Moc prosím o kontrolu logu

štefy · Příspěvekod **štefy** » 25 bře 2008 19:00

ComboFix 08-03-25.1 - uživatel 2008-03-25 18:57:02.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.179 [GMT 1:00]
Running from: C:\Documents and Settings\uživatel\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 )))))))))))))))))))))))))))))))
.

2008-03-25 18:43 . 2008-03-25 18:43 27,970,520 --a------ C:\backup.tmp
2008-03-25 18:43 . 2008-03-25 18:43 23,898 --a------ C:\1.reg
2008-03-25 18:43 . 2008-03-25 18:43 270 --a------ C:\avexport.bat
2008-03-25 18:37 . 2008-03-25 18:37 97,104,910 --a------ C:\zalreg.reg
2008-03-24 12:44 . 2004-08-17 14:49 114,688 --a------ C:\WINDOWS\system32\vgaikqcmj.nls
2008-03-24 12:22 . 2008-03-25 18:43 135,168 --a------ C:\zip.exe
2008-03-24 12:22 . 2008-03-25 18:43 19,286 --a------ C:\cleanup.exe
2008-03-24 12:22 . 2008-03-24 12:22 5,677 --a------ C:\backup.reg
2008-03-24 12:22 . 2008-03-25 18:43 574 --a------ C:\cleanup.bat
2008-03-24 12:19 . 2008-03-24 12:19 204 --a------ C:\vypt.bat
2008-03-23 13:21 . 2008-03-23 13:22 <DIR> d-------- C:\Program Files\SopCast
2008-03-23 11:11 . 2008-03-23 11:14 <DIR> d-------- C:\reg
2008-03-22 11:36 . 2008-03-22 11:36 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-22 11:36 . 2008-03-22 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2008-03-21 11:21 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-21 11:20 . 2008-03-21 11:21 <DIR> d-------- C:\Program Files\Java
2008-03-21 11:20 . 2008-03-21 11:20 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-19 19:45 . 2005-03-02 19:18 577,024 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-03-19 19:43 . 2008-03-19 19:44 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-19 17:40 . 2008-03-19 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ESET
2008-03-19 17:10 . 2008-03-19 17:10 <DIR> d-------- C:\Program Files\ESET
2008-03-16 18:42 . 2008-03-16 18:42 <DIR> d-------- C:\Program Files\CCleaner
2008-03-15 13:07 . 2008-03-15 13:07 <DIR> d-------- C:\Documents and Settings\uživatel\Data aplikací\Roxio
2008-03-15 13:06 . 2008-03-15 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Sonic
2008-03-15 13:04 . 2008-03-15 13:04 <DIR> d-------- C:\Program Files\DivX
2008-03-15 13:04 . 2008-03-16 16:50 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-15 13:04 . 2008-03-16 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Roxio
2008-03-03 19:48 . 2008-03-03 19:48 <DIR> d-------- C:\Documents and Settings\uži\Bullfrog
2008-03-01 09:59 . 2006-05-23 09:25 4,290,048 --a------ C:\WINDOWS\Heroes of Might and Magic V.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 17:16 --------- d-----w C:\Program Files\Torrents
2008-03-23 12:19 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-03-21 10:14 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-03-19 20:24 --------- d-----w C:\Documents and Settings\uživatel\Data aplikací\uTorrent
2008-03-19 16:36 --------- d-----w C:\Program Files\Ad-Aware 2007
2008-03-16 15:52 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-03-06 18:48 --------- d-----w C:\Program Files\Winamp
2008-03-03 16:02 --------- d-----w C:\Program Files\PeerGuardian2
2008-02-24 08:28 --------- d-----w C:\Documents and Settings\uživatel\Data aplikací\DMCache
2008-02-23 11:21 --------- d-----w C:\Program Files\PPMate
2008-02-23 10:48 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2008-02-23 10:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-22 22:46 --------- d-----w C:\Program Files\SUPER
2008-02-22 21:20 --------- d-----w C:\Program Files\TVUPlayer
2008-02-21 17:12 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\TVU networks
2008-02-21 17:00 --------- d-----w C:\Documents and Settings\uživatel\Data aplikací\TVU Networks
2008-02-21 16:01 --------- d-----w C:\Documents and Settings\uživatel\Data aplikací\ppStream
2008-02-21 15:49 --------- d-----w C:\Documents and Settings\uživatel\Data aplikací\PPMate
2008-02-21 15:48 --------- d-----w C:\Program Files\Common Files\Synacast
2008-02-20 10:11 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-02-20 10:02 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-02-20 10:01 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-02-18 18:21 --------- d-----w C:\Program Files\Common Files\InstallerA
2008-02-18 18:13 --------- d-----w C:\Program Files\Gamenext
2008-02-16 18:46 --------- d---a-w C:\Program Files\Miranda IM
2008-02-04 19:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
2008-01-31 06:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 19:45 --------- d-----w C:\Documents and Settings\uživatel\Data aplikací\Vso
2008-01-27 15:57 --------- d-----w C:\Program Files\uTorrent
2008-01-26 11:11 --------- d-----w C:\Program Files\Game XP
2008-01-26 09:27 --------- d-----w C:\Documents and Settings\uživatel\Data aplikací\URSoft
2008-01-23 17:43 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-04-30 15:25 81,920 ----a-w C:\Documents and Settings\uživatel\Data aplikací\ezpinst.exe
2007-04-30 15:25 47,360 ----a-w C:\Documents and Settings\uživatel\Data aplikací\pcouffin.sys
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-01-20 11:29 945 --sha-w C:\WINDOWS\system32\mmf.sys
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

