VIRY.CZ

Dobrý den před pár dny se mi uplně zasekal internet šílené zpomalení stránek + teměř žádný download načítání některých stránek trvá i několik minut. Zde posílám log z RSIT (předem prosím o schovívavost sem pc lama)

Logfile of random's system information tool 1.09 (written by random/random)
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 27 GB (17%) free of 154 GB
Total RAM: 3066 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:20:19, on 4.6.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
D:\Advance System Care Pro\Advanced SystemCare 3\AWC.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Flamen\Searches\Downloads\RSIT.exe
C:\Program Files\trend micro\Flamen.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... nsa_5635zg
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... nsa_5635zg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... nsa_5635zg
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: d:\advance system care pro\advanced systemcare 3\spictrl.dll
O10 - Unknown file in Winsock LSP: d:\advance system care pro\advanced systemcare 3\spictrl.dll
O10 - Unknown file in Winsock LSP: d:\advance system care pro\advanced systemcare 3\spictrl.dll
O10 - Unknown file in Winsock LSP: d:\advance system care pro\advanced systemcare 3\spictrl.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - D:\Dragon age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 6799 bytes

======Scheduled tasks folder======

C:\Windows\tasks\AWC Startup.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Flamen\AppData\Roaming\Mozilla\Firefox\Profiles\pp7ko4vw.default

prefs.js - "browser.startup.homepage" - "seznam.cz"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... ource=2&q="

"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Webzen.com/NPBrowserExt]
"Description"=WEBZEN Browser Extension Interface
"Path"=C:\Program Files\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Users\Flamen\Desktop\Nová složka\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"PLFSetI"=C:\Windows\PLFSetI.exe [2008-07-29 200704]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-03-05 1434920]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2009-03-05 805384]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-01-24 3478336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-01-24 3478336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
oobefldr.dll,ShowWelcomeCenter []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.siren"=sirenacm.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=DivX.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"vidc.DIVX"=DivX.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-06-04 21:19:40 ----D---- C:\Program Files\trend micro
2012-06-04 21:19:39 ----D---- C:\rsit
2012-06-04 20:58:54 ----D---- C:\Program Files\WinUtilities
2012-06-04 20:58:54 ----A---- C:\Windows\system32\wbhelp2.dll
2012-06-04 20:58:54 ----A---- C:\Windows\system32\W95INF32.DLL
2012-06-04 20:58:54 ----A---- C:\Windows\system32\W95INF16.DLL
2012-06-04 20:58:54 ----A---- C:\Windows\system32\unicows.dll
2012-06-04 20:58:54 ----A---- C:\Windows\system32\gdiplus.dll
2012-06-04 20:58:54 ----A---- C:\Windows\system32\anim.dll
2012-06-04 20:23:46 ----D---- C:\Program Files\Advanced Fix 2012
2012-06-04 16:10:41 ----RASH---- C:\MSDOS.SYS
2012-06-04 16:10:41 ----RASH---- C:\IO.SYS
2012-06-04 14:20:02 ----D---- C:\Windows\temp
2012-06-04 13:14:11 ----A---- C:\ComboFix.txt
2012-06-04 13:05:20 ----D---- C:\ComboFix
2012-06-04 13:05:17 ----D---- C:\Qoobox
2012-06-03 15:58:11 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-06-02 18:30:53 ----D---- C:\ProgramData\PMB Files
2012-06-02 18:30:45 ----D---- C:\Program Files\Pando Networks
2012-05-31 21:52:33 ----D---- C:\Program Files\GUM4910.tmp
2012-05-31 21:52:33 ----A---- C:\Program Files\GUT4911.tmp
2012-05-31 21:46:20 ----D---- C:\Program Files\AVAST Software
2012-05-30 03:58:16 ----ASH---- C:\hiberfil.sys
2012-05-29 21:11:36 ----A---- C:\Windows\ntbtlog.txt
2012-05-28 19:17:23 ----D---- C:\ProgramData\DVD Shrink
2012-05-14 00:01:34 ----A---- C:\Windows\AviSplitter.INI
2012-05-11 13:07:57 ----D---- C:\ProgramData\WindowsSearch
2012-05-11 05:35:46 ----A---- C:\Windows\system32\drivers\partmgr.sys
2012-05-11 05:35:44 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-05-11 05:35:35 ----A---- C:\Windows\system32\DWrite.dll
2012-05-11 05:35:35 ----A---- C:\Windows\system32\d3d10warp.dll
2012-05-11 05:35:35 ----A---- C:\Windows\system32\d3d10_1core.dll
2012-05-11 05:35:35 ----A---- C:\Windows\system32\d3d10_1.dll
2012-05-11 05:35:35 ----A---- C:\Windows\system32\d2d1.dll
2012-05-11 05:35:31 ----A---- C:\Windows\system32\win32k.sys
2012-05-11 05:35:31 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-05-11 05:35:31 ----A---- C:\Windows\system32\ntkrnlpa.exe
2012-05-08 17:07:26 ----D---- C:\Users\Flamen\AppData\Roaming\Ashampoo
2012-05-08 17:07:18 ----D---- C:\ProgramData\ashampoo

