Dobrý den,
Chtěl bych poprosit o zkontrolování logu z HJT,a radu jak to opravit.PC pomalu nabíhá a pocituju nižší výkon,a hlavně rozesíla spam z ICQ.NOD32 nic nenasel.Předem dekuji
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:45:13, on 24.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRAM FILES\FRAPS\FRAPS.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\PROGRA~1\NETSCAPE\NAVIGA~1\NAVIGA~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource ... =CT1750559
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Fraps] C:\PROGRAM FILES\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 5869 bytes
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Snížený výkon,pomalu nabíhá,rozesílaní spamu z ICQ
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Snížený výkon,pomalu nabíhá,rozesílaní spamu z ICQ
Zdravim,
odinstalujte Spybot,mate ESS.
Vycistete pc Ccleanerem.
Vzdy nejprve Analyzovat a pak Spustit Cleaner.2x po sobe.
Windows-odskrtnout historii a historii automatickeho vyplnovani formularu - prisel byste o historii navstivenych stranek a o ulozena hesla ve formularich
(je to sice z pohledu zabezpeceni spatne,ale aspon pak uzivatel nenadava,kam ze mu to zmizelo
)
Aplikace-u prohlizecu internetu odskrtnout Historii internetu.
Registry-nechat vse zaskrtle,Hledej problemy,Opravit vybrane problemy
(nechat ho udelat zalohu-ta je ulozena v Dokumentech-DULEZITE).
Taktez 2x-3x po sobe.
Stahnete OTL
spustte, oznacte "Scan All Users,30days zmente na 7,kliknete na Run Scan,
po skonceni skenu sem vlozte obsah logu z OTL.txt.
odinstalujte Spybot,mate ESS.
Vycistete pc Ccleanerem.Vzdy nejprve Analyzovat a pak Spustit Cleaner.2x po sobe.
Windows-odskrtnout historii a historii automatickeho vyplnovani formularu - prisel byste o historii navstivenych stranek a o ulozena hesla ve formularich
(je to sice z pohledu zabezpeceni spatne,ale aspon pak uzivatel nenadava,kam ze mu to zmizelo
)Aplikace-u prohlizecu internetu odskrtnout Historii internetu.
Registry-nechat vse zaskrtle,Hledej problemy,Opravit vybrane problemy
(nechat ho udelat zalohu-ta je ulozena v Dokumentech-DULEZITE).
Taktez 2x-3x po sobe.
Stahnete OTLspustte, oznacte "Scan All Users,30days zmente na 7,kliknete na Run Scan,
po skonceni skenu sem vlozte obsah logu z OTL.txt.
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: Snížený výkon,pomalu nabíhá,rozesílaní spamu z ICQ
Tak snad jsem vse udelal tak jak jsme mel.Tady je report:
OTL logfile created on: 25.1.2010 16:11:08 - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\Hepcik\Plocha
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 34,31 Gb Free Space | 23,02% Space Free | Partition Type: NTFS
Drive D: | 2,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
Drive F: | 152,66 Gb Total Space | 131,24 Gb Free Space | 85,97% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HEPE
Current User Name: Hepcik
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.01.25 16:10:21 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hepcik\Plocha\OTL.exe
PRC - [2010.01.18 15:39:06 | 00,214,520 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
PRC - [2009.10.14 17:40:29 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009.10.09 13:11:12 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009.10.09 13:11:12 | 00,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2008.08.18 12:23:50 | 01,447,168 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008.02.19 18:16:56 | 08,253,440 | ---- | M] (Netscape) -- C:\Program Files\Netscape\Navigator 9\navigator.exe
PRC - [2008.01.14 13:18:20 | 03,182,248 | ---- | M] (Beepa P/L) -- C:\Program Files\Fraps\fraps.exe
PRC - [2008.01.10 03:56:02 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2007.12.21 07:21:16 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2007.07.17 10:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2007.07.17 10:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2006.06.01 12:32:12 | 00,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.03.02 13:00:00 | 01,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.05.11 23:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2005.05.11 22:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2005.05.11 22:16:22 | 00,077,824 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
PRC - [2005.05.11 22:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2004.02.26 09:53:30 | 00,065,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
========== Modules (SafeList) ==========
MOD - [2010.01.25 16:10:21 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hepcik\Plocha\OTL.exe
MOD - [2008.01.14 13:15:34 | 00,159,744 | ---- | M] (Beepa P/L) -- C:\Program Files\Fraps\fraps.dll
MOD - [2006.03.02 13:00:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (NetDDEdsdm)
SRV - File not found [Disabled | Stopped] -- -- (NetDDE)
SRV - [2010.01.18 15:39:06 | 00,214,520 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009.10.14 17:40:29 | 00,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008.08.18 12:30:58 | 00,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2008.07.29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.01.10 03:56:02 | 00,512,000 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2008.01.09 20:05:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2007.12.21 07:21:16 | 00,468,224 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2006.06.22 15:13:06 | 00,208,896 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2004.09.29 11:14:36 | 00,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003.07.28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - [2009.12.12 00:22:02 | 00,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.12.11 20:13:06 | 00,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.10.08 20:27:43 | 00,011,973 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2009.09.12 18:17:47 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2008.08.18 12:27:42 | 00,054,280 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2008.08.18 12:27:40 | 00,030,728 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2008.08.18 12:27:36 | 00,071,688 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2008.08.18 12:19:26 | 00,053,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2008.08.18 12:18:26 | 00,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008.01.10 06:40:38 | 02,846,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.03.02 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2005.03.08 05:43:27 | 00,021,744 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2005.03.08 05:43:26 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005.03.08 05:43:25 | 00,051,120 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2004.03.19 13:02:08 | 00,613,244 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004.02.24 04:08:52 | 00,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003.11.10 05:30:00 | 00,174,464 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yukonwxp.sys -- (yukonwxp)
DRV - [2003.07.02 03:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2025429265-436374069-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource ... =CT1750559
IE - HKU\S-1-5-21-2025429265-436374069-725345543-1004\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2025429265-436374069-725345543-1004\S-1-5-21-2025429265-436374069-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2009.09.08 18:42:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2009.09.08 18:41:58 | 00,000,000 | ---D | M]
O1 HOSTS File: ([2006.03.02 13:00:00 | 00,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2025429265-436374069-725345543-1004\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-2025429265-436374069-725345543-1004\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe (MediaCodec.Org)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\S-1-5-21-2025429265-436374069-725345543-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2025429265-436374069-725345543-1004..\Run: [Fraps] C:\Program Files\Fraps\fraps.exe (Beepa P/L)
