- d-----w- c:\program files\Spyware Terminator
2010-05-01 03:34 . 2010-01-25 19:36 -------- d-----w- c:\users\David\AppData\Roaming\4shared Desktop
2010-04-24 21:51 . 2008-11-10 15:56 48992 ----a-w- c:\users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-22 19:55 . 2008-12-21 11:24 -------- d-----w- c:\users\David\AppData\Roaming\Skype
2010-04-09 17:14 . 2009-12-30 08:28 -------- d-----w- c:\program files\JDownloader
2010-03-06 07:08 . 2010-03-06 07:08 -------- d-----w- c:\program files\SafeNet Sentinel
2010-03-06 07:08 . 2010-03-06 07:08 -------- d-----w- c:\program files\Common Files\SafeNet Sentinel
2010-03-06 07:07 . 2010-03-06 07:04 -------- d-----w- c:\program files\Common Files\Solidworks Shared
2010-03-06 07:01 . 2008-11-10 16:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2007-09-10 09:22 . 2010-03-06 07:05 3200960 ----a-w- c:\program files\Common Files\vcredist_x64.exe
2007-09-10 09:22 . 2010-03-06 07:05 2723264 ----a-w- c:\program files\Common Files\vcredist_x86.exe
2008-04-05 17:20 . 2008-04-05 16:56 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\4shared.com\tb4sha.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-09-15 05:47 1784856 ----a-w- c:\program files\free-downloads.net\tbfre0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-03-18 14:06 1361208 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2008-09-15 1784856]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\program files\4shared.com\tb4sha.dll" [2009-11-09 2331672]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-03-18 1361208]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-05 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-04-05 2153472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-04-05 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 92704]
"DelReg"="c:\program files\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 196608]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-13 4915200]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]
"FightBoard"="c:\program files\REVOLTEC\FightBoard Advanced 1.00\FightBoard.exe" [2006-11-26 2441216]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-22 149280]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-03-17 106496]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2008-11-10 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [x]
R3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [2008-02-27 28160]
R3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [2008-05-15 56320]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe [2008-11-03 98488]
R3 systormflb;REVOLTEC FightBoard Advanced;c:\windows\system32\DRIVERS\systormflb.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-11-29 717296]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
S2 Salsvc;Salsvc;c:\program files\SoftActivity\SKL\alsvc.exe [2009-02-17 38768]
S2 SentinelFilter;SentinelFilter;c:\program files\JDownloader\downloads\SURFCAM\SURFCAM\crack\SENTINELFILTER.SYS [2006-11-10 256256]
S3 SAgentDriver;SAgent Driver;c:\program files\SoftActivity\SKL\sagendrv.sys [2009-01-07 31088]
.
Obsah adresáře 'Naplánované úlohy'
2010-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-493184601-2494964019-3008129617-1000Core.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 16:28]
2010-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-493184601-2494964019-3008129617-1000UA.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 16:28]
2010-05-01 c:\windows\Tasks\User_Feed_Synchronization-{AD178CE2-18A5-4B81-9E5B-050DC52D39CE}.job
- c:\windows\system32\msfeedssync.exe [2008-04-05 17:15]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://home.sweetim.com
FF - ProfilePath - c:\users\virus\AppData\Roaming\Mozilla\Firefox\Profiles\f2wdeegz.default\
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\TorrentMan\tbTorr.dll
Toolbar-{7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\TorrentMan\tbTorr.dll
HKLM-Run-WinSys2 - c:\windows\system32\startup.exe
AddRemove-4StoryCZ_is1 - c:\program files\Gameforge4D\4Story\unins000.exe
AddRemove-Brothers in Arms - Hell's Highway - c:\program files\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\uninst.exe
AddRemove-Euro Truck Simulator - c:\program files\Euro Truck Simulator\Uninstal_EuroTruckSimulator.exe
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-TorrentMan Toolbar - c:\progra~1\TORREN~1\UNWISE.EXE
AddRemove-{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_is1 - c:\program files\505games\1C\Men of War\unins000.exe
AddRemove-{97A8C4B4-2B50-42D1-AFE6-5E8433185436}_is1 - c:\program files\505games\1C\Cryostasis\unins000.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe
AddRemove-{D560A981-FEB3-42F0-A61A-13E9528E0C51}_is1 - c:\gtr2\Support\unins000.exe
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(11872)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\SoftActivity\SKL\alsys.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Celkový čas: 2010-05-01 13:59:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-01 11:58
Před spuštěním: Volných bajtů: 100 856 537 088
Po spuštění: Volných bajtů: 101 427 511 296
- - End Of File - - CF75DA2EC4E92358DD5936ABAF919772
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.420.1029.18.3070.1959 [GMT 2:00]
Spuštěný z: c:\users\virus\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 100331-2] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 100331-2] *disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\MSVCP71.DLL
c:\program files\RelevantKnowledge\MSVCR71.DLL
c:\program files\RelevantKnowledge\rlls.dll.vir
c:\program files\RelevantKnowledge\rlls64.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\program files\RelevantKnowledge\rlvknlg64.exe
C:\test.txt
c:\users\David\AppData\Local\agedawdyq
c:\users\David\AppData\Local\agedawdyq\peirfbltssd.exe
c:\windows\localsys64.exe
c:\windows\system32\64dlls.exe
c:\windows\system32\intel64.exe
c:\windows\system32\ntos.exe
c:\windows\system32\oembios.exe
c:\windows\system32\sdra64.exe
c:\windows\system32\Startup.exe
c:\windows\system32\swin32.exe
c:\windows\system32\twex.exe
c:\windows\system32\twext.exe
c:\windows\system32\wsnpoema.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_RelevantKnowledge
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-01 do 2010-05-01 )))))))))))))))))))))))))))))))
.