======List of files/folders modified in the last 1 month======

2012-06-04 21:19:40 ----RD---- C:\Program Files
2012-06-04 21:16:06 ----D---- C:\Windows\system32\config
2012-06-04 20:58:59 ----D---- C:\Windows\System32
2012-06-04 20:31:11 ----D---- C:\ACER
2012-06-04 19:42:16 ----D---- C:\Users\Flamen\AppData\Roaming\uTorrent
2012-06-04 16:51:53 ----D---- C:\Windows\inf
2012-06-04 16:51:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-06-04 16:50:35 ----D---- C:\Users\Flamen\AppData\Roaming\DAEMON Tools Lite
2012-06-04 14:28:30 ----D---- C:\Windows\winsxs
2012-06-04 14:28:29 ----D---- C:\Windows\system32\catroot
2012-06-04 14:28:13 ----SHD---- C:\System Volume Information
2012-06-04 14:24:32 ----D---- C:\Windows\system32\catroot2
2012-06-04 14:20:02 ----D---- C:\Windows
2012-06-04 14:20:00 ----D---- C:\Windows\system32\Msdtc
2012-06-04 14:19:58 ----D---- C:\Windows\system32\wbem
2012-06-04 14:19:07 ----D---- C:\Windows\Tasks
2012-06-04 14:19:07 ----D---- C:\Windows\system32\spool
2012-06-04 14:19:07 ----D---- C:\Windows\system32\drivers\etc
2012-06-04 14:19:07 ----D---- C:\Windows\system32\cs-CZ
2012-06-04 14:19:07 ----D---- C:\Users\Flamen\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
2012-06-04 14:19:06 ----SHD---- C:\$Recycle.Bin
2012-06-04 14:19:06 ----D---- C:\Windows\registration
2012-06-04 14:10:19 ----D---- C:\Windows\Logs
2012-06-04 13:09:38 ----D---- C:\Windows\system32\drivers
2012-06-04 13:09:38 ----D---- C:\Windows\AppPatch
2012-06-04 13:09:37 ----D---- C:\Program Files\Common Files
2012-06-04 13:05:31 ----D---- C:\Windows\Prefetch
2012-06-03 15:58:11 ----HD---- C:\ProgramData
2012-06-01 14:47:43 ----D---- C:\ProgramData\AVAST Software
2012-06-01 14:36:41 ----SHD---- C:\Windows\Installer
2012-06-01 07:52:07 ----D---- C:\Program Files\Google
2012-06-01 00:06:36 ----D---- C:\Users\Flamen\AppData\Roaming\Skype
2012-05-31 22:08:23 ----SD---- C:\Users\Flamen\AppData\Roaming\Microsoft
2012-05-31 21:47:16 ----D---- C:\Windows\system32\Tasks
2012-05-29 20:59:38 ----D---- C:\Users\Flamen\AppData\Roaming\IObit
2012-05-29 15:09:17 ----D---- C:\Users\Flamen\AppData\Roaming\Media Player Classic
2012-05-24 05:49:25 ----D---- C:\Program Files\uTorrent
2012-05-23 22:09:52 ----D---- C:\Windows\Debug
2012-05-23 22:08:06 ----D---- C:\Users\Flamen\AppData\Roaming\GHISLER
2012-05-23 22:06:06 ----D---- C:\Program Files\CCleaner
2012-05-12 18:14:38 ----RSD---- C:\Windows\assembly
2012-05-12 18:14:38 ----D---- C:\Windows\Microsoft.NET
2012-05-12 06:06:00 ----D---- C:\Program Files\Windows Journal
2012-05-12 06:02:54 ----A---- C:\Windows\system32\mrt.exe
2012-05-11 23:42:33 ----D---- C:\Windows\system32\XPSViewer
2012-05-09 20:59:56 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-02-11 329752]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-04-01 473656]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-30 13824]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-12-29 952832]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2009-03-17 452096]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-11 242240]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C60x86.sys [2009-04-07 50176]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-07-28 9791552]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-03-05 205360]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 acngnita;acngnita; C:\Windows\system32\drivers\acngnita.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2009-03-23 4232704]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-04-13 578848]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-02-11 354840]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-28 211488]
R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2009-02-05 237568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; D:\Dragon age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2011-11-24 3976584]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2006-04-14 240416]

-----------------EOF-----------------

Zdravím!
Dávat log RSIT po skenu ComboFix je holý nesmysl, neboť CF odstraní všechny případné stopy po virech. Dejte log ComboFix. Najdete ho v c:\combofix.txt.

Log z comba(doufám že to je správně )