O4 - HKU\S-1-5-21-2025429265-436374069-725345543-1004..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2025429265-436374069-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2025429265-436374069-725345543-1004\..Trusted Domains: ketsujin.com ([fighterace] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-2025429265-436374069-725345543-1004\..Trusted Domains: ketsujin.com ([primary] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-2025429265-436374069-725345543-1004\..Trusted Domains: ketsujin.com ([update] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-2025429265-436374069-725345543-1004\..Trusted Domains: ketsujin.com ([www] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-2025429265-436374069-725345543-1004\..Trusted Domains: stormofaces.com ([www] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-2025429265-436374069-725345543-1004\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.08 16:53:06 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004.02.15 16:20:09 | 00,000,058 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 7 Days ==========
[2010.01.25 16:10:06 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hepcik\Plocha\OTL.exe
[2010.01.25 16:09:57 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Hepcik\Recent
[2010.01.25 16:01:55 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.01.25 16:00:47 | 03,357,024 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Hepcik\Plocha\ccsetup227.exe
[2010.01.24 13:44:13 | 00,000,000 | ---D | C] -- C:\Trend Micro
[2010.01.24 13:39:18 | 00,000,000 | ---D | C] -- C:\avenger
[2010.01.24 12:54:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hepcik\Data aplikací\Ventrilo
[2010.01.24 12:54:30 | 00,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010.01.24 12:54:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009.09.26 06:07:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2009.09.12 19:55:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
[2009.09.12 18:17:47 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Hepcik\Data aplikací\pcouffin.sys
[2009.09.08 16:55:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2009.09.08 16:52:58 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2009.09.08 16:52:58 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2010.01.25 16:10:21 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hepcik\Plocha\OTL.exe
[2010.01.25 16:09:30 | 00,000,196 | ---- | M] () -- C:\Documents and Settings\Hepcik\Dokumenty\cc_20100125_160859_zaloha_3.reg
[2010.01.25 16:09:12 | 00,001,868 | ---- | M] () -- C:\Documents and Settings\Hepcik\Dokumenty\cc_20100125_160859_zaloha_2.reg
[2010.01.25 16:08:35 | 00,112,652 | ---- | M] () -- C:\Documents and Settings\Hepcik\Dokumenty\cc_20100125_160814_zaloha.reg
[2010.01.25 16:01:56 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Hepcik\Plocha\CCleaner.lnk
[2010.01.25 16:01:11 | 03,357,024 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Hepcik\Plocha\ccsetup227.exe
[2010.01.25 15:53:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.01.25 15:53:19 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.01.25 15:53:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.01.25 15:53:14 | 16,098,79552 | -HS- | M] () -- C:\hiberfil.sys
[2010.01.25 00:44:58 | 03,670,016 | -H-- | M] () -- C:\Documents and Settings\Hepcik\NTUSER.DAT
[2010.01.25 00:44:54 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Hepcik\ntuser.ini
[2010.01.24 20:50:54 | 00,002,163 | ---- | M] () -- C:\Documents and Settings\Hepcik\Plocha\Ventrilo.lnk
[2010.01.24 14:16:54 | 06,424,842 | ---- | M] () -- C:\Documents and Settings\Hepcik\Plocha\Neuveritelne.wmv
[2010.01.24 13:39:25 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.01.24 13:37:33 | 00,060,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\mkre^jfh.sys
[2010.01.24 12:38:17 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.01.24 12:38:13 | 00,075,776 | ---- | M] () -- C:\Documents and Settings\Hepcik\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.21 12:02:51 | 73,288,2052 | ---- | M] () -- C:\Documents and Settings\Hepcik\Plocha\Breakdance Girl.2009.DVDRip.XviD.CZdab.avi
[2010.01.21 10:58:10 | 13,150,44352 | ---- | M] () -- C:\Documents and Settings\Hepcik\Plocha\Navěky silný - sportovní,drama 2008, cz dabing.avi
[2010.01.21 09:17:02 | 14,214,69424 | ---- | M] () -- C:\Documents and Settings\Hepcik\Plocha\Jánošík - Pravdivá historie (český dabing DVDrip).avi
[2010.01.20 18:16:42 | 00,050,688 | ---- | M] () -- C:\Documents and Settings\Hepcik\Dokumenty\Lakomec.doc
[2010.01.19 16:36:32 | 92,082,2361 | ---- | M] () -- C:\Documents and Settings\Hepcik\Plocha\Huntertastic_Vol_1.wmv
[2010.01.18 19:42:48 | 10,235,58244 | ---- | M] () -- C:\Documents and Settings\Hepcik\Plocha\The Twilight Saga New Moon 2009 obsahuje titulky CZ upload by sunnydanny.avi
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.01.25 16:09:29 | 00,000,196 | ---- | C] () -- C:\Documents and Settings\Hepcik\Dokumenty\cc_20100125_160859_zaloha_3.reg
[2010.01.25 16:09:10 | 00,001,868 | ---- | C] () -- C:\Documents and Settings\Hepcik\Dokumenty\cc_20100125_160859_zaloha_2.reg
[2010.01.25 16:08:27 | 00,112,652 | ---- | C] () -- C:\Documents and Settings\Hepcik\Dokumenty\cc_20100125_160814_zaloha.reg
[2010.01.25 16:01:56 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Hepcik\Plocha\CCleaner.lnk
[2010.01.24 14:16:23 | 06,424,842 | ---- | C] () -- C:\Documents and Settings\Hepcik\Plocha\Neuveritelne.wmv
[2010.01.24 13:37:33 | 00,060,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\mkre^jfh.sys
[2010.01.24 12:54:32 | 00,002,163 | ---- | C] () -- C:\Documents and Settings\Hepcik\Plocha\Ventrilo.lnk
[2010.01.21 10:58:51 | 73,288,2052 | ---- | C] () -- C:\Documents and Settings\Hepcik\Plocha\Breakdance Girl.2009.DVDRip.XviD.CZdab.avi
[2010.01.21 09:44:37 | 13,150,44352 | ---- | C] () -- C:\Documents and Settings\Hepcik\Plocha\Navěky silný - sportovní,drama 2008, cz dabing.avi
[2010.01.21 07:59:06 | 14,214,69424 | ---- | C] () -- C:\Documents and Settings\Hepcik\Plocha\Jánošík - Pravdivá historie (český dabing DVDrip).avi
[2010.01.20 18:14:10 | 00,050,688 | ---- | C] () -- C:\Documents and Settings\Hepcik\Dokumenty\Lakomec.doc
[2010.01.19 15:45:21 | 92,082,2361 | ---- | C] () -- C:\Documents and Settings\Hepcik\Plocha\Huntertastic_Vol_1.wmv
[2009.12.29 19:05:11 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009.12.11 20:13:05 | 00,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.12.03 23:06:32 | 00,078,144 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2009.10.14 17:41:03 | 00,137,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.10.08 20:26:03 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009.10.08 20:26:03 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2009.09.12 18:18:05 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\Hepcik\Data aplikací\vso_ts_preview.xml
[2009.09.12 18:17:56 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Hepcik\Data aplikací\pcouffin.log
[2009.09.12 18:17:47 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Hepcik\Data aplikací\inst.exe
[2009.09.12 18:17:47 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Hepcik\Data aplikací\pcouffin.cat
[2009.09.12 18:17:47 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Hepcik\Data aplikací\pcouffin.inf
[2009.09.08 19:39:09 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.09.08 19:39:08 | 00,075,776 | ---- | C] () -- C:\Documents and Settings\Hepcik\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.08 17:36:57 | 00,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.09.08 17:23:33 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\Hepcik\Local Settings\Data aplikací\fusioncache.dat
[2009.09.08 17:15:10 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009.09.08 17:06:22 | 00,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2009.09.08 17:02:39 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009.09.08 17:02:36 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009.09.08 17:02:25 | 00,000,452 | ---- | C] () -- C:\WINDOWS\alsndmgr.ini