------- Sigcheck -------

2005-03-14 02:17 359936 6129e70f3d2f1e60860c930ebeaf92c2 C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2001-10-25 13:00 327168 e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2005-03-14 01:55 359808 0e66b538096a6529d1ac66e78eb0d5c8 C:\WINDOWS\SoftwareDistribution\Download\465d74f489a08daa339a96fd1eedeb4e\sp2gdr\tcpip.sys
2005-03-14 02:17 359936 6129e70f3d2f1e60860c930ebeaf92c2 C:\WINDOWS\SoftwareDistribution\Download\465d74f489a08daa339a96fd1eedeb4e\sp2qfe\tcpip.sys
2008-01-24 15:21 359808 f91e8f4c501f2128d7a92f723b6d6577 C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-01-24 15:21 359808 f91e8f4c501f2128d7a92f723b6d6577 C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.exe" [2002-01-28 13:48 885760]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-20 16:34 213936]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 16:34 86960]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 16:34 213936]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"lipqerkt"="C:\WINDOWS\TEMP\vclofqtbb.sys WLEntryPoint" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"mshgm"= rundll32.exe "C:\WINDOWS\system32\ctlaicmbc.sys" WLEntryPoint

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\WindowBlinds\wbsrv.dll 2005-12-20 21:57 176128 C:\PROGRA~1\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GPRSpeed Plus Client.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\GPRSpeed Plus Client.lnk
backup=C:\WINDOWS\pss\GPRSpeed Plus Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^uživatel^Nabídka Start^Programy^Po spuštění^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\uživatel\Nabídka Start\Programy\Po spuštění\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uživatel^Nabídka Start^Programy^Po spuštění^Ubisoft register.lnk]
path=C:\Documents and Settings\uživatel\Nabídka Start\Programy\Po spuštění\Ubisoft register.lnk
backup=C:\WINDOWS\pss\Ubisoft register.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\Program Files\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-17 14:49 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 23:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
--a------ 2006-03-22 23:13 1591808 C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 17:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-12-09 12:07 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2004-01-28 22:42 565248 C:\WINDOWS\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-09-16 13:39 69632 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]
c:\program files\divx\divx pro codec\gain_trickler_3202.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NOD32krn"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"C:\\Program Files\\FirefoxPortable\\FirefoxPortable.exe"=
"C:\\Program Files\\Miranda IM\\miranda32.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Hry\\Worms Armageddon\\wa.exe"=
"C:\\Program Files\\PPMate\\ppmate.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\PPMate\\ppamnet.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\SopCast\\sopvod.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"44724:TCP"= 44724:TCP:pan port
"11618:TCP"= 11618:TCP:@xpsp2res.dll,-22004
"46337:TCP"= 46337:TCP:@xpsp2res.dll,-22004
"28236:TCP"= 28236:TCP:@xpsp2res.dll,-22004
"27611:TCP"= 27611:TCP:@xpsp2res.dll,-22004
"5307:TCP"= 5307:TCP:@xpsp2res.dll,-22004

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R2 LicCtrlService;LicCtrl Service;rundll32.exe C:\WINDOWS\mmfs.dll,Service []
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 usbhub;Ovladač standardního rozbočovače USB;C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 22:08]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);C:\WINDOWS\system32\DRIVERS\adusbmdm65.sys [2005-05-02 12:55]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);C:\WINDOWS\system32\DRIVERS\adusbser65.sys [2005-05-02 12:55]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 usb2vcom;USB Data Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2005-08-06 04:06]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 22:08]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f72c2d0d-4fbc-11db-8aa0-0011098da354}]
\Shell\AutoRun\command - H:\autorun.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 18:59:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-25 18:59:43
ComboFix-quarantined-files.txt 2008-03-25 17:59:40
ComboFix2.txt 2008-03-22 10:32:21

Reklama

štefy · Příspěvekod **štefy** » 25 bře 2008 19:01

------------- VypAdr -------------
Svazek v jednotce C je C.
Sériové číslo svazku je 80E6-025B.