.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-04 do 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-06-04 11:11 . 2012-06-04 11:11 -------- d-----w- c:\users\Flamen\AppData\Local\temp
2012-06-04 11:11 . 2012-06-04 11:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-03 13:58 . 2012-06-03 14:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-02 16:30 . 2012-06-02 16:30 -------- d-----w- c:\program files\Pando Networks
2012-05-31 21:57 . 2012-05-31 21:57 0 ---ha-w- c:\users\Flamen\AppData\Local\BITD3E4.tmp
2012-05-31 19:52 . 2012-05-31 19:52 3993600 ----a-w- c:\program files\GUT4911.tmp
2012-05-31 19:52 . 2012-05-31 19:52 -------- d-----w- c:\program files\GUM4910.tmp
2012-05-31 19:46 . 2012-06-01 12:36 -------- d-----w- c:\program files\AVAST Software
2012-05-28 17:17 . 2012-05-28 17:24 -------- d-----w- c:\programdata\DVD Shrink
2012-05-23 17:24 . 2012-05-23 17:24 -------- d-----w- c:\users\Flamen\AppData\Local\CRE
2012-05-11 11:07 . 2012-05-11 11:07 -------- d-----w- c:\programdata\WindowsSearch
2012-05-08 15:07 . 2012-05-08 15:07 -------- d-----w- c:\users\Flamen\AppData\Roaming\Ashampoo
2012-05-08 15:07 . 2012-05-08 15:07 -------- d-----w- c:\users\Flamen\AppData\Local\ashampoo
2012-05-08 15:07 . 2012-05-08 15:07 -------- d-----w- c:\programdata\ashampoo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 12:21 . 2012-04-15 12:21 673707 ----a-w- c:\windows\unins000.exe
2012-04-01 16:21 . 2012-04-01 16:21 473656 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-03-16 20:56 . 2012-03-16 20:56 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-16 20:56 . 2012-03-16 20:56 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-16 20:56 . 2012-03-16 20:56 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-16 20:56 . 2012-03-16 20:56 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-16 20:56 . 2012-03-16 20:56 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-16 20:55 . 2012-03-16 20:55 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-16 20:55 . 2012-03-16 20:55 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-16 20:55 . 2012-03-16 20:55 367104 ----a-w- c:\windows\system32\html.iec
2012-03-16 20:55 . 2012-03-16 20:55 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-16 20:55 . 2012-03-16 20:55 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-16 20:55 . 2012-03-16 20:55 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-16 20:55 . 2012-03-16 20:55 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-16 20:55 . 2012-03-16 20:55 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-16 20:55 . 2012-03-16 20:55 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-16 20:55 . 2012-03-16 20:55 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-16 20:55 . 2012-03-16 20:55 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-16 20:55 . 2012-03-16 20:55 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-16 20:55 . 2012-03-16 20:55 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-03-16 20:55 . 2012-03-16 20:55 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-03-16 20:55 . 2012-03-16 20:55 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-03-16 20:55 . 2012-03-16 20:55 2873344 ----a-w- c:\windows\system32\mf.dll
2012-03-16 20:55 . 2012-03-16 20:55 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-03-16 20:55 . 2012-03-16 20:55 98816 ----a-w- c:\windows\system32\mfps.dll
2012-03-16 20:55 . 2012-03-16 20:55 586240 ----a-w- c:\windows\system32\stobject.dll
2012-03-16 20:55 . 2012-03-16 20:55 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-03-16 20:55 . 2012-03-16 20:55 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-03-16 20:55 . 2012-03-16 20:55 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-03-16 20:55 . 2012-03-16 20:55 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-03-16 20:55 . 2012-03-16 20:55 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-16 20:55 . 2012-03-16 20:55 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-03-16 20:55 . 2012-03-16 20:55 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-03-16 20:55 . 2012-03-16 20:55 37376 ----a-w- c:\windows\system32\cdd.dll
2012-03-16 20:55 . 2012-03-16 20:55 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-03-16 20:55 . 2012-03-16 20:55 258048 ----a-w- c:\windows\system32\winspool.drv
2012-03-16 20:55 . 2012-03-16 20:55 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-03-16 20:55 . 2012-03-16 20:55 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-03-16 20:55 . 2012-03-16 20:55 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-03-16 20:55 . 2012-03-16 20:55 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\dxgkrnl.sys.mui
2012-03-16 20:55 . 2012-03-16 20:55 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-03-16 20:55 . 2012-03-16 20:55 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-03-16 20:55 . 2012-03-16 20:55 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-03-16 20:55 . 2012-03-16 20:55 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-03-16 20:55 . 2012-03-16 20:55 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-03-16 20:55 . 2012-03-16 20:55 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-03-16 20:55 . 2012-03-16 20:55 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-03-11 21:54 . 2012-03-11 21:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-11 21:49 . 2012-03-11 21:49 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-09 05:57 . 2012-04-29 11:47 545 ----a-w- c:\windows\UC.PIF
2012-03-09 05:57 . 2012-04-29 11:47 545 ----a-w- c:\windows\RAR.PIF
2012-03-09 05:57 . 2012-04-29 11:47 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-03-09 05:57 . 2012-04-29 11:47 545 ----a-w- c:\windows\LHA.PIF
2012-03-09 05:57 . 2012-04-29 11:47 545 ----a-w- c:\windows\ARJ.PIF
2012-05-03 15:50 . 2012-03-11 21:38 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-05 1434920]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-03-05 805384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-01-24 13:19 3478336 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-04 c:\windows\Tasks\AWC Startup.job
- d:\advance system care pro\Advanced SystemCare 3\AWC.exe [2011-12-15 20:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0312&m=extensa_5635zg
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: d:\advance system care pro\Advanced SystemCare 3\SPICtrl.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Flamen\AppData\Roaming\Mozilla\Firefox\Profiles\pp7ko4vw.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-04 13:11
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Celkový čas: 2012-06-04 13:14:11
ComboFix-quarantined-files.txt 2012-06-04 11:14
.
Před spuštěním: Volných bajtů: 32 881 213 440
Po spuštění: Volných bajtů: 32 605 540 352
.
- - End Of File - - 6B44D27F3F3BF94B484E3D7CDA8BA697

Log z comba(doufám že to je správně )

Až na to, že je bez hlavičky. Ta je také důležitá.

Pokud nemáte, přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\program files\GUT4911.tmp
c:\program files\GUM4910.tmp

Firefox::
FF - ProfilePath - c:\users\Flamen\AppData\Roaming\Mozilla\Firefox\Profiles\pp7ko4vw.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

Uložte na plochu jako CFScript.txt.Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