2010-05-01 11:48 . 2010-05-01 11:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-01 11:48 . 2010-05-01 11:48 -------- d-----w- c:\users\David\AppData\Local\temp
2010-05-01 11:48 . 2010-05-01 11:50 -------- d-----w- c:\users\virus\AppData\Local\temp
2010-05-01 11:14 . 2010-05-01 11:14 -------- d-----w- C:\rsit
2010-05-01 11:14 . 2010-05-01 11:14 -------- d-----w- c:\program files\trend micro
2010-05-01 11:11 . 2010-05-01 11:11 -------- d-----w- c:\users\virus\AppData\Local\Mozilla
2010-05-01 10:12 . 2010-05-01 10:13 5632 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-05-01 10:12 . 2010-05-01 10:13 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-05-01 10:12 . 2010-05-01 10:13 133120 ----a-w- c:\programdata\Spyware Terminator\sp_rsdrv2.sys
2010-04-28 02:35 . 2010-04-28 02:35 -------- d-----w- C:\audiograbber
2010-04-24 09:12 . 2007-04-12 12:19 129024 ----a-w- c:\windows\system32\AVERM.dll
2010-04-24 09:12 . 2006-09-26 11:57 28672 ----a-w- c:\windows\system32\AVEQT.dll
2010-04-24 09:12 . 2010-04-24 09:12 -------- d-----w- c:\program files\Ultra MKV Converter
2010-04-24 09:03 . 2010-04-24 09:03 -------- d-----w- c:\program files\mkvtoavi
2010-04-24 08:42 . 2010-04-24 08:44 -------- d-----w- C:\My video
2010-04-24 08:33 . 2010-04-24 08:35 -------- d-----w- c:\program files\A-one Video Convertor
2010-04-24 08:26 . 2010-04-24 10:00 -------- d-----w- C:\OutputFolder
2010-04-24 08:20 . 2010-04-24 08:20 -------- d-----w- c:\users\David\AppData\Roaming\GetRightToGo
2010-04-24 07:45 . 2010-04-24 07:45 -------- d-----w- c:\users\David\.dvdcss
2010-04-24 07:44 . 2010-04-24 08:31 -------- d-----w- c:\users\David\AppData\Roaming\Leawo
2010-04-24 07:44 . 2010-04-24 08:31 -------- d-----w- c:\program files\Leawo
2010-04-24 07:10 . 2010-04-24 07:10 -------- d-----w- c:\users\David\AppData\Roaming\dvdcss
2010-04-24 07:06 . 2009-10-11 13:58 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2010-04-24 07:06 . 2009-10-11 13:58 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2010-04-24 07:06 . 2010-04-24 07:06 -------- d-----w- c:\program files\3herosoft
2010-04-24 07:04 . 2010-04-24 07:04 -------- d-----w- c:\program files\Convert DVD to AVI
2010-04-23 14:11 . 2010-04-23 14:11 -------- d-----w- c:\program files\Webteh
2010-04-23 14:01 . 2010-04-23 14:01 -------- d-----w- c:\programdata\AVS4YOU
2010-04-23 14:00 . 2010-04-24 08:27 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-04-23 14:00 . 2008-11-24 10:00 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-04-23 14:00 . 2008-11-24 10:00 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-04-23 14:00 . 2008-11-24 10:00 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-04-23 14:00 . 2008-11-24 10:00 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-04-23 14:00 . 2008-11-24 10:00 413760 ----a-w- c:\windows\system32\mpg4c32.dll
2010-04-23 14:00 . 2008-11-24 10:00 261632 ----a-w- c:\windows\system32\mcdvd_32.dll
2010-04-23 14:00 . 2010-04-24 08:27 -------- d-----w- c:\program files\AVS4YOU
2010-04-22 12:48 . 2010-04-26 02:28 -------- d-----w- C:\ZANETA
2010-04-20 18:11 . 2010-04-20 18:11 -------- d-----w- c:\program files\SweetIM
2010-04-20 18:11 . 2010-04-20 18:11 -------- d-----w- c:\programdata\SweetIM
2010-04-20 17:44 . 2010-04-20 17:49 1925088 ----a-w- c:\users\David\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 11:51 . 2009-11-04 16:14 -------- d-----w- c:\programdata\AL
2010-05-01 11:50 . 2009-11-04 16:14 -------- d-----w- c:\programdata\SKL
2010-05-01 11:43 . 2007-01-08 21:15 607346 ----a-w- c:\windows\system32\perfh005.dat
2010-05-01 11:43 . 2007-01-08 21:15 119760 ----a-w- c:\windows\system32\perfc005.dat
2010-05-01 11:10 . 2010-05-01 11:10 48992 ----a-w- c:\users\virus\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-01 10:13 . 2008-11-10 16:29 -------- d-----w- c:\programdata\Spyware Terminator
2010-05-01 10:13 . 2008-11-10 16:29 -------- d-----w- c:\program files\Spyware Terminator
2010-05-01 03:34 . 2010-01-25 19:36 -------- d-----w- c:\users\David\AppData\Roaming\4shared Desktop
2010-04-24 21:51 . 2008-11-10 15:56 48992 ----a-w- c:\users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-22 19:55 . 2008-12-21 11:24 -------- d-----w- c:\users\David\AppData\Roaming\Skype
2010-04-09 17:14 . 2009-12-30 08:28 -------- d-----w- c:\program files\JDownloader
2010-03-06 07:08 . 2010-03-06 07:08 -------- d-----w- c:\program files\SafeNet Sentinel
2010-03-06 07:08 . 2010-03-06 07:08 -------- d-----w- c:\program files\Common Files\SafeNet Sentinel
2010-03-06 07:07 . 2010-03-06 07:04 -------- d-----w- c:\program files\Common Files\Solidworks Shared