Výpis adresáře C:\WINDOWS\temp

25.03.2008 19:01 <DIR> .
25.03.2008 19:01 <DIR> ..
17.08.2004 14:49 114 688 iasjdbmte.dll
17.08.2004 14:49 114 688 msimmgse.nls
17.08.2004 14:49 114 688 vgaikqcmj.nls
3 souborů, 344 064 bajtů

Počet souborů v seznamu:
3 souborů, 344 064 bajtů
Adresářů: 2, Volných bajtů: 8 940 466 176

štefy · Příspěvekod **štefy** » 25 bře 2008 20:03

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, March 25, 2008 8:01:54 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/03/2008
Kaspersky Anti-Virus database records: 595485
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\

Scan Statistics:
Total number of scanned objects: 59933
Number of viruses found: 3
Number of infected objects: 15
Number of suspicious objects: 0
Duration of the scan process: 00:41:57

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Data aplikací\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB Object is locked skipped
C:\Documents and Settings\All Users\Data aplikací\ESET\ESET NOD32 Antivirus\Logs\virlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Data aplikací\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\uživatel\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\uživatel\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\uživatel\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\uživatel\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\uživatel\Local Settings\History\History.IE5\MSHist012008032520080326\index.dat Object is locked skipped
C:\Documents and Settings\uživatel\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\uživatel\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\uživatel\ntuser.dat.LOG Object is locked skipped
C:\Program Files\FirefoxPortable\Data\profile\Cache\_CACHE_001_ Object is locked skipped
C:\Program Files\FirefoxPortable\Data\profile\Cache\_CACHE_002_ Object is locked skipped
C:\Program Files\FirefoxPortable\Data\profile\Cache\_CACHE_003_ Object is locked skipped
C:\Program Files\FirefoxPortable\Data\profile\Cache\_CACHE_MAP_ Object is locked skipped
C:\Program Files\FirefoxPortable\Data\profile\cert8.db Object is locked skipped
C:\Program Files\FirefoxPortable\Data\profile\formhistory.dat Object is locked skipped
C:\Program Files\FirefoxPortable\Data\profile\history.dat Object is locked skipped
C:\Program Files\FirefoxPortable\Data\profile\key3.db Object is locked skipped
C:\Program Files\FirefoxPortable\Data\profile\parent.lock Object is locked skipped
C:\Program Files\FirefoxPortable\Data\profile\urlclassifier2.sqlite Object is locked skipped
C:\Program Files\FirefoxPortable\Data\profile\XUL.mfl Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3B74E4BC-2B5F-433E-AD5E-13F0EC583B53}\RP2\A0000081.dll Infected: Email-Worm.Win32.Locksky.dm skipped
C:\System Volume Information\_restore{3B74E4BC-2B5F-433E-AD5E-13F0EC583B53}\RP2\A0000082.dll Infected: Trojan-Downloader.Win32.Small.tcw skipped
C:\System Volume Information\_restore{3B74E4BC-2B5F-433E-AD5E-13F0EC583B53}\RP2\A0000083.dll Infected: Email-Worm.Win32.Locksky.df skipped
C:\System Volume Information\_restore{3B74E4BC-2B5F-433E-AD5E-13F0EC583B53}\RP2\A0000084.dll Infected: Email-Worm.Win32.Locksky.dm skipped
C:\System Volume Information\_restore{3B74E4BC-2B5F-433E-AD5E-13F0EC583B53}\RP2\A0000085.dll Infected: Email-Worm.Win32.Locksky.dm skipped
C:\System Volume Information\_restore{3B74E4BC-2B5F-433E-AD5E-13F0EC583B53}\RP2\A0000086.drv Infected: Email-Worm.Win32.Locksky.dm skipped
C:\System Volume Information\_restore{3B74E4BC-2B5F-433E-AD5E-13F0EC583B53}\RP2\A0000087.dll Infected: Email-Worm.Win32.Locksky.dm skipped
C:\System Volume Information\_restore{3B74E4BC-2B5F-433E-AD5E-13F0EC583B53}\RP2\A0000088.sys Infected: Email-Worm.Win32.Locksky.dm skipped
C:\System Volume Information\_restore{3B74E4BC-2B5F-433E-AD5E-13F0EC583B53}\RP2\A0000089.sys Infected: Email-Worm.Win32.Locksky.dm skipped
C:\System Volume Information\_restore{3B74E4BC-2B5F-433E-AD5E-13F0EC583B53}\RP2\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\ctlaicmbc.sys Infected: Email-Worm.Win32.Locksky.dm skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\mmf.sys Object is locked skipped
C:\WINDOWS\system32\vgabglcoa.sys Infected: Email-Worm.Win32.Locksky.dm skipped
C:\WINDOWS\system32\vgaikqcmj.nls Infected: Email-Worm.Win32.Locksky.dm skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\iasjdbmte.dll Infected: Email-Worm.Win32.Locksky.dm skipped
C:\WINDOWS\TEMP\msimmgse.nls Infected: Email-Worm.Win32.Locksky.dm skipped
C:\WINDOWS\TEMP\vgaikqcmj.nls Infected: Email-Worm.Win32.Locksky.dm skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Příspěvekod **fredik** » 29 bře 2008 07:06

Promiň za delší prodlevu, nevyšlo to časově.

#Krok1:
Než se pustíš do následujícího postupu, udělej prosím tě toto:
Jdi pak do adresáře C:\Avenger tam by jsi měl mít dva soubory backup.zip (druhy bude mít za názvem i datum), vlož je ke svému dalšímu příspěvku jako přílohu.