ComboFix 12-06-04.02 - Flamen 04.06.2012 22:18:54.1.2 - x86
Spuštěný z: c:\users\Flamen\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Flamen\Desktop\CFScript.txt.txt
.
file zipped: c:\program files\GUT4911.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\GUT4911.tmp
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-04 do 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-06-04 19:19 . 2012-06-04 19:20 -------- d-----w- c:\program files\trend micro
2012-06-04 19:19 . 2012-06-04 19:20 -------- d-----w- C:\rsit
2012-06-04 18:58 . 2012-06-04 19:12 -------- d-----w- c:\program files\WinUtilities
2012-06-04 18:58 . 2010-07-25 20:23 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2012-06-04 18:58 . 2010-07-25 20:23 544768 ----a-w- c:\windows\system32\wbocx.ocx
2012-06-04 18:58 . 2010-07-25 20:23 33968 ----a-w- c:\windows\system32\anim.dll
2012-06-04 18:58 . 2010-07-25 20:23 258352 ----a-w- c:\windows\system32\unicows.dll
2012-06-04 18:58 . 2010-07-25 20:23 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2012-06-04 18:58 . 2010-07-25 20:23 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2012-06-04 18:58 . 2010-07-25 20:23 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2012-06-04 18:23 . 2012-06-04 18:41 -------- d-----w- c:\program files\Advanced Fix 2012
2012-06-03 13:58 . 2012-06-04 12:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-02 16:30 . 2012-06-04 12:19 -------- d-----w- c:\programdata\PMB Files
2012-06-02 16:30 . 2012-06-02 16:30 -------- d-----w- c:\program files\Pando Networks
2012-05-31 21:57 . 2012-05-31 21:57 0 ---ha-w- c:\users\Flamen\AppData\Local\BITD3E4.tmp
2012-05-31 19:52 . 2012-05-31 19:52 -------- d-----w- c:\program files\GUM4910.tmp
2012-05-31 19:46 . 2012-06-01 12:36 -------- d-----w- c:\program files\AVAST Software
2012-05-28 17:17 . 2012-05-28 17:24 -------- d-----w- c:\programdata\DVD Shrink
2012-05-23 17:24 . 2012-05-23 17:24 -------- d-----w- c:\users\Flamen\AppData\Local\CRE
2012-05-11 11:07 . 2012-05-11 11:07 -------- d-----w- c:\programdata\WindowsSearch
2012-05-08 15:07 . 2012-05-08 15:07 -------- d-----w- c:\users\Flamen\AppData\Roaming\Ashampoo
2012-05-08 15:07 . 2012-05-08 15:07 -------- d-----w- c:\users\Flamen\AppData\Local\ashampoo
2012-05-08 15:07 . 2012-05-08 15:07 -------- d-----w- c:\programdata\ashampoo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 12:21 . 2012-04-15 12:21 673707 ----a-w- c:\windows\unins000.exe
2012-04-01 16:21 . 2012-04-01 16:21 473656 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-03-16 20:56 . 2012-03-16 20:56 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-16 20:56 . 2012-03-16 20:56 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-16 20:56 . 2012-03-16 20:56 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-16 20:56 . 2012-03-16 20:56 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-16 20:56 . 2012-03-16 20:56 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-16 20:55 . 2012-03-16 20:55 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-16 20:55 . 2012-03-16 20:55 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-16 20:55 . 2012-03-16 20:55 367104 ----a-w- c:\windows\system32\html.iec
2012-03-16 20:55 . 2012-03-16 20:55 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-16 20:55 . 2012-03-16 20:55 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-16 20:55 . 2012-03-16 20:55 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-16 20:55 . 2012-03-16 20:55 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-16 20:55 . 2012-03-16 20:55 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-16 20:55 . 2012-03-16 20:55 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-16 20:55 . 2012-03-16 20:55 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-16 20:55 . 2012-03-16 20:55 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-16 20:55 . 2012-03-16 20:55 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-16 20:55 . 2012-03-16 20:55 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-03-16 20:55 . 2012-03-16 20:55 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-03-16 20:55 . 2012-03-16 20:55 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-03-16 20:55 . 2012-03-16 20:55 2873344 ----a-w- c:\windows\system32\mf.dll
2012-03-16 20:55 . 2012-03-16 20:55 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-03-16 20:55 . 2012-03-16 20:55 98816 ----a-w- c:\windows\system32\mfps.dll
2012-03-16 20:55 . 2012-03-16 20:55 586240 ----a-w- c:\windows\system32\stobject.dll
2012-03-16 20:55 . 2012-03-16 20:55 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-03-16 20:55 . 2012-03-16 20:55 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-03-16 20:55 . 2012-03-16 20:55 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-03-16 20:55 . 2012-03-16 20:55 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-03-16 20:55 . 2012-03-16 20:55 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-16 20:55 . 2012-03-16 20:55 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-03-16 20:55 . 2012-03-16 20:55 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-03-16 20:55 . 2012-03-16 20:55 37376 ----a-w- c:\windows\system32\cdd.dll
2012-03-16 20:55 . 2012-03-16 20:55 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-03-16 20:55 . 2012-03-16 20:55 258048 ----a-w- c:\windows\system32\winspool.drv
2012-03-16 20:55 . 2012-03-16 20:55 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-03-16 20:55 . 2012-03-16 20:55 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-03-16 20:55 . 2012-03-16 20:55 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-03-16 20:55 . 2012-03-16 20:55 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\dxgkrnl.sys.mui
2012-03-16 20:55 . 2012-03-16 20:55 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-03-16 20:55 . 2012-03-16 20:55 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-03-16 20:55 . 2012-03-16 20:55 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-03-16 20:55 . 2012-03-16 20:55 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-03-16 20:55 . 2012-03-16 20:55 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-03-16 20:55 . 2012-03-16 20:55 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-03-16 20:55 . 2012-03-16 20:55 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-03-11 21:54 . 2012-03-11 21:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-11 21:49 . 2012-03-11 21:49 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-09 05:57 . 2012-04-29 11:47 545 ----a-w- c:\windows\UC.PIF
2012-03-09 05:57 . 2012-04-29 11:47 545 ----a-w- c:\windows\RAR.PIF
2012-03-09 05:57 . 2012-04-29 11:47 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-03-09 05:57 . 2012-04-29 11:47 545 ----a-w- c:\windows\LHA.PIF
2012-03-09 05:57 . 2012-04-29 11:47 545 ----a-w- c:\windows\ARJ.PIF
2012-05-03 15:50 . 2012-03-11 21:38 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-05 1434920]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-03-05 805384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-01-24 13:19 3478336 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-04 c:\windows\Tasks\AWC Startup.job
- d:\advance system care pro\Advanced SystemCare 3\AWC.exe [2011-12-15 20:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0312&m=extensa_5635zg
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: d:\advance system care pro\Advanced SystemCare 3\SPICtrl.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Flamen\AppData\Roaming\Mozilla\Firefox\Profiles\pp7ko4vw.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-04 22:27
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\€
\ €S A M S U N G _ 2 4 2 5 7 2 5 0 0 6 ]
"CacheSizeInMB"=dword:00000000
"CacheStatus"=dword:00000002
"USBVersion"=dword:00020000
"ReadSpeedKBs"=dword:00000000
"WriteSpeedKBs"=dword:00000000
"PhysicalDeviceSizeMB"=dword:00074709
"RecommendedCacheSizeMB"=dword:00000000
"HasSlowRegions"=dword:00000000
"DoRetestDevice"=dword:00000000
"DeviceStatus"=dword:00000001
"LastTestedTime"=hex(b):00,00,00,00,00,00,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(1552)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\Acer\Acer VCM\RS_Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Celkový čas: 2012-06-04 22:31:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-06-04 20:30
ComboFix2.txt 2012-06-04 11:14
.
Před spuštěním: Volných bajtů: 27 869 814 784
Po spuštění: Volných bajtů: 27 672 494 080
.
- - End Of File - - 41C5A7028D81C54744126133AD3549B0
Nahr nˇ probŘhlo ŁspŘçnŘ