2010-03-06 07:01 . 2008-11-10 16:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2007-09-10 09:22 . 2010-03-06 07:05 3200960 ----a-w- c:\program files\Common Files\vcredist_x64.exe
2007-09-10 09:22 . 2010-03-06 07:05 2723264 ----a-w- c:\program files\Common Files\vcredist_x86.exe
2008-04-05 17:20 . 2008-04-05 16:56 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\4shared.com\tb4sha.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-09-15 05:47 1784856 ----a-w- c:\program files\free-downloads.net\tbfre0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-03-18 14:06 1361208 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2008-09-15 1784856]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\program files\4shared.com\tb4sha.dll" [2009-11-09 2331672]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-03-18 1361208]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-05 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-04-05 2153472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-04-05 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 92704]
"DelReg"="c:\program files\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 196608]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-13 4915200]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]
"FightBoard"="c:\program files\REVOLTEC\FightBoard Advanced 1.00\FightBoard.exe" [2006-11-26 2441216]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-22 149280]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-03-17 106496]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2008-11-10 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [x]
R3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [2008-02-27 28160]
R3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [2008-05-15 56320]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe [2008-11-03 98488]
R3 systormflb;REVOLTEC FightBoard Advanced;c:\windows\system32\DRIVERS\systormflb.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-11-29 717296]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
S2 Salsvc;Salsvc;c:\program files\SoftActivity\SKL\alsvc.exe [2009-02-17 38768]
S2 SentinelFilter;SentinelFilter;c:\program files\JDownloader\downloads\SURFCAM\SURFCAM\crack\SENTINELFILTER.SYS [2006-11-10 256256]
S3 SAgentDriver;SAgent Driver;c:\program files\SoftActivity\SKL\sagendrv.sys [2009-01-07 31088]
.
Obsah adresáře 'Naplánované úlohy'
2010-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-493184601-2494964019-3008129617-1000Core.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 16:28]
2010-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-493184601-2494964019-3008129617-1000UA.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 16:28]
2010-05-01 c:\windows\Tasks\User_Feed_Synchronization-{AD178CE2-18A5-4B81-9E5B-050DC52D39CE}.job
- c:\windows\system32\msfeedssync.exe [2008-04-05 17:15]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://home.sweetim.com
FF - ProfilePath - c:\users\virus\AppData\Roaming\Mozilla\Firefox\Profiles\f2wdeegz.default\
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\TorrentMan\tbTorr.dll
Toolbar-{7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\TorrentMan\tbTorr.dll
HKLM-Run-WinSys2 - c:\windows\system32\startup.exe
AddRemove-4StoryCZ_is1 - c:\program files\Gameforge4D\4Story\unins000.exe
AddRemove-Brothers in Arms - Hell's Highway - c:\program files\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\uninst.exe
AddRemove-Euro Truck Simulator - c:\program files\Euro Truck Simulator\Uninstal_EuroTruckSimulator.exe
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-TorrentMan Toolbar - c:\progra~1\TORREN~1\UNWISE.EXE
AddRemove-{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_is1 - c:\program files\505games\1C\Men of War\unins000.exe
AddRemove-{97A8C4B4-2B50-42D1-AFE6-5E8433185436}_is1 - c:\program files\505games\1C\Cryostasis\unins000.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe
AddRemove-{D560A981-FEB3-42F0-A61A-13E9528E0C51}_is1 - c:\gtr2\Support\unins000.exe
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(11872)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\SoftActivity\SKL\alsys.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Celkový čas: 2010-05-01 13:59:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-01 11:58
Před spuštěním: Volných bajtů: 100 856 537 088
Po spuštění: Volných bajtů: 101 427 511 296
- - End Of File - - CF75DA2EC4E92358DD5936ABAF919772
Re: Scan Rsit,prosim o zkontrolovani
Dejte soubor otestovat na http://www.virustotal.comc:\program files\REVOLTEC\FightBoard Advanced 1.00\FightBoard.exe
c:\program files\4shared.com\tb4sha.dll
c:\program files\Common Files\vcredist_x64.exe
-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.