#Krok2:
Stáhni si tyto programy:
Gmer
System Repair Engineer - přes tlačítko Local Download 2

#Krok3:
- Vytvoř si na disku adresář, a vybal do něj obsah archivu sreng2.zip
- Spusť program (SREngPS.EXE), zvol System Repair
- Na záložce File Associations zatrhni čtvereček před položkou .EXE a pak klikni dole na tlačítko Repair
- Po té spusť znovu DAFT a dej Scan a pak po jeho proběhnutí si ulož log a dej sem jeho obsah.

#Krok3:
Udělej znovu kontrolu pomoci Kasperáku a vlož sem z něho log.

#Krok4:
Rozbal si Gmer a spusť ho.
- proběhne krátká kontrola a po ní na záložce Rootkit/Malware klikni na tlačítko Scan
- spustí se kontrola, po její proběhnutí klikna na tlačítko Copy
- pak sem vlož obsah logu

#Krok5:
Udělej a dej sem nový log z ComboFix

V následujícím příspěvku sem vlož tyto logy/výsledky:
- log z DAFT
- log z Kasperaku
- log z Gmer
- log z ComboFix

štefy · Příspěvekod **štefy** » 29 bře 2008 10:14

V počítači nemám žádný soubor backup.zip. Mam jen backup.reg a backup.tmp žadny nemá za názvem datum.

Příspěvekod **fredik** » 29 bře 2008 13:31

Tak pokračuj dál krokem 2.

štefy · Příspěvekod **štefy** » 29 bře 2008 17:33

DAFT Log saved on 2008-03-29 17:30:31
-----------------------------------------------------------------------
.exe - exefile - shell\open\command - rundll32.exe "C:\WINDOWS\TEMP\vgaikqcmj.nls" WLEntry %1 %*

štefy · Příspěvekod **štefy** » 29 bře 2008 18:23

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, March 29, 2008 6:22:31 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/03/2008
Kaspersky Anti-Virus database records: 603700
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\

Scan Statistics:
Total number of scanned objects: 60538
Number of viruses found: 3
Number of infected objects: 15
Number of suspicious objects: 0
Duration of the scan process: 00:42:39

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Data aplikací\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB Object is locked skipped
C:\Documents and Settings\All Users\Data aplikací\ESET\ESET NOD32 Antivirus\Logs\virlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Data aplikací\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\uživatel\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\uživatel\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\uživatel\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\uživatel\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\uživatel\Local Settings\History\History.IE5\MSHist012008032920080330\index.dat Object is locked skipped
C:\Documents and Settings\uživatel\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\uživatel\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\uživatel\ntuser.dat.LOG Object is locked skipped
C:\Program Files\FirefoxPortable\Data\profile\Cache\_CACHE_001_ Object is locked skipped
C:\Program Files\FirefoxPortable\Data\profile\Cache\_CACHE_002_ Object is locked skipped
C:\Program Files\FirefoxPortable\Data\profile\Cache\_CACHE_003_ Object is locked skipped
C:\Program Files\FirefoxPortable\Data\profile\Cache\_CACHE_MAP_ Object is locked skipped
C:\Program Files\FirefoxPortable\Data\profile\cert8.db Object is locked skipped
C:\Program Files\FirefoxPortable\Data\profile\formhistory.dat Object is locked skipped
C:\Program Files\FirefoxPortable\Data\profile\history.dat Object is locked skipped
C:\Program Files\FirefoxPortable\Data\profile\key3.db Object is locked skipped
C:\Program Files\FirefoxPortable\Data\profile\parent.lock Object is locked skipped
C:\Program Files\FirefoxPortable\Data\profile\search.sqlite Object is locked skipped
C:\Program Files\FirefoxPortable\Data\profile\urlclassifier2.sqlite Object is locked skipped
C:\Program Files\FirefoxPortable\Data\profile\XUL.mfl Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3B74E4BC-2B5F-433E-AD5E-13F0EC583B53}\RP2\A0000081.dll Infected: Email-Worm.Win32.Locksky.dm skipped
C:\System Volume Information\_restore{3B74E4BC-2B5F-433E-AD5E-13F0EC583B53}\RP2\A0000082.dll Infected: Trojan-Downloader.Win32.Small.tcw skipped
C:\System Volume Information\_restore{3B74E4BC-2B5F-433E-AD5E-13F0EC583B53}\RP2\A0000083.dll Infected: Email-Worm.Win32.Locksky.df skipped
C:\System Volume Information\_restore{3B74E4BC-2B5F-433E-AD5E-13F0EC583B53}\RP2\A0000084.dll Infected: Email-Worm.Win32.Locksky.dm skipped
C:\System Volume Information\_restore{3B74E4BC-2B5F-433E-AD5E-13F0EC583B53}\RP2\A0000085.dll Infected: Email-Worm.Win32.Locksky.dm skipped
C:\System Volume Information\_restore{3B74E4BC-2B5F-433E-AD5E-13F0EC583B53}\RP2\A0000086.drv Infected: Email-Worm.Win32.Locksky.dm skipped
C:\System Volume Information\_restore{3B74E4BC-2B5F-433E-AD5E-13F0EC583B53}\RP2\A0000087.dll Infected: Email-Worm.Win32.Locksky.dm skipped
C:\System Volume Information\_restore{3B74E4BC-2B5F-433E-AD5E-13F0EC583B53}\RP2\A0000088.sys Infected: Email-Worm.Win32.Locksky.dm skipped
C:\System Volume Information\_restore{3B74E4BC-2B5F-433E-AD5E-13F0EC583B53}\RP2\A0000089.sys Infected: Email-Worm.Win32.Locksky.dm skipped
C:\System Volume Information\_restore{3B74E4BC-2B5F-433E-AD5E-13F0EC583B53}\RP5\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\ctlaicmbc.sys Infected: Email-Worm.Win32.Locksky.dm skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\mmf.sys Object is locked skipped
C:\WINDOWS\system32\vgabglcoa.sys Infected: Email-Worm.Win32.Locksky.dm skipped
C:\WINDOWS\system32\vgaikqcmj.nls Infected: Email-Worm.Win32.Locksky.dm skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\iasjdbmte.dll Infected: Email-Worm.Win32.Locksky.dm skipped
C:\WINDOWS\TEMP\msimmgse.nls Infected: Email-Worm.Win32.Locksky.dm skipped
C:\WINDOWS\TEMP\vgaikqcmj.nls Infected: Email-Worm.Win32.Locksky.dm skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