Ještě jednou spusťte ComboFix tímto skriptem:

Folder::
c:\program files\GUM4910.tmp

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\€\ €S A M S U N G _ 2 4 2 5 7 2 5 0 0 6 ]

ComboFix 12-06-04.02 - Flamen 04.06.2012 22:54:23.2.2 - x86
Spuštěný z: c:\users\Flamen\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Flamen\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\GUM4910.tmp
c:\program files\GUM4910.tmp\GoogleCrashHandler.exe
c:\program files\GUM4910.tmp\GoogleCrashHandler64.exe
c:\program files\GUM4910.tmp\GoogleUpdate.exe
c:\program files\GUM4910.tmp\GoogleUpdateBroker.exe
c:\program files\GUM4910.tmp\GoogleUpdateHelper.msi
c:\program files\GUM4910.tmp\GoogleUpdateOnDemand.exe
c:\program files\GUM4910.tmp\GoogleUpdateSetup.exe
c:\program files\GUM4910.tmp\goopdate.dll
c:\program files\GUM4910.tmp\goopdateres_am.dll
c:\program files\GUM4910.tmp\goopdateres_ar.dll
c:\program files\GUM4910.tmp\goopdateres_bg.dll
c:\program files\GUM4910.tmp\goopdateres_bn.dll
c:\program files\GUM4910.tmp\goopdateres_ca.dll
c:\program files\GUM4910.tmp\goopdateres_cs.dll
c:\program files\GUM4910.tmp\goopdateres_da.dll
c:\program files\GUM4910.tmp\goopdateres_de.dll
c:\program files\GUM4910.tmp\goopdateres_el.dll
c:\program files\GUM4910.tmp\goopdateres_en-GB.dll
c:\program files\GUM4910.tmp\goopdateres_en.dll
c:\program files\GUM4910.tmp\goopdateres_es-419.dll
c:\program files\GUM4910.tmp\goopdateres_es.dll
c:\program files\GUM4910.tmp\goopdateres_et.dll
c:\program files\GUM4910.tmp\goopdateres_fa.dll
c:\program files\GUM4910.tmp\goopdateres_fi.dll
c:\program files\GUM4910.tmp\goopdateres_fil.dll
c:\program files\GUM4910.tmp\goopdateres_fr.dll
c:\program files\GUM4910.tmp\goopdateres_gu.dll
c:\program files\GUM4910.tmp\goopdateres_hi.dll
c:\program files\GUM4910.tmp\goopdateres_hr.dll
c:\program files\GUM4910.tmp\goopdateres_hu.dll
c:\program files\GUM4910.tmp\goopdateres_id.dll
c:\program files\GUM4910.tmp\goopdateres_is.dll
c:\program files\GUM4910.tmp\goopdateres_it.dll
c:\program files\GUM4910.tmp\goopdateres_iw.dll
c:\program files\GUM4910.tmp\goopdateres_ja.dll
c:\program files\GUM4910.tmp\goopdateres_kn.dll
c:\program files\GUM4910.tmp\goopdateres_ko.dll
c:\program files\GUM4910.tmp\goopdateres_lt.dll
c:\program files\GUM4910.tmp\goopdateres_lv.dll
c:\program files\GUM4910.tmp\goopdateres_ml.dll
c:\program files\GUM4910.tmp\goopdateres_mr.dll
c:\program files\GUM4910.tmp\goopdateres_ms.dll
c:\program files\GUM4910.tmp\goopdateres_nl.dll
c:\program files\GUM4910.tmp\goopdateres_no.dll
c:\program files\GUM4910.tmp\goopdateres_pl.dll
c:\program files\GUM4910.tmp\goopdateres_pt-BR.dll
c:\program files\GUM4910.tmp\goopdateres_pt-PT.dll
c:\program files\GUM4910.tmp\goopdateres_ro.dll
c:\program files\GUM4910.tmp\goopdateres_ru.dll
c:\program files\GUM4910.tmp\goopdateres_sk.dll
c:\program files\GUM4910.tmp\goopdateres_sl.dll
c:\program files\GUM4910.tmp\goopdateres_sr.dll
c:\program files\GUM4910.tmp\goopdateres_sv.dll
c:\program files\GUM4910.tmp\goopdateres_sw.dll
c:\program files\GUM4910.tmp\goopdateres_ta.dll
c:\program files\GUM4910.tmp\goopdateres_te.dll
c:\program files\GUM4910.tmp\goopdateres_th.dll
c:\program files\GUM4910.tmp\goopdateres_tr.dll
c:\program files\GUM4910.tmp\goopdateres_uk.dll
c:\program files\GUM4910.tmp\goopdateres_ur.dll
c:\program files\GUM4910.tmp\goopdateres_vi.dll
c:\program files\GUM4910.tmp\goopdateres_zh-CN.dll
c:\program files\GUM4910.tmp\goopdateres_zh-TW.dll
c:\program files\GUM4910.tmp\npGoogleUpdate3.dll
c:\program files\GUM4910.tmp\psmachine.dll
c:\program files\GUM4910.tmp\psuser.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-04 do 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-06-04 20:58 . 2012-06-04 20:58 -------- d-----w- c:\users\Flamen\AppData\Local\temp
2012-06-04 20:58 . 2012-06-04 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-04 19:19 . 2012-06-04 19:20 -------- d-----w- c:\program files\trend micro
2012-06-04 19:19 . 2012-06-04 19:20 -------- d-----w- C:\rsit
2012-06-04 18:58 . 2012-06-04 19:12 -------- d-----w- c:\program files\WinUtilities
2012-06-04 18:58 . 2010-07-25 20:23 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2012-06-04 18:58 . 2010-07-25 20:23 544768 ----a-w- c:\windows\system32\wbocx.ocx
2012-06-04 18:58 . 2010-07-25 20:23 33968 ----a-w- c:\windows\system32\anim.dll
2012-06-04 18:58 . 2010-07-25 20:23 258352 ----a-w- c:\windows\system32\unicows.dll
2012-06-04 18:58 . 2010-07-25 20:23 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2012-06-04 18:58 . 2010-07-25 20:23 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2012-06-04 18:58 . 2010-07-25 20:23 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2012-06-04 18:23 . 2012-06-04 18:41 -------- d-----w- c:\program files\Advanced Fix 2012
2012-06-03 13:58 . 2012-06-04 12:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-02 16:30 . 2012-06-04 12:19 -------- d-----w- c:\programdata\PMB Files
2012-06-02 16:30 . 2012-06-02 16:30 -------- d-----w- c:\program files\Pando Networks
2012-05-31 21:57 . 2012-05-31 21:57 0 ---ha-w- c:\users\Flamen\AppData\Local\BITD3E4.tmp
2012-05-31 19:46 . 2012-06-01 12:36 -------- d-----w- c:\program files\AVAST Software
2012-05-28 17:17 . 2012-05-28 17:24 -------- d-----w- c:\programdata\DVD Shrink
2012-05-23 17:24 . 2012-05-23 17:24 -------- d-----w- c:\users\Flamen\AppData\Local\CRE
2012-05-11 11:07 . 2012-05-11 11:07 -------- d-----w- c:\programdata\WindowsSearch
2012-05-08 15:07 . 2012-05-08 15:07 -------- d-----w- c:\users\Flamen\AppData\Roaming\Ashampoo
2012-05-08 15:07 . 2012-05-08 15:07 -------- d-----w- c:\users\Flamen\AppData\Local\ashampoo
2012-05-08 15:07 . 2012-05-08 15:07 -------- d-----w- c:\programdata\ashampoo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 12:21 . 2012-04-15 12:21 673707 ----a-w- c:\windows\unins000.exe