[2009.09.08 17:01:16 | 00,005,249 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.09.08 17:01:14 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005.10.14 10:56:50 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 10:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 10:56:50 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 10:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 10:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 10:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 10:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 10:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001.07.06 14:30:00 | 00,003,165 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
========== Alternate Data Streams ==========
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:05EE1EEF
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:888AFB86
< End of report >
OTL logfile created on: 25.1.2010 16:11:08 - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\Hepcik\Plocha
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 34,31 Gb Free Space | 23,02% Space Free | Partition Type: NTFS
Drive D: | 2,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
Drive F: | 152,66 Gb Total Space | 131,24 Gb Free Space | 85,97% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HEPE
Current User Name: Hepcik
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.01.25 16:10:21 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hepcik\Plocha\OTL.exe
PRC - [2010.01.18 15:39:06 | 00,214,520 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
PRC - [2009.10.14 17:40:29 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009.10.09 13:11:12 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009.10.09 13:11:12 | 00,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2008.08.18 12:23:50 | 01,447,168 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008.02.19 18:16:56 | 08,253,440 | ---- | M] (Netscape) -- C:\Program Files\Netscape\Navigator 9\navigator.exe
PRC - [2008.01.14 13:18:20 | 03,182,248 | ---- | M] (Beepa P/L) -- C:\Program Files\Fraps\fraps.exe
PRC - [2008.01.10 03:56:02 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2007.12.21 07:21:16 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2007.07.17 10:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2007.07.17 10:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2006.06.01 12:32:12 | 00,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.03.02 13:00:00 | 01,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.05.11 23:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2005.05.11 22:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2005.05.11 22:16:22 | 00,077,824 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
PRC - [2005.05.11 22:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2004.02.26 09:53:30 | 00,065,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
========== Modules (SafeList) ==========
MOD - [2010.01.25 16:10:21 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hepcik\Plocha\OTL.exe
MOD - [2008.01.14 13:15:34 | 00,159,744 | ---- | M] (Beepa P/L) -- C:\Program Files\Fraps\fraps.dll
MOD - [2006.03.02 13:00:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (NetDDEdsdm)
SRV - File not found [Disabled | Stopped] -- -- (NetDDE)
SRV - [2010.01.18 15:39:06 | 00,214,520 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009.10.14 17:40:29 | 00,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008.08.18 12:30:58 | 00,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2008.07.29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.01.10 03:56:02 | 00,512,000 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2008.01.09 20:05:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2007.12.21 07:21:16 | 00,468,224 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2006.06.22 15:13:06 | 00,208,896 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2004.09.29 11:14:36 | 00,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003.07.28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - [2009.12.12 00:22:02 | 00,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.12.11 20:13:06 | 00,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.10.08 20:27:43 | 00,011,973 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2009.09.12 18:17:47 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2008.08.18 12:27:42 | 00,054,280 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2008.08.18 12:27:40 | 00,030,728 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2008.08.18 12:27:36 | 00,071,688 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2008.08.18 12:19:26 | 00,053,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2008.08.18 12:18:26 | 00,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008.01.10 06:40:38 | 02,846,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.03.02 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2005.03.08 05:43:27 | 00,021,744 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2005.03.08 05:43:26 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005.03.08 05:43:25 | 00,051,120 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2004.03.19 13:02:08 | 00,613,244 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004.02.24 04:08:52 | 00,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003.11.10 05:30:00 | 00,174,464 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yukonwxp.sys -- (yukonwxp)
DRV - [2003.07.02 03:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2025429265-436374069-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource ... =CT1750559
IE - HKU\S-1-5-21-2025429265-436374069-725345543-1004\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2025429265-436374069-725345543-1004\S-1-5-21-2025429265-436374069-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2009.09.08 18:42:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2009.09.08 18:41:58 | 00,000,000 | ---D | M]
O1 HOSTS File: ([2006.03.02 13:00:00 | 00,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2025429265-436374069-725345543-1004\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-2025429265-436374069-725345543-1004\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe (MediaCodec.Org)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\S-1-5-21-2025429265-436374069-725345543-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2025429265-436374069-725345543-1004..\Run: [Fraps] C:\Program Files\Fraps\fraps.exe (Beepa P/L)
O4 - HKU\S-1-5-21-2025429265-436374069-725345543-1004..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2025429265-436374069-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2025429265-436374069-725345543-1004\..Trusted Domains: ketsujin.com ([fighterace] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-2025429265-436374069-725345543-1004\..Trusted Domains: ketsujin.com ([primary] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-2025429265-436374069-725345543-1004\..Trusted Domains: ketsujin.com ([update] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-2025429265-436374069-725345543-1004\..Trusted Domains: ketsujin.com ([www] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-2025429265-436374069-725345543-1004\..Trusted Domains: stormofaces.com ([www] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-2025429265-436374069-725345543-1004\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.08 16:53:06 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004.02.15 16:20:09 | 00,000,058 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 7 Days ==========
[2010.01.25 16:10:06 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hepcik\Plocha\OTL.exe
[2010.01.25 16:09:57 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Hepcik\Recent