štefy · Příspěvekod **štefy** » 29 bře 2008 18:29

GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-03-29 18:28:36
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwCreateKey [0xF83970D0]
SSDT sptd.sys ZwEnumerateKey [0xF839CE2C]
SSDT sptd.sys ZwEnumerateValueKey [0xF839D1BA]
SSDT sptd.sys ZwOpenKey [0xF83970B0]
SSDT sptd.sys ZwQueryKey [0xF839D292]
SSDT sptd.sys ZwQueryValueKey [0xF839D112]
SSDT sptd.sys ZwSetValueKey [0xF839D324]

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
.text USBPORT.SYS!DllUnload F7ABD62C 5 Bytes JMP 828A31C8
.text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F76D04D0 42 Bytes [ 7D, 12, C8, 3C, 4C, 45, 90, ... ]
.text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 2B F76D04FB 5 Bytes [ 6C, BE, 66, 44, 1A ]
? C:\WINDOWS\System32\Drivers\vaxscsi.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
? System32\Drivers\a52wxgn4.SYS Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1928] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [ C2, 04, 00, 00 ]

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F83AD886] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F83AD832] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F83CF892] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F83AD886] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8397AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F8397C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F8397B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F8398748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F839861E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F83ACACA] sptd.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 82AD91E8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \FileSystem\Fastfat \FatCdrom 81EAF7A0
Device \FileSystem\Udfs \UdfsCdRom 8265A7A0
Device \FileSystem\Udfs \UdfsDisk 8265A7A0
Device \Driver\usbuhci \Device\USBPDO-0 828A21E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 82A661E8
Device \Driver\dmio \Device\DmControl\DmConfig 82A661E8
Device \Driver\dmio \Device\DmControl\DmPnP 82A661E8
Device \Driver\dmio \Device\DmControl\DmInfo 82A661E8
Device \Driver\usbuhci \Device\USBPDO-1 828A21E8
Device \Driver\usbuhci \Device\USBPDO-2 828A21E8
Device \Driver\usbuhci \Device\USBPDO-3 828A21E8
Device \Driver\usbehci \Device\USBPDO-4 828751E8

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

Device \Driver\Ftdisk \Device\HarddiskVolume1 82ADB1E8
Device \Driver\atapi \Device\Ide\IdePort0 82ADA1E8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 82ADA1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 82ADA1E8
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 82ADA1E8
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 82ADA1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 82ADA1E8
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 82ADA1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetBt_Wins_Export 827557A0
Device \Driver\NetBT \Device\NetbiosSmb 827557A0
Device \Driver\PCI_NTPNP0880 \Device\0000004e sptd.sys
Device \Driver\PCI_NTPNP0880 \Device\0000004f sptd.sys
Device \Driver\usbuhci \Device\USBFDO-0 828A21E8
Device \Driver\usbuhci \Device\USBFDO-1 828A21E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CDB7F34E-4A5E-4BAA-BF50-CCF50D92FC7F} 827557A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 827DB7A0
Device \Driver\usbuhci \Device\USBFDO-2 828A21E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 827DB7A0
Device \Driver\usbuhci \Device\USBFDO-3 828A21E8
Device \Driver\usbehci \Device\USBFDO-4 828751E8
Device \Driver\Ftdisk \Device\FtControl 82ADB1E8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 827EB610
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\a52wxgn4 \Device\Scsi\a52wxgn41 827C71E8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port5Path0Target0Lun0 827EB610
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port5Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Fastfat \Fat 81EAF7A0