Stahněte MBAM z mého podpisu-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Scan Rsit,prosim o zkontrolovani
Jak to tu vypadá?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Scan Rsit,prosim o zkontrolovani
Omlouvam se nemel sem nejak cas.
Re: Scan Rsit,prosim o zkontrolovani
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-03 18:43:56
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\David\AppData\Local\Temp\pglcapod.sys
---- System - GMER 1.0.15 ----
INT 0x51 ? 8692ABF8
INT 0x51 ? 8692ABF8
INT 0x51 ? 8692ABF8
INT 0x51 ? 8692ABF8
INT 0x51 ? 87B75F00
INT 0x51 ? 87B75F00
INT 0x51 ? 8692ABF8
INT 0x82 ? 87B75F00
INT 0x92 ? 87B75F00
INT 0xA2 ? 87B75F00
INT 0xB2 ? 86929BF8
INT 0xB2 ? 87B75F00
INT 0xB2 ? 86929BF8
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\speb.sys Systém nemůže nalézt uvedenou cestu. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8EC02340, 0x3DB457, 0xE8000020]
.text USBPORT.SYS!DllUnload 82B9346F 5 Bytes JMP 87B754E0
.text am9xfe4g.SYS 8298F000 22 Bytes [26, 22, C1, 81, 10, 21, C1, ...]
.text am9xfe4g.SYS 8298F017 78 Bytes [00, 32, 87, 79, 80, 3D, 85, ...]
.text am9xfe4g.SYS 8298F066 6 Bytes [C4, 81, F8, 4B, C9, 81] {LES EAX, DWORD [ECX-0x7e36b408]}
.text am9xfe4g.SYS 8298F06D 51 Bytes [1C, C9, 81, 58, 19, CF, 81, ...]
.text am9xfe4g.SYS 8298F0A1 43 Bytes [37, CF, 81, 38, 34, C9, 81, ...]
.text ...
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA1E07300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA1E4A300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ICQ6.5\ICQ.exe[5036] kernel32.dll!LoadLibraryExW 76B730C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\ICQ6.5\ICQ.exe[5036] kernel32.dll!ReadFile 76B903F8 6 Bytes JMP 5F160F5A
.text C:\Program Files\ICQ6.5\ICQ.exe[5036] kernel32.dll!GetFileSize 76B98BA6 6 Bytes JMP 5F190F5A
.text C:\Program Files\ICQ6.5\ICQ.exe[5036] kernel32.dll!CloseHandle 76B9CC05 6 Bytes JMP 5F130F5A
.text C:\Program Files\ICQ6.5\ICQ.exe[5036] kernel32.dll!CreateFileW 76B9CC4E 6 Bytes JMP 5F100F5A
.text C:\Program Files\ICQ6.5\ICQ.exe[5036] USER32.dll!SetParent 76C8DDC0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ICQ6.5\ICQ.exe[5036] USER32.dll!SetParent + 4 76C8DDC4 2 Bytes [1D, 5F]
.text C:\Program Files\ICQ6.5\ICQ.exe[5036] USER32.dll!CreateWindowExW 76C93D67 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\ICQ6.5\ICQ.exe[5036] USER32.dll!DispatchMessageW 76CA0051 6 Bytes JMP 5F040F5A
.text C:\Program Files\ICQ6.5\ICQ.exe[5036] ole32.dll!CoCreateInstance 76E9E188 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[29464] ntdll.dll!LdrLoadDll 77697933 5 Bytes JMP 013713F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068F6D2] \SystemRoot\System32\Drivers\speb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068F040] \SystemRoot\System32\Drivers\speb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068F7FC] \SystemRoot\System32\Drivers\speb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068F0BE] \SystemRoot\System32\Drivers\speb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068F13C] \SystemRoot\System32\Drivers\speb.sys
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortNotification] 24488B66
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortWritePortUchar] E84D8966
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortWritePortUlong] 83E84D8B
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 896602C1
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 488BEA4D
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortGetScatterGatherList] 8DC80320
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortReadPortUchar] 57500845
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortStallExecution] F0458D57
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortGetParentBusType] 00006850
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortRequestCallback] 458DB002
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 35FF50E8
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortGetUnCachedExtension] [829B4FBC] \SystemRoot\System32\Drivers\am9xfe4g.SYS (ATAPI IDE Miniport Driver/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortCompleteRequest] 57EC4D89
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortMoveMemory] 01F045C7
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] E8000000
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 0001E4E4
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 4675C73B
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortReadPortUshort] 9B4FC8A1
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 8D526A82
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortInitialize] 00009A88
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortGetDeviceBase] 48C08300
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortDeviceStateChange] 8D076A50
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\services.exe[696] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002
IAT C:\Windows\system32\services.exe[696] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741F7BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [742398C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [741FD3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [741EF527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741F7599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [741EE43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7422B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [741FD68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [741F012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [741F0095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741E71F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7427D810] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [742175E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [741EDAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [741E668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [741E66BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [741F1E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [03B32EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [03B32C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [03B32C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [03B32C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[2184] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [000C2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[2184] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [000C2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[2184] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [000C2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[2184] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [000C2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[2520] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01C82EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[2520] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01C82C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[2520] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01C82C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[2520] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01C82C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[3080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [014D2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[3080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [014D2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[3080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [014D2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[3080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [014D2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3748] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3748] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003C2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3748] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3748] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[4892] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00232EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[4892] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00232C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[4892] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00232C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