[2010.01.25 16:01:55 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.01.25 16:00:47 | 03,357,024 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Hepcik\Plocha\ccsetup227.exe
[2010.01.24 13:44:13 | 00,000,000 | ---D | C] -- C:\Trend Micro
[2010.01.24 13:39:18 | 00,000,000 | ---D | C] -- C:\avenger
[2010.01.24 12:54:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hepcik\Data aplikací\Ventrilo
[2010.01.24 12:54:30 | 00,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010.01.24 12:54:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009.09.26 06:07:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2009.09.12 19:55:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
[2009.09.12 18:17:47 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Hepcik\Data aplikací\pcouffin.sys
[2009.09.08 16:55:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2009.09.08 16:52:58 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2009.09.08 16:52:58 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2010.01.25 16:10:21 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hepcik\Plocha\OTL.exe
[2010.01.25 16:09:30 | 00,000,196 | ---- | M] () -- C:\Documents and Settings\Hepcik\Dokumenty\cc_20100125_160859_zaloha_3.reg
[2010.01.25 16:09:12 | 00,001,868 | ---- | M] () -- C:\Documents and Settings\Hepcik\Dokumenty\cc_20100125_160859_zaloha_2.reg
[2010.01.25 16:08:35 | 00,112,652 | ---- | M] () -- C:\Documents and Settings\Hepcik\Dokumenty\cc_20100125_160814_zaloha.reg
[2010.01.25 16:01:56 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Hepcik\Plocha\CCleaner.lnk
[2010.01.25 16:01:11 | 03,357,024 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Hepcik\Plocha\ccsetup227.exe
[2010.01.25 15:53:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.01.25 15:53:19 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.01.25 15:53:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.01.25 15:53:14 | 16,098,79552 | -HS- | M] () -- C:\hiberfil.sys
[2010.01.25 00:44:58 | 03,670,016 | -H-- | M] () -- C:\Documents and Settings\Hepcik\NTUSER.DAT
[2010.01.25 00:44:54 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Hepcik\ntuser.ini
[2010.01.24 20:50:54 | 00,002,163 | ---- | M] () -- C:\Documents and Settings\Hepcik\Plocha\Ventrilo.lnk
[2010.01.24 14:16:54 | 06,424,842 | ---- | M] () -- C:\Documents and Settings\Hepcik\Plocha\Neuveritelne.wmv
[2010.01.24 13:39:25 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.01.24 13:37:33 | 00,060,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\mkre^jfh.sys
[2010.01.24 12:38:17 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.01.24 12:38:13 | 00,075,776 | ---- | M] () -- C:\Documents and Settings\Hepcik\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.21 12:02:51 | 73,288,2052 | ---- | M] () -- C:\Documents and Settings\Hepcik\Plocha\Breakdance Girl.2009.DVDRip.XviD.CZdab.avi
[2010.01.21 10:58:10 | 13,150,44352 | ---- | M] () -- C:\Documents and Settings\Hepcik\Plocha\Navěky silný - sportovní,drama 2008, cz dabing.avi
[2010.01.21 09:17:02 | 14,214,69424 | ---- | M] () -- C:\Documents and Settings\Hepcik\Plocha\Jánošík - Pravdivá historie (český dabing DVDrip).avi
[2010.01.20 18:16:42 | 00,050,688 | ---- | M] () -- C:\Documents and Settings\Hepcik\Dokumenty\Lakomec.doc
[2010.01.19 16:36:32 | 92,082,2361 | ---- | M] () -- C:\Documents and Settings\Hepcik\Plocha\Huntertastic_Vol_1.wmv
[2010.01.18 19:42:48 | 10,235,58244 | ---- | M] () -- C:\Documents and Settings\Hepcik\Plocha\The Twilight Saga New Moon 2009 obsahuje titulky CZ upload by sunnydanny.avi
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.01.25 16:09:29 | 00,000,196 | ---- | C] () -- C:\Documents and Settings\Hepcik\Dokumenty\cc_20100125_160859_zaloha_3.reg
[2010.01.25 16:09:10 | 00,001,868 | ---- | C] () -- C:\Documents and Settings\Hepcik\Dokumenty\cc_20100125_160859_zaloha_2.reg
[2010.01.25 16:08:27 | 00,112,652 | ---- | C] () -- C:\Documents and Settings\Hepcik\Dokumenty\cc_20100125_160814_zaloha.reg
[2010.01.25 16:01:56 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Hepcik\Plocha\CCleaner.lnk
[2010.01.24 14:16:23 | 06,424,842 | ---- | C] () -- C:\Documents and Settings\Hepcik\Plocha\Neuveritelne.wmv
[2010.01.24 13:37:33 | 00,060,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\mkre^jfh.sys
[2010.01.24 12:54:32 | 00,002,163 | ---- | C] () -- C:\Documents and Settings\Hepcik\Plocha\Ventrilo.lnk
[2010.01.21 10:58:51 | 73,288,2052 | ---- | C] () -- C:\Documents and Settings\Hepcik\Plocha\Breakdance Girl.2009.DVDRip.XviD.CZdab.avi
[2010.01.21 09:44:37 | 13,150,44352 | ---- | C] () -- C:\Documents and Settings\Hepcik\Plocha\Navěky silný - sportovní,drama 2008, cz dabing.avi
[2010.01.21 07:59:06 | 14,214,69424 | ---- | C] () -- C:\Documents and Settings\Hepcik\Plocha\Jánošík - Pravdivá historie (český dabing DVDrip).avi
[2010.01.20 18:14:10 | 00,050,688 | ---- | C] () -- C:\Documents and Settings\Hepcik\Dokumenty\Lakomec.doc
[2010.01.19 15:45:21 | 92,082,2361 | ---- | C] () -- C:\Documents and Settings\Hepcik\Plocha\Huntertastic_Vol_1.wmv
[2009.12.29 19:05:11 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009.12.11 20:13:05 | 00,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.12.03 23:06:32 | 00,078,144 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2009.10.14 17:41:03 | 00,137,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.10.08 20:26:03 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009.10.08 20:26:03 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2009.09.12 18:18:05 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\Hepcik\Data aplikací\vso_ts_preview.xml
[2009.09.12 18:17:56 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Hepcik\Data aplikací\pcouffin.log
[2009.09.12 18:17:47 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Hepcik\Data aplikací\inst.exe
[2009.09.12 18:17:47 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Hepcik\Data aplikací\pcouffin.cat
[2009.09.12 18:17:47 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Hepcik\Data aplikací\pcouffin.inf
[2009.09.08 19:39:09 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.09.08 19:39:08 | 00,075,776 | ---- | C] () -- C:\Documents and Settings\Hepcik\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.08 17:36:57 | 00,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.09.08 17:23:33 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\Hepcik\Local Settings\Data aplikací\fusioncache.dat
[2009.09.08 17:15:10 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009.09.08 17:06:22 | 00,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2009.09.08 17:02:39 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009.09.08 17:02:36 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009.09.08 17:02:25 | 00,000,452 | ---- | C] () -- C:\WINDOWS\alsndmgr.ini
[2009.09.08 17:01:16 | 00,005,249 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.09.08 17:01:14 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005.10.14 10:56:50 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 10:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 10:56:50 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 10:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 10:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 10:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 10:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 10:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001.07.06 14:30:00 | 00,003,165 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
========== Alternate Data Streams ==========
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:05EE1EEF
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:888AFB86
< End of report >
Re: Snížený výkon,pomalu nabíhá,rozesílaní spamu z ICQ
:arrow:Otestujte na VIRUSTOTALu a JOTTISCANu
C:\WINDOWS\System32\drivers\mkre^jfh.sys
(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledky sem vlozte)
Pokud skener napíše, že soubor již byl testován, dejte otestovat znovu.