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

Device \FileSystem\Cdfs \Cdfs 827E7360

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x36 0xD2 0x57 0x77 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0D 0xE3 0xA2 0x10 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB5 0xC7 0x1B 0x4B ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5A 0x01 0x9E 0xC4 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFA 0x2A 0x0C 0x1E ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDD 0x36 0x42 0x7B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEB 0xDA 0x87 0x24 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0D 0xE3 0xA2 0x10 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB5 0xC7 0x1B 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5A 0x01 0x9E 0xC4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFA 0x2A 0x0C 0x1E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDD 0x36 0x42 0x7B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -447453770
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1085992225
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEB 0xDA 0x87 0x24 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0D 0xE3 0xA2 0x10 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB5 0xC7 0x1B 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5A 0x01 0x9E 0xC4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFA 0x2A 0x0C 0x1E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDD 0x36 0x42 0x7B ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes@\f\1e\0r\0n\0é\0 \0u\0k\0a\0z\0a\0t\0e\0l\0e\0 C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes@\f\1e\0r\0n\0é\0 \0u\0k\0a\0z\0a\0t\0e\0l\0e\0 \0(\0v\0e\0l\0k\0é\0) C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes@\f\1e\0r\0n\0é\0 \0u\0k\0a\0z\0a\0t\0e\0l\0e\0 \0(\0n\0e\0j\0v\0\e\1t\0a\1í\0) C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 1ADEB5A964304E5981E8A04DC4C893228561CE91D3AACA43BA2AB5395EBBE47AC14DE87ED8B36E8158D20A405842A545B2B18AC251B7672CA842B7FC3452666C30D02275CC09B2722EB04835757191D810EC98411FB0A86E3500C4AC248073C7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DA6A0AC4980AC7933A2D97226D213B555D4A6E7A2D71B2083281AF328A123F1F695FEC80F6306BEECE9E82C0E680AB6C4474659C2582F6F7788A0D6C18EB1DEAF88E31430B81923F3A234DA75525D975597E00F7BE51A45BDB95ABEF7A1CD14C162BB86CE3BAFD309C867BC01A3111A43943274A7904F6530D29A4D064A5497362A1617A7D3B03F876F6BBC0B6134AE587D1B8965972665A860DB376E2488461858A44FBC20E5A54B9E49DAB9C5399BE3859DE31BF3DC2F89663AC5F3858DCFF95B3E4D526F7E1C37CF2FA86FBDF8FAB8D462AAEB509304B2D675D51E74ED38EE165AC3F1478B0BB07272CFD96A2E3AAC08B61A4689CCF40E9CF459BAAC175690DD99F8E9DE04AE216A888964A2F79A1AAE08835733F2E807154056581EDA577A7C3B474924431AF60D0B2642EDD833E04DECCA1293521A0D8E04634C6CEC39CEB0A71C6637862F2328BB09690DBAEBE35B9BE62F269A9914D012B0AD6EE851B
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\0
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\0@file_name iasjdbmte
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\0@file_expand dll
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\0@file_path C:\WINDOWS\TEMP\
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\0@reg_name lipqerkt
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\0@reg_id 234533
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\0@start_function WLEntryPoint
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\1
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\1@file_name ctlaicmbc
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\1@file_expand sys
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\1@file_path C:\WINDOWS\system32\
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\1@reg_name mshgm
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\1@reg_id 235124
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\1@start_function WLEntryPoint
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\2
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\2@file_name msimmgse
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\2@file_expand nls
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\2@file_path C:\WINDOWS\TEMP\
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\2@reg_name jfcppqq
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\2@reg_id 987234
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\2@start_function WLEntryPoint
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\3
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\3@file_name vgabglcoa
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\3@file_expand sys
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\3@file_path C:\WINDOWS\system32\
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\3@reg_name egdnmjmm
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\3@reg_id 7237565
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\3@start_function WLEntryPoint
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\4
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\4@file_name vgaikqcmj
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\4@file_expand nls
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\4@file_path C:\WINDOWS\TEMP\
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\4@reg_name fbenjors
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\4@reg_id 7523455
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\4@start_function WLEntry
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero 7 Ultra Edition\`t
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero 7 Ultra Edition\`t@Order 0x08 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D55C3C11-C38F-42A9-B461-1791DCA47211}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D55C3C11-C38F-42A9-B461-1791DCA47211}@abnplkamdncnpgklkkehbhcmbkjajlmacd 0x61 0x62 0x6C 0x6F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D55C3C11-C38F-42A9-B461-1791DCA47211}@bbnplkamdncnpgklkkdhclafidkgmfeimgee 0x61 0x62 0x61 0x70 ...

---- EOF - GMER 1.0.14 ----

štefy · Příspěvekod **štefy** » 29 bře 2008 18:33

ComboFix 08-03-25.1 - uživatel 2008-03-29 18:30:26.5 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.162 [GMT 1:00]
Running from: C:\Documents and Settings\uživatel\Plocha\ComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))))
.