[4892] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00232C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ICQ6.5\ICQ.exe[5036] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01DC2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ICQ6.5\ICQ.exe[5036] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01DC2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ICQ6.5\ICQ.exe[5036] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01DC2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ICQ6.5\ICQ.exe[5036] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01DC2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[8172] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[8172] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003D2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[8172] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[8172] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[29464] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B92EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[29464] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00B92C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[29464] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B92C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[29464] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B92C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Ultra MKV Converter\Ultra MKV Converter.exe[29640] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [016B2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Ultra MKV Converter\Ultra MKV Converter.exe[29640] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [016B2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Ultra MKV Converter\Ultra MKV Converter.exe[29640] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [016B2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Ultra MKV Converter\Ultra MKV Converter.exe[29640] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [016B2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\javaw.exe[30392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00122EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\javaw.exe[30392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00122C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\javaw.exe[30392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00122C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\javaw.exe[30392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00122C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\David\Desktop\SALAMAND.EXE[30684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\David\Desktop\SALAMAND.EXE[30684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\David\Desktop\SALAMAND.EXE[30684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\David\Desktop\SALAMAND.EXE[30684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Ultra MKV Converter\avm.exe[31252] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00382EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Ultra MKV Converter\avm.exe[31252] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00382C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Ultra MKV Converter\avm.exe[31252] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00382C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Ultra MKV Converter\avm.exe[31252] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00382C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\David\Desktop\gmer\gmer.exe[31512] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\David\Desktop\gmer\gmer.exe[31512] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\David\Desktop\gmer\gmer.exe[31512] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\David\Desktop\gmer\gmer.exe[31512] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmplayer.exe[32544] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008C2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmplayer.exe[32544] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [008C2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmplayer.exe[32544] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008C2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmplayer.exe[32544] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008C2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 869301F8
Device \FileSystem\fastfat \FatCdrom 86CDA500
Device \Driver\volmgr \Device\VolMgrControl 8692C1F8
Device \Driver\usbuhci \Device\USBPDO-0 87E131F8
Device \Driver\usbuhci \Device\USBPDO-1 87E131F8
Device \Driver\PCI_PNP2139 \Device\00000052 speb.sys
Device \Driver\usbuhci \Device\USBPDO-2 87E131F8
Device \Driver\usbehci \Device\USBPDO-3 87E1C1F8
Device \Driver\usbuhci \Device\USBPDO-4 87E131F8
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBPDO-5 87E131F8
Device \Driver\usbuhci \Device\USBPDO-6 87E131F8
Device \Driver\volmgr \Device\HarddiskVolume1 8692C1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 87E1C1F8
Device \Driver\USBSTOR \Device\00000071 87F35500
Device \Driver\USBSTOR \Device\00000071 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\cdrom \Device\CdRom0 87A2D1F8
Device \Driver\volmgr \Device\HarddiskVolume2 8692C1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\00000072 87F35500
Device \Driver\USBSTOR \Device\00000072 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\sptd \Device\1349558150 speb.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8692E1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 8692E1F8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 8692E1F8
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 8692E1F8
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 8692E1F8
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 8692E1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\volmgr \Device\HarddiskVolume3 8692C1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom1 87A2D1F8
Device \Driver\USBSTOR \Device\00000073 87F35500
Device \Driver\USBSTOR \Device\00000073 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\volmgr \Device\HarddiskVolume4 8692C1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\00000074 87F35500
Device \Driver\USBSTOR \Device\00000074 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\volmgr \Device\HarddiskVolume5 8692C1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\00000075 87F35500
Device \Driver\USBSTOR \Device\00000075 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\netbt \Device\NetBt_Wins_Export 8886C1F8
Device \Driver\Smb \Device\NetbiosSmb 8885B1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{38B166C0-E637-4FE1-BD85-18BF26C4A103} 8886C1F8
Device \Driver\iScsiPrt \Device\RaidPort0 87E211F8
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBFDO-0 87E131F8
Device \Driver\usbuhci \Device\USBFDO-1 87E131F8
Device \Driver\usbuhci \Device\USBFDO-2 87E131F8
Device \Driver\usbehci \Device\USBFDO-3 87E1C1F8
Device \Driver\usbuhci \Device\USBFDO-4 87E131F8
Device \Driver\usbuhci \Device\USBFDO-5 87E131F8
Device \Driver\usbuhci \Device\USBFDO-6 87E131F8
Device \Driver\usbehci \Device\USBFDO-7 87E1C1F8
Device \Driver\am9xfe4g \Device\Scsi\am9xfe4g1 87E0E1F8
Device \Driver\am9xfe4g \Device\Scsi\am9xfe4g1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\JRAID \Device\Scsi\JRAID1 8692F1F8
Device \Driver\am9xfe4g \Device\Scsi\am9xfe4g1Port6Path0Target0Lun0 87E0E1F8
Device \Driver\am9xfe4g \Device\Scsi\am9xfe4g1Port6Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\fastfat \Fat 86CDA500
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)
Device \FileSystem\cdfs \Cdfs 89256500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF8 0x58 0x8E 0x34 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x79 0x87 0x5C 0x7B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9B 0xCC 0x52 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4C 0x96 0xFF 0xBD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x06 0x90 0xCD 0x42 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF8 0x58 0x8E 0x34 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x79 0x87 0x5C 0x7B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9B 0xCC 0x52 0x50 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4C 0x96 0xFF 0xBD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x06 0x90 0xCD 0x42 ...