Stahnete GMER , rozbalte a spustte
probehne sken, po jehoz ukonceni na vas vyskoci vysledky
pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte
pote dle tohoto navodu
absolvujte druhy sken a opet obsah logu sem.
C:\WINDOWS\System32\drivers\mkre^jfh.sys
(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledky sem vlozte)
Pokud skener napíše, že soubor již byl testován, dejte otestovat znovu.
Stahnete GMER , rozbalte a spustteprobehne sken, po jehoz ukonceni na vas vyskoci vysledky
pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte
pote dle tohoto navodu
absolvujte druhy sken a opet obsah logu sem.
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: Snížený výkon,pomalu nabíhá,rozesílaní spamu z ICQ
VirusTotal :
Soubor mkre_jfh.sys přijatý 2010.01.25 17:48:09 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 7/40 (17.5%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 40 a 57 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.01.25 Virus.Win32.Rootkit!IK
AhnLab-V3 5.0.0.2 2010.01.25 -
AntiVir 7.9.1.150 2010.01.25 -
Antiy-AVL 2.0.3.7 2010.01.22 -
Authentium 5.2.0.5 2010.01.25 -
Avast 4.8.1351.0 2010.01.25 -
AVG 9.0.0.730 2010.01.25 -
BitDefender 7.2 2010.01.25 -
CAT-QuickHeal 10.00 2010.01.25 -
ClamAV 0.94.1 2010.01.25 -
Comodo 3706 2010.01.25 UnclassifiedMalware
DrWeb 5.0.1.12222 2010.01.25 -
eSafe 7.0.17.0 2010.01.25 Win32.PWS.Banker
eTrust-Vet 35.2.7258 2010.01.25 -
F-Prot 4.5.1.85 2010.01.25 -
F-Secure 9.0.15370.0 2010.01.25 -
Fortinet 4.0.14.0 2010.01.25 -
GData 19 2010.01.25 -
Ikarus T3.1.1.80.0 2010.01.25 Virus.Win32.Rootkit
Jiangmin 13.0.900 2010.01.24 -
K7AntiVirus 7.10.952 2010.01.22 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2010.01.25 -
McAfee 5872 2010.01.25 -
McAfee+Artemis 5872 2010.01.25 -
McAfee-GW-Edition 6.8.5 2010.01.25 -
Microsoft 1.5405 2010.01.25 -
NOD32 4805 2010.01.25 -
Norman 6.04.03 2010.01.25 W32/Rootkit.AMII
nProtect 2009.1.8.0 2010.01.25 -
Panda 10.0.2.2 2010.01.25 Rootkit/Booto.C
PCTools 7.0.3.5 2010.01.25 -
Rising 22.32.00.04 2010.01.25 -
Sophos 4.50.0 2010.01.25 -
Sunbelt 3.2.1858.2 2010.01.24 -
Symantec 20091.2.0.41 2010.01.25 -
TheHacker 6.5.0.9.162 2010.01.25 -
TrendMicro 9.120.0.1004 2010.01.25 -
VBA32 3.12.12.1 2010.01.23 -
ViRobot 2010.1.25.2154 2010.01.25 -
VirusBuster 5.0.21.0 2010.01.25 -
Rozšiřující informace
File size: 60416 bytes
MD5...: 4ad5d5229f85f42e873fda98190b2f19
SHA1..: 7e1bc7c4f0324c0ad58b829b2524e0cb617ef158
SHA256: 369f1be79b3466908a93086e05cebe65725d61a4d0885a3ecb1a257ec70d3a9f
ssdeep: 768:tBYjgeQ4knNcGhgHFutTrtTom7nhDntSTRI22jNQLOa5kJkq:t8rQRN5QYfi
y2CXJk
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0xd116
timedatestamp.....: 0x43ffe49f (Sat Feb 25 05:01:19 2006)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0xd28a 0xd300 5.55 f71af71856953abfcbf3519fb912c7b1
.rdata 0xd780 0xfe 0x100 4.47 3684165ded29d30ec78a464b892a2464
.data 0xd880 0xb7 0x100 0.04 66a415a49d751cb335895306ecfb3389
INIT 0xd980 0x332 0x380 4.87 766c4eca5df25cfad466c1f1a08deb1c
.reloc 0xdd00 0xe9c 0xf00 6.65 d206a6de9a62062d2ed031bd52b8d7ce
( 1 imports )
> ntoskrnl.exe: ZwWriteFile, wcslen, ZwOpenFile, ExFreePoolWithTag, ZwClose, ExAllocatePoolWithTag, ZwQueryValueKey, RtlInitUnicodeString, ZwOpenKey, RtlUpcaseUnicodeChar, ZwCreateFile, wcscat, wcscpy, ZwDeleteKey, swprintf, ZwEnumerateKey, DbgPrint, RtlPrefixUnicodeString, RtlDeleteRegistryValue, ZwSetValueKey, RtlWriteRegistryValue, _wcsicmp, ZwEnumerateValueKey, ZwReadFile, ZwQueryInformationFile, KeTickCount, ZwSetInformationFile, RtlCheckRegistryKey, PsTerminateSystemThread, KeSetPriorityThread, KeGetCurrentThread, KeDelayExecutionThread, PsCreateSystemThread, PsGetVersion
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Clipper DOS Executable (33.3%)
Generic Win/DOS Executable (33.0%)
DOS Executable Generic (33.0%)
VXD Driver (0.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
JottiScan:
2010-01-25 Žádný nález
[F-Secure Anti-Virus]
2010-01-25 Žádný nález
[A-Squared]
2010-01-25 Virus.Win32.Rootkit!IK
[G DATA]
2010-01-25 Žádný nález
[Avast! antivirus]
2010-01-25 Žádný nález
[Ikarus]
2010-01-25 Virus.Win32.Rootkit
[Grisoft AVG Anti-Virus]
2010-01-25 Žádný nález
[Kaspersky Anti-Virus]
2010-01-25 Žádný nález
[Avira AntiVir]
2010-01-25 Žádný nález
[ESET NOD32]
2010-01-25 Žádný nález
[Softwin BitDefender]
2010-01-25 Žádný nález
[Panda Antivirus]
2010-01-25 Rootkit/Booto.C
[ClamAV]
2010-01-25 Žádný nález
[Quick Heal]
2010-01-25 Žádný nález
[CPsecure]
2010-01-25 Žádný nález
[Sophos]
2010-01-25 Žádný nález
[Dr.Web]
2010-01-25 Žádný nález
[VirusBlokAda VBA32]
2010-01-23 Žádný nález
[Frisk F-Prot Antivirus]
2010-01-25 Žádný nález
[VirusBuster]
2010-01-25 Žádný nález
Gmer:test 1
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-25 19:00:07
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Hepcik\LOCALS~1\Temp\pxtdipow.sys
---- System - GMER 1.0.15 ----
SSDT spkl.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spkl.sys ZwEnumerateValueKey [0xB9ECE132]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 898DA1F8
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
Device \FileSystem\Fastfat \Fat 88A141F8
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
---- EOF - GMER 1.0.15 ----
Gmer:test 2
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-25 19:57:39