2008-03-29 18:24 . 2008-03-29 18:24 250 --a------ C:\WINDOWS\gmer.ini
2008-03-29 17:23 . 2008-03-29 17:24 <DIR> d-------- C:\Sereng2
2008-03-25 18:43 . 2008-03-25 18:43 27,970,520 --a------ C:\backup.tmp
2008-03-25 18:43 . 2008-03-25 18:43 23,898 --a------ C:\1.reg
2008-03-25 18:43 . 2008-03-25 18:43 270 --a------ C:\avexport.bat
2008-03-25 18:37 . 2008-03-25 18:37 97,104,910 --a------ C:\zalreg.reg
2008-03-24 12:44 . 2004-08-17 14:49 114,688 --a------ C:\WINDOWS\system32\vgaikqcmj.nls
2008-03-24 12:22 . 2008-03-25 18:43 135,168 --a------ C:\zip.exe
2008-03-24 12:22 . 2008-03-25 18:43 19,286 --a------ C:\cleanup.exe
2008-03-24 12:22 . 2008-03-24 12:22 5,677 --a------ C:\backup.reg
2008-03-24 12:22 . 2008-03-25 18:43 574 --a------ C:\cleanup.bat
2008-03-24 12:19 . 2008-03-24 12:19 204 --a------ C:\vypt.bat
2008-03-23 13:21 . 2008-03-23 13:22 <DIR> d-------- C:\Program Files\SopCast
2008-03-23 11:11 . 2008-03-23 11:14 <DIR> d-------- C:\reg
2008-03-22 11:36 . 2008-03-22 11:36 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-22 11:36 . 2008-03-22 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2008-03-21 11:21 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-21 11:20 . 2008-03-21 11:21 <DIR> d-------- C:\Program Files\Java
2008-03-21 11:20 . 2008-03-21 11:20 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-19 19:45 . 2005-03-02 19:18 577,024 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-03-19 19:43 . 2008-03-19 19:44 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-19 17:40 . 2008-03-19 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ESET
2008-03-19 17:10 . 2008-03-19 17:10 <DIR> d-------- C:\Program Files\ESET
2008-03-16 18:42 . 2008-03-16 18:42 <DIR> d-------- C:\Program Files\CCleaner
2008-03-15 13:07 . 2008-03-15 13:07 <DIR> d-------- C:\Documents and Settings\uživatel\Data aplikací\Roxio
2008-03-15 13:06 . 2008-03-15 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Sonic
2008-03-15 13:04 . 2008-03-15 13:04 <DIR> d-------- C:\Program Files\DivX
2008-03-15 13:04 . 2008-03-16 16:50 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-15 13:04 . 2008-03-16 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Roxio
2008-03-03 19:48 . 2008-03-03 19:48 <DIR> d-------- C:\Documents and Settings\uži\Bullfrog
2008-03-01 09:59 . 2006-05-23 09:25 4,290,048 --a------ C:\WINDOWS\Heroes of Might and Magic V.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 13:52 --------- d-----w C:\Documents and Settings\uživatel\Data aplikací\uTorrent
2008-03-28 17:38 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-03-26 18:37 --------- d-----w C:\Program Files\Torrents
2008-03-21 10:14 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-03-19 16:36 --------- d-----w C:\Program Files\Ad-Aware 2007
2008-03-16 15:52 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-03-06 18:48 --------- d-----w C:\Program Files\Winamp
2008-03-03 16:02 --------- d-----w C:\Program Files\PeerGuardian2
2008-02-24 08:28 --------- d-----w C:\Documents and Settings\uživatel\Data aplikací\DMCache
2008-02-23 11:21 --------- d-----w C:\Program Files\PPMate
2008-02-23 10:48 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2008-02-23 10:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-22 22:46 --------- d-----w C:\Program Files\SUPER
2008-02-22 21:20 --------- d-----w C:\Program Files\TVUPlayer
2008-02-21 17:12 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\TVU networks
2008-02-21 17:00 --------- d-----w C:\Documents and Settings\uživatel\Data aplikací\TVU Networks
2008-02-21 16:01 --------- d-----w C:\Documents and Settings\uživatel\Data aplikací\ppStream
2008-02-21 15:49 --------- d-----w C:\Documents and Settings\uživatel\Data aplikací\PPMate
2008-02-21 15:48 --------- d-----w C:\Program Files\Common Files\Synacast
2008-02-20 10:11 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-02-20 10:02 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-02-20 10:01 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-02-18 18:21 --------- d-----w C:\Program Files\Common Files\InstallerA
2008-02-18 18:13 --------- d-----w C:\Program Files\Gamenext
2008-02-16 18:46 --------- d---a-w C:\Program Files\Miranda IM
2008-02-04 19:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
2008-01-31 06:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 17:43 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-04-30 15:25 81,920 ----a-w C:\Documents and Settings\uživatel\Data aplikací\ezpinst.exe
2007-04-30 15:25 47,360 ----a-w C:\Documents and Settings\uživatel\Data aplikací\pcouffin.sys
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-01-20 11:29 945 --sha-w C:\WINDOWS\system32\mmf.sys
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