2012-04-01 16:21 . 2012-04-01 16:21 473656 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-03-16 20:56 . 2012-03-16 20:56 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-16 20:56 . 2012-03-16 20:56 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-16 20:56 . 2012-03-16 20:56 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-16 20:56 . 2012-03-16 20:56 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-16 20:56 . 2012-03-16 20:56 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-16 20:55 . 2012-03-16 20:55 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-16 20:55 . 2012-03-16 20:55 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-16 20:55 . 2012-03-16 20:55 367104 ----a-w- c:\windows\system32\html.iec
2012-03-16 20:55 . 2012-03-16 20:55 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-16 20:55 . 2012-03-16 20:55 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-16 20:55 . 2012-03-16 20:55 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-16 20:55 . 2012-03-16 20:55 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-16 20:55 . 2012-03-16 20:55 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-16 20:55 . 2012-03-16 20:55 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-16 20:55 . 2012-03-16 20:55 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-16 20:55 . 2012-03-16 20:55 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-16 20:55 . 2012-03-16 20:55 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-16 20:55 . 2012-03-16 20:55 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-03-16 20:55 . 2012-03-16 20:55 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-03-16 20:55 . 2012-03-16 20:55 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-03-16 20:55 . 2012-03-16 20:55 2873344 ----a-w- c:\windows\system32\mf.dll
2012-03-16 20:55 . 2012-03-16 20:55 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-03-16 20:55 . 2012-03-16 20:55 98816 ----a-w- c:\windows\system32\mfps.dll
2012-03-16 20:55 . 2012-03-16 20:55 586240 ----a-w- c:\windows\system32\stobject.dll
2012-03-16 20:55 . 2012-03-16 20:55 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-03-16 20:55 . 2012-03-16 20:55 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-03-16 20:55 . 2012-03-16 20:55 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-03-16 20:55 . 2012-03-16 20:55 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-03-16 20:55 . 2012-03-16 20:55 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-16 20:55 . 2012-03-16 20:55 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-03-16 20:55 . 2012-03-16 20:55 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-03-16 20:55 . 2012-03-16 20:55 37376 ----a-w- c:\windows\system32\cdd.dll
2012-03-16 20:55 . 2012-03-16 20:55 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-03-16 20:55 . 2012-03-16 20:55 258048 ----a-w- c:\windows\system32\winspool.drv
2012-03-16 20:55 . 2012-03-16 20:55 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-03-16 20:55 . 2012-03-16 20:55 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-03-16 20:55 . 2012-03-16 20:55 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-03-16 20:55 . 2012-03-16 20:55 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\dxgkrnl.sys.mui
2012-03-16 20:55 . 2012-03-16 20:55 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-03-16 20:55 . 2012-03-16 20:55 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-03-16 20:55 . 2012-03-16 20:55 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-03-16 20:55 . 2012-03-16 20:55 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-03-16 20:55 . 2012-03-16 20:55 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-03-16 20:55 . 2012-03-16 20:55 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-03-16 20:55 . 2012-03-16 20:55 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-03-11 21:54 . 2012-03-11 21:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-11 21:49 . 2012-03-11 21:49 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-09 05:57 . 2012-04-29 11:47 545 ----a-w- c:\windows\UC.PIF
2012-03-09 05:57 . 2012-04-29 11:47 545 ----a-w- c:\windows\RAR.PIF
2012-03-09 05:57 . 2012-04-29 11:47 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-03-09 05:57 . 2012-04-29 11:47 545 ----a-w- c:\windows\LHA.PIF
2012-03-09 05:57 . 2012-04-29 11:47 545 ----a-w- c:\windows\ARJ.PIF
2012-05-03 15:50 . 2012-03-11 21:38 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-05 1434920]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-03-05 805384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-01-24 13:19 3478336 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-04 c:\windows\Tasks\AWC Startup.job
- d:\advance system care pro\Advanced SystemCare 3\AWC.exe [2011-12-15 20:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0312&m=extensa_5635zg
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: d:\advance system care pro\Advanced SystemCare 3\SPICtrl.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Flamen\AppData\Roaming\Mozilla\Firefox\Profiles\pp7ko4vw.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-04 22:58
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\€
\ €S A M S U N G _ 2 4 2 5 7 2 5 0 0 6 ]
"CacheSizeInMB"=dword:00000000
"CacheStatus"=dword:00000002
"USBVersion"=dword:00020000
"ReadSpeedKBs"=dword:00000000
"WriteSpeedKBs"=dword:00000000
"PhysicalDeviceSizeMB"=dword:00074709
"RecommendedCacheSizeMB"=dword:00000000
"HasSlowRegions"=dword:00000000
"DoRetestDevice"=dword:00000000
"DeviceStatus"=dword:00000001
"LastTestedTime"=hex(b):00,00,00,00,00,00,00,00
.
Celkový čas: 2012-06-04 23:00:32
ComboFix-quarantined-files.txt 2012-06-04 21:00
ComboFix2.txt 2012-06-04 20:33
ComboFix3.txt 2012-06-04 11:14
.
Před spuštěním: Volných bajtů: 27 507 101 696
Po spuštění: Volných bajtů: 27 483 553 792
.
- - End Of File - - 64554AF6D458FBF5111D818105C7ADBB