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Hepcik\LOCALS~1\Temp\pxtdipow.sys
---- System - GMER 1.0.15 ----
SSDT spkl.sys ZwCreateKey [0xB9EB50E0]
SSDT spkl.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spkl.sys ZwEnumerateValueKey [0xB9ECE132]
SSDT spkl.sys ZwOpenKey [0xB9EB50C0]
SSDT spkl.sys ZwQueryKey [0xB9ECE20A]
SSDT spkl.sys ZwQueryValueKey [0xB9ECE08A]
SSDT spkl.sys ZwSetValueKey [0xB9ECE29C]
INT 0x62 ? 898DBBF8
INT 0x63 ? 89628F00
INT 0x63 ? 89628F00
INT 0x63 ? 89628F00
INT 0x63 ? 89628F00
INT 0x63 ? 89628F00
INT 0x63 ? 89628F00
INT 0x82 ? 898DBBF8
---- Kernel code sections - GMER 1.0.15 ----
? spkl.sys Systém nemůže nalézt uvedený soubor. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB90C9000, 0x17C668, 0xE8000020]
.text USBPORT.SYS!DllUnload B905B62C 5 Bytes JMP 896284E0
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xB8F6F900]
.text ampfsgza.SYS B8EDC386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ampfsgza.SYS B8EDC3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ampfsgza.SYS B8EDC3C4 3 Bytes [00, 80, 02]
.text ampfsgza.SYS B8EDC3C9 1 Byte [30]
.text ampfsgza.SYS B8EDC3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1428] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 00]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] spkl.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] spkl.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] spkl.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] spkl.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] spkl.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EC5B90] spkl.sys
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[HAL.dll!READ_PORT_UCHAR] B48B8932
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[HAL.dll!KeGetCurrentIrql] 89000001
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[HAL.dll!KfRaiseIrql] 0001C083
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[HAL.dll!KfLowerIrql] 24468B00
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 020CB389
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 898DA1F8
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
Device \FileSystem\Fastfat \FatCdrom 88A141F8
Device \FileSystem\Udfs \UdfsCdRom 89499500
Device \FileSystem\Udfs \UdfsDisk 89499500
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
Device \Driver\NetBT \Device\NetBT_Tcpip_{76DC04DD-FC6A-444C-B1E8-76F5CB4380F9} 89538500
Device \Driver\usbuhci \Device\USBPDO-0 89419500
Device \Driver\PCI_PNP1994 \Device\00000044 spkl.sys
Device \Driver\usbuhci \Device\USBPDO-1 89419500
Device \Driver\usbuhci \Device\USBPDO-2 89419500
Device \Driver\usbuhci \Device\USBPDO-3 89419500
Device \Driver\usbehci \Device\USBPDO-4 8940C500
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
Device \Driver\sptd \Device\304570744 spkl.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 8986D1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8986D1F8
Device \Driver\Cdrom \Device\CdRom0 89553500
Device \Driver\Cdrom \Device\CdRom1 89553500
Device \Driver\atapi \Device\Ide\IdePort0 898DB1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 898DB1F8
Device \Driver\atapi \Device\Ide\IdePort1 898DB1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 898DB1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 898DB1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 898DB1F8
Device \Driver\Cdrom \Device\CdRom2 89553500
Device \Driver\Cdrom \Device\CdRom3 89553500
Device \Driver\Cdrom \Device\CdRom4 89553500
Device \Driver\NetBT \Device\NetBt_Wins_Export 89538500
Device \Driver\NetBT \Device\NetbiosSmb 89538500
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
Device \Driver\usbuhci \Device\USBFDO-0 89419500
Device \Driver\usbuhci \Device\USBFDO-1 89419500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 894A9500
Device \Driver\usbuhci \Device\USBFDO-2 89419500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 894A9500
Device \Driver\usbuhci \Device\USBFDO-3 89419500
Device \Driver\usbehci \Device\USBFDO-4 8940C500
Device \Driver\Ftdisk \Device\FtControl 8986D1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{317A3C6A-FF58-4664-AA81-98E82B54EF94} 89538500
Device \Driver\ampfsgza \Device\Scsi\ampfsgza1 89444500
Device \Driver\ampfsgza \Device\Scsi\ampfsgza1Port2Path0Target1Lun0 89444500
Device \Driver\ampfsgza \Device\Scsi\ampfsgza1Port2Path0Target0Lun0 89444500
Device \Driver\ampfsgza \Device\Scsi\ampfsgza1Port2Path0Target2Lun0 89444500
Device \FileSystem\Fastfat \Fat 88A141F8
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
Device \FileSystem\Cdfs \Cdfs 894F5500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFB 0xC2 0x93 0xAF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2C 0xD7 0x33 0xD6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x89 0x80 0xB4 0x43 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x64 0xEE 0x9B 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xEE 0xF6 0x61 0x6A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFB 0xC2 0x93 0xAF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2C 0xD7 0x33 0xD6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x89 0x80 0xB4 0x43 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x64 0xEE 0x9B 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xEE 0xF6 0x61 0x6A ...