------- Sigcheck -------

2005-03-14 02:17 359936 6129e70f3d2f1e60860c930ebeaf92c2 C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2001-10-25 13:00 327168 e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2005-03-14 01:55 359808 0e66b538096a6529d1ac66e78eb0d5c8 C:\WINDOWS\SoftwareDistribution\Download\465d74f489a08daa339a96fd1eedeb4e\sp2gdr\tcpip.sys
2005-03-14 02:17 359936 6129e70f3d2f1e60860c930ebeaf92c2 C:\WINDOWS\SoftwareDistribution\Download\465d74f489a08daa339a96fd1eedeb4e\sp2qfe\tcpip.sys
2008-01-24 15:21 359808 f91e8f4c501f2128d7a92f723b6d6577 C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-01-24 15:21 359808 f91e8f4c501f2128d7a92f723b6d6577 C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot@2008-03-25_18.59.34,76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-29 17:24:31 819,200 ----a-w C:\WINDOWS\gmer.dll
+ 2008-03-03 19:29:06 761,856 ----a-w C:\WINDOWS\gmer.exe
+ 2008-03-29 17:24:31 86,097 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.exe" [2002-01-28 13:48 885760]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-20 16:34 213936]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 16:34 86960]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 16:34 213936]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"lqrkngqj"="C:\WINDOWS\TEMP\ieanfcnrn.nls WLEntryPoint" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"mshgm"= rundll32.exe "C:\WINDOWS\system32\ctlaicmbc.sys" WLEntryPoint

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\WindowBlinds\wbsrv.dll 2005-12-20 21:57 176128 C:\PROGRA~1\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GPRSpeed Plus Client.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\GPRSpeed Plus Client.lnk
backup=C:\WINDOWS\pss\GPRSpeed Plus Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^uživatel^Nabídka Start^Programy^Po spuštění^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\uživatel\Nabídka Start\Programy\Po spuštění\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uživatel^Nabídka Start^Programy^Po spuštění^Ubisoft register.lnk]
path=C:\Documents and Settings\uživatel\Nabídka Start\Programy\Po spuštění\Ubisoft register.lnk
backup=C:\WINDOWS\pss\Ubisoft register.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\Program Files\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-17 14:49 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 23:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
--a------ 2006-03-22 23:13 1591808 C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 17:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2004-01-28 22:42 565248 C:\WINDOWS\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-09-16 13:39 69632 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]
c:\program files\divx\divx pro codec\gain_trickler_3202.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NOD32krn"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"C:\\Program Files\\FirefoxPortable\\FirefoxPortable.exe"=
"C:\\Program Files\\Miranda IM\\miranda32.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Hry\\Worms Armageddon\\wa.exe"=
"C:\\Program Files\\PPMate\\ppmate.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\PPMate\\ppamnet.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\SopCast\\sopvod.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"44724:TCP"= 44724:TCP:pan port
"18977:TCP"= 18977:TCP:@xpsp2res.dll,-22004
"46132:TCP"= 46132:TCP:@xpsp2res.dll,-22004
"37027:TCP"= 37027:TCP:@xpsp2res.dll,-22004
"25438:TCP"= 25438:TCP:@xpsp2res.dll,-22004
"5307:TCP"= 5307:TCP:@xpsp2res.dll,-22004

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R2 LicCtrlService;LicCtrl Service;rundll32.exe C:\WINDOWS\mmfs.dll,Service []
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 usbhub;Ovladač standardního rozbočovače USB;C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 22:08]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);C:\WINDOWS\system32\DRIVERS\adusbmdm65.sys [2005-05-02 12:55]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);C:\WINDOWS\system32\DRIVERS\adusbser65.sys [2005-05-02 12:55]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 usb2vcom;USB Data Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2005-08-06 04:06]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 22:08]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f72c2d0d-4fbc-11db-8aa0-0011098da354}]
\Shell\AutoRun\command - H:\autorun.exe

*Newly Created Service* - GMER
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 18:32:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-29 18:33:04
ComboFix-quarantined-files.txt 2008-03-29 17:33:01
ComboFix2.txt 2008-03-25 17:59:44
ComboFix3.txt 2008-03-22 10:32:21

Příspěvekod **fredik** » 29 bře 2008 20:50

Spusť prosím tě znovu GMER a zopakuj postup, ale s tím rozdílem že až proběhne kontrola tak si ulož log přes tlačítko Save.... Nějak si ho pojmenuj. Zabal ho a dej ho jako přílohu ke svému příspěvku.

štefy · Příspěvekod **štefy** » 30 bře 2008 12:45

Tady je ten log.

Moc prosím o kontrolu logu Vyřešeno

Re: Moc prosím o kontrolu logu

Re: Moc prosím o kontrolu logu

Re: Moc prosím o kontrolu logu

Re: Moc prosím o kontrolu logu

Re: Moc prosím o kontrolu logu

Re: Moc prosím o kontrolu logu

Re: Moc prosím o kontrolu logu

Re: Moc prosím o kontrolu logu

Re: Moc prosím o kontrolu logu

Re: Moc prosím o kontrolu logu

Re: Moc prosím o kontrolu logu

Re: Moc prosím o kontrolu logu

Kdo je online