Dobrý den chcu jen upozornit že pokud bych přestal reagovat můj internet asi definitivě vypověděl funkci.(Tohle podezření mám jelikož načítání stránek se stále zhoršuje)

Log je již OK. Pokud je net stále pomalý, zkuste:
1. Startmenu>spustit>(napsat) netsh winsock reset>Enter. Restart PC.
2. restartujte modem, příp. další síť. prvek v datové cestě.

Vše co jste mi napsal jsem udělal bohužel internet je stále pomalý.

Nejste pod FUPem?

Ne nejsem.

OK. Udělejte sken GMER: http://forum.viry.cz/viewtopic.php?f=29&t=62878 a dejte oba logy. Prověříme PC na rootkit.

log č.1 :

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-06-05 21:45:58
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: gmer.exe; Driver: C:\Users\Flamen\AppData\Local\Temp\kgriipoc.sys

---- Devices - GMER 1.0.15 ----

Device \Driver\iaStor \Device\Ide\iaStor0 [822BF0B0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [822BF0B0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [822BF0B0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\agq5nass \Device\Scsi\agq5nass1 86A7A1E8
Device \Driver\agq5nass \Device\Scsi\agq5nass1Port2Path0Target0Lun0 86A7A1E8
Device \FileSystem\Ntfs \Ntfs 850EA1E8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Log č.2 :

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-05 22:29:24
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: gmer.exe; Driver: C:\Users\Flamen\AppData\Local\Temp\kgriipoc.sys

---- System - GMER 1.0.15 ----

INT 0x51 ? 868DECB8
INT 0x51 ? 868DECB8
INT 0x51 ? 868DECB8
INT 0x72 ? 868DECB8
INT 0x82 ? 868DECB8
INT 0x92 ? 868DECB8
INT 0xA2 ? 850E8CB8
INT 0xA2 ? 868DECB8
INT 0xA2 ? 868DECB8
INT 0xA2 ? 850E8CB8

---- Kernel code sections - GMER 1.0.15 ----

.sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x807AC089]
.text USBPORT.SYS!DllUnload 8E3A841B 5 Bytes JMP 868DE1C8
? C:\Windows\System32\Drivers\agq5nass.SYS suspicious PE modification