---- Files - GMER 1.0.15 ----
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0092A.log 131072 bytes
---- EOF - GMER 1.0.15 ----
Rootkit scan 2010-05-03 18:43:56
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\David\AppData\Local\Temp\pglcapod.sys
---- System - GMER 1.0.15 ----
INT 0x51 ? 8692ABF8
INT 0x51 ? 8692ABF8
INT 0x51 ? 8692ABF8
INT 0x51 ? 8692ABF8
INT 0x51 ? 87B75F00
INT 0x51 ? 87B75F00
INT 0x51 ? 8692ABF8
INT 0x82 ? 87B75F00
INT 0x92 ? 87B75F00
INT 0xA2 ? 87B75F00
INT 0xB2 ? 86929BF8
INT 0xB2 ? 87B75F00
INT 0xB2 ? 86929BF8
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\speb.sys Systém nemůže nalézt uvedenou cestu. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8EC02340, 0x3DB457, 0xE8000020]
.text USBPORT.SYS!DllUnload 82B9346F 5 Bytes JMP 87B754E0
.text am9xfe4g.SYS 8298F000 22 Bytes [26, 22, C1, 81, 10, 21, C1, ...]
.text am9xfe4g.SYS 8298F017 78 Bytes [00, 32, 87, 79, 80, 3D, 85, ...]
.text am9xfe4g.SYS 8298F066 6 Bytes [C4, 81, F8, 4B, C9, 81] {LES EAX, DWORD [ECX-0x7e36b408]}
.text am9xfe4g.SYS 8298F06D 51 Bytes [1C, C9, 81, 58, 19, CF, 81, ...]
.text am9xfe4g.SYS 8298F0A1 43 Bytes [37, CF, 81, 38, 34, C9, 81, ...]
.text ...
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA1E07300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA1E4A300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ICQ6.5\ICQ.exe[5036] kernel32.dll!LoadLibraryExW 76B730C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\ICQ6.5\ICQ.exe[5036] kernel32.dll!ReadFile 76B903F8 6 Bytes JMP 5F160F5A
.text C:\Program Files\ICQ6.5\ICQ.exe[5036] kernel32.dll!GetFileSize 76B98BA6 6 Bytes JMP 5F190F5A
.text C:\Program Files\ICQ6.5\ICQ.exe[5036] kernel32.dll!CloseHandle 76B9CC05 6 Bytes JMP 5F130F5A
.text C:\Program Files\ICQ6.5\ICQ.exe[5036] kernel32.dll!CreateFileW 76B9CC4E 6 Bytes JMP 5F100F5A
.text C:\Program Files\ICQ6.5\ICQ.exe[5036] USER32.dll!SetParent 76C8DDC0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ICQ6.5\ICQ.exe[5036] USER32.dll!SetParent + 4 76C8DDC4 2 Bytes [1D, 5F]
.text C:\Program Files\ICQ6.5\ICQ.exe[5036] USER32.dll!CreateWindowExW 76C93D67 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\ICQ6.5\ICQ.exe[5036] USER32.dll!DispatchMessageW 76CA0051 6 Bytes JMP 5F040F5A
.text C:\Program Files\ICQ6.5\ICQ.exe[5036] ole32.dll!CoCreateInstance 76E9E188 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[29464] ntdll.dll!LdrLoadDll 77697933 5 Bytes JMP 013713F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068F6D2] \SystemRoot\System32\Drivers\speb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068F040] \SystemRoot\System32\Drivers\speb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068F7FC] \SystemRoot\System32\Drivers\speb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068F0BE] \SystemRoot\System32\Drivers\speb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068F13C] \SystemRoot\System32\Drivers\speb.sys
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortNotification] 24488B66
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortWritePortUchar] E84D8966
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortWritePortUlong] 83E84D8B
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 896602C1
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 488BEA4D
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortGetScatterGatherList] 8DC80320
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortReadPortUchar] 57500845
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortStallExecution] F0458D57
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortGetParentBusType] 00006850
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortRequestCallback] 458DB002
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 35FF50E8
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortGetUnCachedExtension] [829B4FBC] \SystemRoot\System32\Drivers\am9xfe4g.SYS (ATAPI IDE Miniport Driver/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortCompleteRequest] 57EC4D89
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortMoveMemory] 01F045C7
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] E8000000
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 0001E4E4
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 4675C73B
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortReadPortUshort] 9B4FC8A1
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 8D526A82
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortInitialize] 00009A88
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortGetDeviceBase] 48C08300
IAT \SystemRoot\System32\Drivers\am9xfe4g.SYS[ataport.SYS!AtaPortDeviceStateChange] 8D076A50
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\services.exe[696] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002
IAT C:\Windows\system32\services.exe[696] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741F7BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [742398C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [741FD3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [741EF527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741F7599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [741EE43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7422B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [741FD68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [741F012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [741F0095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741E71F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7427D810] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [742175E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [741EDAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [741E668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [741E66BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [741F1E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [03B32EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [03B32C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [03B32C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [03B32C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[2184] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [000C2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[2184] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [000C2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[2184] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [000C2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[2184] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [000C2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[2520] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01C82EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[2520] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01C82C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[2520] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01C82C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[2520] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01C82C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[3080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [014D2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[3080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [014D2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[3080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [014D2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[3080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [014D2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3748] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3748] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003C2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3748] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3748] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[4892] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00232EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[4892] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00232C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[4892] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00232C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[4892] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00232C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ICQ6.5\ICQ.exe[5036] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01DC2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ICQ6.5\ICQ.exe[5036] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01DC2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ICQ6.5\ICQ.exe[5036] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01DC2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ICQ6.5\ICQ.exe[5036] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01DC2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[8172] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[8172] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003D2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[8172] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[8172] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[29464] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B92EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[29464] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00B92C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[29464] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B92C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[29464] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B92C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Ultra MKV Converter\Ultra MKV Converter.exe[29640] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [016B2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Ultra MKV Converter\Ultra MKV Converter.exe[29640] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [016B2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Ultra MKV Converter\Ultra MKV Converter.exe[29640] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [016B2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Ultra MKV Converter\Ultra MKV Converter.exe[29640] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [016B2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\javaw.exe[30392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00122EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\javaw.exe[30392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00122C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\javaw.exe[30392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00122C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\javaw.exe[30392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00122C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\David\Desktop\SALAMAND.EXE[30684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\David\Desktop\SALAMAND.EXE[30684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\David\Desktop\SALAMAND.EXE[30684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\David\Desktop\SALAMAND.EXE[30684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Ultra MKV Converter\avm.exe[31252] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00382EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Ultra MKV Converter\avm.exe[31252] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00382C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Ultra MKV Converter\avm.exe[31252] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00382C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Ultra MKV Converter\avm.exe[31252] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00382C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\David\Desktop\gmer\gmer.exe[31512] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\David\Desktop\gmer\gmer.exe[31512] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\David\Desktop\gmer\gmer.exe[31512] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\David\Desktop\gmer\gmer.exe[31512] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmplayer.exe[32544] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008C2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmplayer.exe[32544] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [008C2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmplayer.exe[32544] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008C2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmplayer.exe[32544] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008C2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 869301F8
Device \FileSystem\fastfat \FatCdrom 86CDA500
Device \Driver\volmgr \Device\VolMgrControl 8692C1F8
Device \Driver\usbuhci \Device\USBPDO-0 87E131F8
Device \Driver\usbuhci \Device\USBPDO-1 87E131F8
Device \Driver\PCI_PNP2139 \Device\00000052 speb.sys
Device \Driver\usbuhci \Device\USBPDO-2 87E131F8
Device \Driver\usbehci \Device\USBPDO-3 87E1C1F8
Device \Driver\usbuhci \Device\USBPDO-4 87E131F8
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBPDO-5 87E131F8
Device \Driver\usbuhci \Device\USBPDO-6 87E131F8
Device \Driver\volmgr \Device\HarddiskVolume1 8692C1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 87E1C1F8
Device \Driver\USBSTOR \Device\00000071 87F35500
Device \Driver\USBSTOR \Device\00000071 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\cdrom \Device\CdRom0 87A2D1F8
Device \Driver\volmgr \Device\HarddiskVolume2 8692C1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\00000072 87F35500
Device \Driver\USBSTOR \Device\00000072 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\sptd \Device\1349558150 speb.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8692E1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 8692E1F8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 8692E1F8