---- EOF - GMER 1.0.15 ----
Soubor mkre_jfh.sys přijatý 2010.01.25 17:48:09 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 7/40 (17.5%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 40 a 57 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.01.25 Virus.Win32.Rootkit!IK
AhnLab-V3 5.0.0.2 2010.01.25 -
AntiVir 7.9.1.150 2010.01.25 -
Antiy-AVL 2.0.3.7 2010.01.22 -
Authentium 5.2.0.5 2010.01.25 -
Avast 4.8.1351.0 2010.01.25 -
AVG 9.0.0.730 2010.01.25 -
BitDefender 7.2 2010.01.25 -
CAT-QuickHeal 10.00 2010.01.25 -
ClamAV 0.94.1 2010.01.25 -
Comodo 3706 2010.01.25 UnclassifiedMalware
DrWeb 5.0.1.12222 2010.01.25 -
eSafe 7.0.17.0 2010.01.25 Win32.PWS.Banker
eTrust-Vet 35.2.7258 2010.01.25 -
F-Prot 4.5.1.85 2010.01.25 -
F-Secure 9.0.15370.0 2010.01.25 -
Fortinet 4.0.14.0 2010.01.25 -
GData 19 2010.01.25 -
Ikarus T3.1.1.80.0 2010.01.25 Virus.Win32.Rootkit
Jiangmin 13.0.900 2010.01.24 -
K7AntiVirus 7.10.952 2010.01.22 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2010.01.25 -
McAfee 5872 2010.01.25 -
McAfee+Artemis 5872 2010.01.25 -
McAfee-GW-Edition 6.8.5 2010.01.25 -
Microsoft 1.5405 2010.01.25 -
NOD32 4805 2010.01.25 -
Norman 6.04.03 2010.01.25 W32/Rootkit.AMII
nProtect 2009.1.8.0 2010.01.25 -
Panda 10.0.2.2 2010.01.25 Rootkit/Booto.C
PCTools 7.0.3.5 2010.01.25 -
Rising 22.32.00.04 2010.01.25 -
Sophos 4.50.0 2010.01.25 -
Sunbelt 3.2.1858.2 2010.01.24 -
Symantec 20091.2.0.41 2010.01.25 -
TheHacker 6.5.0.9.162 2010.01.25 -
TrendMicro 9.120.0.1004 2010.01.25 -
VBA32 3.12.12.1 2010.01.23 -
ViRobot 2010.1.25.2154 2010.01.25 -
VirusBuster 5.0.21.0 2010.01.25 -
Rozšiřující informace
File size: 60416 bytes
MD5...: 4ad5d5229f85f42e873fda98190b2f19
SHA1..: 7e1bc7c4f0324c0ad58b829b2524e0cb617ef158
SHA256: 369f1be79b3466908a93086e05cebe65725d61a4d0885a3ecb1a257ec70d3a9f
ssdeep: 768:tBYjgeQ4knNcGhgHFutTrtTom7nhDntSTRI22jNQLOa5kJkq:t8rQRN5QYfi
y2CXJk
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0xd116
timedatestamp.....: 0x43ffe49f (Sat Feb 25 05:01:19 2006)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0xd28a 0xd300 5.55 f71af71856953abfcbf3519fb912c7b1
.rdata 0xd780 0xfe 0x100 4.47 3684165ded29d30ec78a464b892a2464
.data 0xd880 0xb7 0x100 0.04 66a415a49d751cb335895306ecfb3389
INIT 0xd980 0x332 0x380 4.87 766c4eca5df25cfad466c1f1a08deb1c
.reloc 0xdd00 0xe9c 0xf00 6.65 d206a6de9a62062d2ed031bd52b8d7ce
( 1 imports )
> ntoskrnl.exe: ZwWriteFile, wcslen, ZwOpenFile, ExFreePoolWithTag, ZwClose, ExAllocatePoolWithTag, ZwQueryValueKey, RtlInitUnicodeString, ZwOpenKey, RtlUpcaseUnicodeChar, ZwCreateFile, wcscat, wcscpy, ZwDeleteKey, swprintf, ZwEnumerateKey, DbgPrint, RtlPrefixUnicodeString, RtlDeleteRegistryValue, ZwSetValueKey, RtlWriteRegistryValue, _wcsicmp, ZwEnumerateValueKey, ZwReadFile, ZwQueryInformationFile, KeTickCount, ZwSetInformationFile, RtlCheckRegistryKey, PsTerminateSystemThread, KeSetPriorityThread, KeGetCurrentThread, KeDelayExecutionThread, PsCreateSystemThread, PsGetVersion
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Clipper DOS Executable (33.3%)
Generic Win/DOS Executable (33.0%)
DOS Executable Generic (33.0%)
VXD Driver (0.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
JottiScan:
2010-01-25 Žádný nález
[F-Secure Anti-Virus]
2010-01-25 Žádný nález
[A-Squared]
2010-01-25 Virus.Win32.Rootkit!IK
[G DATA]
2010-01-25 Žádný nález
[Avast! antivirus]
2010-01-25 Žádný nález
[Ikarus]
2010-01-25 Virus.Win32.Rootkit
[Grisoft AVG Anti-Virus]
2010-01-25 Žádný nález
[Kaspersky Anti-Virus]
2010-01-25 Žádný nález
[Avira AntiVir]
2010-01-25 Žádný nález
[ESET NOD32]
2010-01-25 Žádný nález
[Softwin BitDefender]
2010-01-25 Žádný nález
[Panda Antivirus]
2010-01-25 Rootkit/Booto.C
[ClamAV]
2010-01-25 Žádný nález
[Quick Heal]
2010-01-25 Žádný nález
[CPsecure]
2010-01-25 Žádný nález
[Sophos]
2010-01-25 Žádný nález
[Dr.Web]
2010-01-25 Žádný nález
[VirusBlokAda VBA32]
2010-01-23 Žádný nález
[Frisk F-Prot Antivirus]
2010-01-25 Žádný nález
[VirusBuster]
2010-01-25 Žádný nález
Gmer:test 1
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-25 19:00:07
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Hepcik\LOCALS~1\Temp\pxtdipow.sys
---- System - GMER 1.0.15 ----
SSDT spkl.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spkl.sys ZwEnumerateValueKey [0xB9ECE132]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 898DA1F8
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
Device \FileSystem\Fastfat \Fat 88A141F8
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
---- EOF - GMER 1.0.15 ----
Gmer:test 2
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-25 19:57:39
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Hepcik\LOCALS~1\Temp\pxtdipow.sys
---- System - GMER 1.0.15 ----
SSDT spkl.sys ZwCreateKey [0xB9EB50E0]
SSDT spkl.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spkl.sys ZwEnumerateValueKey [0xB9ECE132]
SSDT spkl.sys ZwOpenKey [0xB9EB50C0]
SSDT spkl.sys ZwQueryKey [0xB9ECE20A]
SSDT spkl.sys ZwQueryValueKey [0xB9ECE08A]
SSDT spkl.sys ZwSetValueKey [0xB9ECE29C]
INT 0x62 ? 898DBBF8
INT 0x63 ? 89628F00
INT 0x63 ? 89628F00
INT 0x63 ? 89628F00
INT 0x63 ? 89628F00
INT 0x63 ? 89628F00
INT 0x63 ? 89628F00
INT 0x82 ? 898DBBF8
---- Kernel code sections - GMER 1.0.15 ----
? spkl.sys Systém nemůže nalézt uvedený soubor. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB90C9000, 0x17C668, 0xE8000020]
.text USBPORT.SYS!DllUnload B905B62C 5 Bytes JMP 896284E0
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xB8F6F900]
.text ampfsgza.SYS B8EDC386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ampfsgza.SYS B8EDC3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ampfsgza.SYS B8EDC3C4 3 Bytes [00, 80, 02]
.text ampfsgza.SYS B8EDC3C9 1 Byte [30]
.text ampfsgza.SYS B8EDC3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1428] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 00]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] spkl.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] spkl.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] spkl.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] spkl.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] spkl.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EC5B90] spkl.sys
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[HAL.dll!READ_PORT_UCHAR] B48B8932
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[HAL.dll!KeGetCurrentIrql] 89000001
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[HAL.dll!KfRaiseIrql] 0001C083