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[716] USER32.dll!SetWindowLongA 7643E7CD 5 Bytes JMP 66C65EE6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[716] USER32.dll!SetWindowLongW 764413B4 5 Bytes JMP 66C65E78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[716] USER32.dll!GetWindowInfo 7644428E 5 Bytes JMP 66A54822 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[716] USER32.dll!TrackPopupMenu 764514F3 5 Bytes JMP 66A54DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3880] ntdll.dll!LdrLoadDll 77669378 5 Bytes JMP 668DC930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3880] kernel32.dll!MapViewOfFile 767B6B10 5 Bytes JMP 66B0E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3880] kernel32.dll!VirtualAlloc 767BAF75 5 Bytes JMP 66B0E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3880] GDI32.dll!CreateDIBSection 76387461 5 Bytes JMP 66B0E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ntdll.dll!NtQueryInformationProcess 776A4CC4 5 Bytes JMP 00970100 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] kernel32.dll!IsDebuggerPresent 7678EFF7 6 Bytes JMP 00B83310 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] kernel32.dll!DeviceIoControl 767950FF 7 Bytes JMP 00970420 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] kernel32.dll!CreateFileW 767BB0EB 5 Bytes JMP 009702F0 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] kernel32.dll!CreateFileA 767BD07F 5 Bytes JMP 00970190 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] USER32.dll!ChangeDisplaySettingsExA 76436FE7 5 Bytes JMP 00978250 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] USER32.dll!ChangeDisplaySettingsExW 7647A9E4 5 Bytes JMP 00978280 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegFlushKey 75E8CDEB 7 Bytes JMP 0090E680 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegDeleteKeyA 75EA1C8C 5 Bytes JMP 0090E770 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegQueryInfoKeyA 75EA297F 7 Bytes JMP 0090EA50 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegDeleteValueA 75EA2F59 7 Bytes JMP 0090E7D0 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegQueryValueA 75EA30C8 7 Bytes JMP 0090EB10 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegDeleteKeyW 75EA38CD 7 Bytes JMP 0090E7A0 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegCreateKeyExA 75EA39AB 5 Bytes JMP 0090E710 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegCreateKeyA 75EA3BA9 5 Bytes JMP 0090E6B0 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegSetValueExA 75EA3BEC 7 Bytes JMP 0090ECB0 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegDeleteValueW 75EA3FB6 7 Bytes JMP 0090E800 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegOpenKeyA 75EA89C7 5 Bytes JMP 0090E970 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegEnumValueA 75EA8A0B 7 Bytes JMP 0090E8D0 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegEnumValueW 75EA9850 7 Bytes JMP 0090E920 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegEnumKeyExA 75EB28D2 5 Bytes JMP 0090E830 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegQueryValueW 75EB32D4 7 Bytes JMP 0090EB50 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegCreateKeyW 75EB391E 5 Bytes JMP 0090E6E0 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegSetValueExW 75EB3D5A 7 Bytes JMP 0090ECF0 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegCreateKeyExW 75EB41F1 5 Bytes JMP 0090E740 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegQueryInfoKeyW 75EB48B4 7 Bytes JMP 0090EAB0 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegQueryValueExA 75EB7A9D 7 Bytes JMP 0090EB90 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegOpenKeyExA 75EB7C42 5 Bytes JMP 0090E9D0 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegOpenKeyW 75EBE2B5 5 Bytes JMP 0090E9A0 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegQueryValueExW 75EC765E 7 Bytes JMP 0090EBE0 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegCloseKey 75EC7908 7 Bytes JMP 0090E650 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegOpenKeyExW 75EC7BA1 5 Bytes JMP 0090EA10 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegEnumKeyExW 75EC7F52 7 Bytes JMP 0090E880 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegSetValueW 75ECB3E4 5 Bytes JMP 0090EC70 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ADVAPI32.dll!RegSetValueA 75F05811 5 Bytes JMP 0090EC30 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)
.text C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe[3988] ole32.dll!CoCreateInstance 76679F3E 5 Bytes JMP 0090EE30 C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [80699F12] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [8069A232] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80699730] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8069A0F0] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [80699856] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [80699914] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806ADEA6] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2428] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74257817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2428] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7429B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2428] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7425BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2428] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7424F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2428] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [742575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2428] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7424E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2428] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [742873F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2428] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7425DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2428] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7424FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2428] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7424FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2428] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [742471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2428] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [742DCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2428] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7427C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2428] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7424D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2428] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74246853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2428] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7424687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2428] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74252AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 850EA1E8
Device \FileSystem\udfs \UdfsCdRom 87C6A1E8
Device \FileSystem\udfs \UdfsDisk 87C6A1E8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\usbuhci \Device\USBPDO-0 868DD1E8
Device \Driver\usbuhci \Device\USBPDO-1 868DD1E8
Device \Driver\usbehci \Device\USBPDO-2 868EF1E8
Device \Driver\usbuhci \Device\USBPDO-3 868DD1E8
Device \Driver\usbuhci \Device\USBPDO-4 868DD1E8
Device \Driver\usbuhci \Device\USBPDO-5 868DD1E8
Device \Driver\usbuhci \Device\USBPDO-6 868DD1E8
Device \Driver\usbehci \Device\USBPDO-7 868EF1E8
Device \Driver\cdrom \Device\CdRom0 869691E8
Device \Driver\iaStor \Device\Ide\iaStor0 [822BF0B0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [822BF0B0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [822BF0B0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\cdrom \Device\CdRom1 869691E8
Device \Driver\netbt \Device\NetBT_Tcpip_{A06B3B89-8962-4E1F-AFA3-DF65E2E70776} 868E61E8
Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl 86AF51E8
Device \Driver\netbt \Device\NetBt_Wins_Export 868E61E8
Device \Driver\netbt \Device\NetBT_Tcpip_{C77E8000-DFFA-4E64-B773-0E665F27E434} 868E61E8
Device \Driver\Smb \Device\NetbiosSmb 873F61E8
Device \Driver\PCI_PNP8705 \Device\0000004c sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
Device \Driver\PCI_PNP8705 \Device\0000004c sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
Device \Driver\iScsiPrt \Device\RaidPort0 86ACE1E8
Device \Driver\usbuhci \Device\USBFDO-0 868DD1E8
Device \Driver\usbuhci \Device\USBFDO-1 868DD1E8
Device \Driver\usbehci \Device\USBFDO-2 868EF1E8
Device \Driver\usbuhci \Device\USBFDO-3 868DD1E8
Device \Driver\usbuhci \Device\USBFDO-4 868DD1E8
Device \Driver\usbuhci \Device\USBFDO-5 868DD1E8
Device \Driver\usbuhci \Device\USBFDO-6 868DD1E8
Device \Driver\usbehci \Device\USBFDO-7 868EF1E8
Device \Driver\agq5nass \Device\Scsi\agq5nass1 86A7A1E8
Device \Driver\agq5nass \Device\Scsi\agq5nass1Port2Path0Target0Lun0 86A7A1E8
Device \FileSystem\cdfs \Cdfs 87C2C1E8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF3 0xD2 0x53 0xE7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x97 0xA7 0x0F 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x67 0x0A 0x1C 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF3 0xD2 0x53 0xE7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x97 0xA7 0x0F 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x67 0x0A 0x1C 0x75 ...

---- EOF - GMER 1.0.15 ----

Toto je OK, PC by měl být na 99% čistý. Inforujte o problému providera.

VIRY.CZ

Velké zpomalení internetu

Velké zpomalení internetu

Re: Velké zpomalení internetu

Re: Velké zpomalení internetu

Re: Velké zpomalení internetu

Re: Velké zpomalení internetu

Re: Velké zpomalení internetu

Re: Velké zpomalení internetu

Re: Velké zpomalení internetu

Re: Velké zpomalení internetu

Re: Velké zpomalení internetu

Re: Velké zpomalení internetu

Re: Velké zpomalení internetu

Re: Velké zpomalení internetu

Re: Velké zpomalení internetu

Re: Velké zpomalení internetu