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 8692E1F8
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 8692E1F8
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 8692E1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\volmgr \Device\HarddiskVolume3 8692C1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom1 87A2D1F8
Device \Driver\USBSTOR \Device\00000073 87F35500
Device \Driver\USBSTOR \Device\00000073 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\volmgr \Device\HarddiskVolume4 8692C1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\00000074 87F35500
Device \Driver\USBSTOR \Device\00000074 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\volmgr \Device\HarddiskVolume5 8692C1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\00000075 87F35500
Device \Driver\USBSTOR \Device\00000075 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\netbt \Device\NetBt_Wins_Export 8886C1F8
Device \Driver\Smb \Device\NetbiosSmb 8885B1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{38B166C0-E637-4FE1-BD85-18BF26C4A103} 8886C1F8
Device \Driver\iScsiPrt \Device\RaidPort0 87E211F8
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBFDO-0 87E131F8
Device \Driver\usbuhci \Device\USBFDO-1 87E131F8
Device \Driver\usbuhci \Device\USBFDO-2 87E131F8
Device \Driver\usbehci \Device\USBFDO-3 87E1C1F8
Device \Driver\usbuhci \Device\USBFDO-4 87E131F8
Device \Driver\usbuhci \Device\USBFDO-5 87E131F8
Device \Driver\usbuhci \Device\USBFDO-6 87E131F8
Device \Driver\usbehci \Device\USBFDO-7 87E1C1F8
Device \Driver\am9xfe4g \Device\Scsi\am9xfe4g1 87E0E1F8
Device \Driver\am9xfe4g \Device\Scsi\am9xfe4g1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\JRAID \Device\Scsi\JRAID1 8692F1F8
Device \Driver\am9xfe4g \Device\Scsi\am9xfe4g1Port6Path0Target0Lun0 87E0E1F8
Device \Driver\am9xfe4g \Device\Scsi\am9xfe4g1Port6Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\fastfat \Fat 86CDA500
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)
Device \FileSystem\cdfs \Cdfs 89256500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF8 0x58 0x8E 0x34 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x79 0x87 0x5C 0x7B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9B 0xCC 0x52 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4C 0x96 0xFF 0xBD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x06 0x90 0xCD 0x42 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF8 0x58 0x8E 0x34 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x79 0x87 0x5C 0x7B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9B 0xCC 0x52 0x50 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4C 0x96 0xFF 0xBD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x06 0x90 0xCD 0x42 ...
---- Files - GMER 1.0.15 ----
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0092A.log 131072 bytes
---- EOF - GMER 1.0.15 ----
Re: Scan Rsit,prosim o zkontrolovani
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-03 18:44:45
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\David\AppData\Local\Temp\pglcapod.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 869301F8
Device \FileSystem\fastfat \Fat 86CDA500
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
Rootkit quick scan 2010-05-03 18:44:45
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\David\AppData\Local\Temp\pglcapod.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 869301F8
Device \FileSystem\fastfat \Fat 86CDA500
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
Re: Scan Rsit,prosim o zkontrolovani
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4062
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
3.5.2010 18:53:16
mbam-log-2010-05-03 (18-53-16).txt
Typ skenu: Rychlý sken
Skenované objekty: 128171
Uplynulý čas: 3 minuta(y), 50 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 4
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované složky: 1
Infikované soubory: 4
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ajpaggws (Rogue.AntivirusSuite.Gen) -> No action taken.
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.MarketScore) -> No action taken.
Infikované soubory:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> No action taken.
www.malwarebytes.org
Verze databáze: 4062
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
3.5.2010 18:53:16
mbam-log-2010-05-03 (18-53-16).txt
Typ skenu: Rychlý sken
Skenované objekty: 128171
Uplynulý čas: 3 minuta(y), 50 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 4
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované složky: 1
Infikované soubory: 4
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ajpaggws (Rogue.AntivirusSuite.Gen) -> No action taken.
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.MarketScore) -> No action taken.
Infikované soubory:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> No action taken.
Re: Scan Rsit,prosim o zkontrolovani
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4062
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
3.5.2010 19:44:25
123
Typ skenu: Úplný sken (C:\|)
Skenované objekty: 273396
Uplynulý čas: 48 minuta(y), 41 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 4
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované složky: 1
Infikované soubory: 5
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ajpaggws (Rogue.AntivirusSuite.Gen) -> No action taken.
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.MarketScore) -> No action taken.
Infikované soubory:
C:\1\CoD4\CoD4\cod4.crac.keygen.by.steven\cod4.crac.keygen.by.steven\keygen.exe (Trojan.Agent.CK) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> No action taken.
www.malwarebytes.org
Verze databáze: 4062
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
3.5.2010 19:44:25
123
Typ skenu: Úplný sken (C:\|)
Skenované objekty: 273396
Uplynulý čas: 48 minuta(y), 41 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 4
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované složky: 1
Infikované soubory: 5
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ajpaggws (Rogue.AntivirusSuite.Gen) -> No action taken.
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.MarketScore) -> No action taken.
Infikované soubory:
C:\1\CoD4\CoD4\cod4.crac.keygen.by.steven\cod4.crac.keygen.by.steven\keygen.exe (Trojan.Agent.CK) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> No action taken.
Re: Scan Rsit,prosim o zkontrolovani
Co našel mbam, smažte.
Jak to vypadá s počítačem?
Jak to vypadá s počítačem?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Scan Rsit,prosim o zkontrolovani
pocitac v pohode,ale musel sem restartovat takze jak to teed smazu,znovu udelat scan?
Re: Scan Rsit,prosim o zkontrolovani
BOhužel nový sken.
Pak poprosím o log ze Rsitu
Pak poprosím o log ze Rsitu
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?