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[HAL.dll!KfLowerIrql] 24468B00
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 020CB389
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
IAT \SystemRoot\System32\Drivers\ampfsgza.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 898DA1F8
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
Device \FileSystem\Fastfat \FatCdrom 88A141F8
Device \FileSystem\Udfs \UdfsCdRom 89499500
Device \FileSystem\Udfs \UdfsDisk 89499500
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
Device \Driver\NetBT \Device\NetBT_Tcpip_{76DC04DD-FC6A-444C-B1E8-76F5CB4380F9} 89538500
Device \Driver\usbuhci \Device\USBPDO-0 89419500
Device \Driver\PCI_PNP1994 \Device\00000044 spkl.sys
Device \Driver\usbuhci \Device\USBPDO-1 89419500
Device \Driver\usbuhci \Device\USBPDO-2 89419500
Device \Driver\usbuhci \Device\USBPDO-3 89419500
Device \Driver\usbehci \Device\USBPDO-4 8940C500
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
Device \Driver\sptd \Device\304570744 spkl.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 8986D1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8986D1F8
Device \Driver\Cdrom \Device\CdRom0 89553500
Device \Driver\Cdrom \Device\CdRom1 89553500
Device \Driver\atapi \Device\Ide\IdePort0 898DB1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 898DB1F8
Device \Driver\atapi \Device\Ide\IdePort1 898DB1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 898DB1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 898DB1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 898DB1F8
Device \Driver\Cdrom \Device\CdRom2 89553500
Device \Driver\Cdrom \Device\CdRom3 89553500
Device \Driver\Cdrom \Device\CdRom4 89553500
Device \Driver\NetBT \Device\NetBt_Wins_Export 89538500
Device \Driver\NetBT \Device\NetbiosSmb 89538500
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
Device \Driver\usbuhci \Device\USBFDO-0 89419500
Device \Driver\usbuhci \Device\USBFDO-1 89419500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 894A9500
Device \Driver\usbuhci \Device\USBFDO-2 89419500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 894A9500
Device \Driver\usbuhci \Device\USBFDO-3 89419500
Device \Driver\usbehci \Device\USBFDO-4 8940C500
Device \Driver\Ftdisk \Device\FtControl 8986D1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{317A3C6A-FF58-4664-AA81-98E82B54EF94} 89538500
Device \Driver\ampfsgza \Device\Scsi\ampfsgza1 89444500
Device \Driver\ampfsgza \Device\Scsi\ampfsgza1Port2Path0Target1Lun0 89444500
Device \Driver\ampfsgza \Device\Scsi\ampfsgza1Port2Path0Target0Lun0 89444500
Device \Driver\ampfsgza \Device\Scsi\ampfsgza1Port2Path0Target2Lun0 89444500
Device \FileSystem\Fastfat \Fat 88A141F8
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
Device \FileSystem\Cdfs \Cdfs 894F5500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFB 0xC2 0x93 0xAF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2C 0xD7 0x33 0xD6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x89 0x80 0xB4 0x43 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x64 0xEE 0x9B 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xEE 0xF6 0x61 0x6A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFB 0xC2 0x93 0xAF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2C 0xD7 0x33 0xD6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x89 0x80 0xB4 0x43 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x64 0xEE 0x9B 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xEE 0xF6 0x61 0x6A ...
---- EOF - GMER 1.0.15 ----
Re: Snížený výkon,pomalu nabíhá,rozesílaní spamu z ICQ
Znovu spustte OTL a zkopirujte do policka pod nazvem "Custom Scans/Fixes" zeleny text:Kód: Vybrat vše
:otl
O4 - HKLM..\Run: [NWEReboot] File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
:processes
:Services
mkre^jfh
:Reg
:Files
C:\WINDOWS\System32\drivers\mkre^jfh.sys
:Commands
[EMPTYTEMP]
[REBOOT]
[RESETHOSTS]
[CREATERESTOREPOINT]
Kliknete na RunFix, mozna probehne restart,pak se vytvori log, jeho obsah sem zkopirujte. Pokud se log neotevre, najdete ho v miste spusteni OTL.
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: Snížený výkon,pomalu nabíhá,rozesílaní spamu z ICQ
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
Error: No service named mkre^jfh was found to stop!
Unable to stop service mkre^jfh!
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\System32\drivers\mkre^jfh.sys moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Hepcik
->Temp folder emptied: 60330955 bytes
->Temporary Internet Files folder emptied: 16664785 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2129157 bytes
%systemroot%\System32 .tmp files removed: 2675656 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 451786739 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23922314 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 532,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (64424509440)
OTL by OldTimer - Version 3.1.26.0 log created on 01262010_201351
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
Error: No service named mkre^jfh was found to stop!
Unable to stop service mkre^jfh!
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\System32\drivers\mkre^jfh.sys moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Hepcik
->Temp folder emptied: 60330955 bytes
->Temporary Internet Files folder emptied: 16664785 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2129157 bytes
%systemroot%\System32 .tmp files removed: 2675656 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 451786739 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23922314 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 532,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (64424509440)
OTL by OldTimer - Version 3.1.26.0 log created on 01262010_201351
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Re: Snížený výkon,pomalu nabíhá,rozesílaní spamu z ICQ
Ok,jak se chova pc nyni?
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: Snížený výkon,pomalu nabíhá,rozesílaní spamu z ICQ
Je to lepsi,dik moc.Jeste musim zjistit jestli odesila ten spam z ICQ nebo ne.Smim se zeptat cim to bylo? Co mi to tak zpomalilo?
Re: Snížený výkon,pomalu nabíhá,rozesílaní spamu z ICQ
Byl tam rootkit,ktery to mel zrejme na svedomi.
Dejte vedet,pak docistime.
Dejte vedet,pak docistime.
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Přispějete na provoz fóra?