Moc prosím o kontrolu logu

[fredik]

Dodrž pořadí jak bude napsáno:
- je to krapet delší, tak si případně ulož celý postup. Bylo by dobré, během postupu být odpojený od internetu, po té co si stáhneš programy a nachystáš vše potřebné (od Kroku 7).
- nejdříve si to pročti pozorně a pokud by něco z toho nebylo jasné tak se zeptej než se do toho pustíš.
- pokud by po některém z kroku nešel spustit .exe soubory tak udělej krok 10 a pak pokračuj kde kde jsi skončil.

#Krok1:
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře:
ComboFix /u a dej Ok

Spusť už dřív stažený T-cleaner (postupuj podle instrukcí o kterých tě bude informovat) a nech ho proběhnout.

#Krok2:
Smaž na disku, pokud tam budou tyto soubory:
C:\5.reg
C:\3.reg
C:\2.reg
C:\4.reg
C:\backup.tmp
C:\avexport.bat
C:\1.reg

#Krok3:
Stáhni si znovu tyto programy, pokud tam nebudou:

- odkazy na jednotlivé programy už tu byly uvedeny
GMER - ulož si ho přímo na disk C
Avenger
Deckard's System Scanner (DSS) - ulož si ho na plochu
System Repair Engineer (SREng)
swreg.exe
Deckard's Association File Tool (DAFT)
AVPTool - AVPTool si stáhni až před instalací.

#Krok4:
Vytvoř si na disku C nový adresář/složku a pojmenuj ho jako: abc (C:\abc)
- rozbal do něj SREng
- zkopíruj tam i soubor daft.exe, který sis stáhl
* přejmenuj v tomto adresáři tyto soubory:
SREngPS.exe na SREngPS.com
a
daft.exe na daft.com

#Krok5:
Zkopíruj si stažený soubor swreg.exe do těchto lokací:
- kořenový adresář systémového disku C:\
- do adresáře/složky: C:\WINDOWS\system32\

#Krok6:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE (nefunguje korektně pod FireFox)

Kód: Vybrat vše

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tbptikkc"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"mshgm"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"taskman"=-

Pak dej Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: fix.reg
Uložit jako typ: tak tam vyber Všechny soubory
Ulož si daný soubor na plochu
Na ploše by se měl objevit soubor fix.reg

#Krok7:
- nainstaluj si už stažený AVPTool a nastav si ho podle návodu (adresář instalace nech jak je nastavený přímo programem)
- pak s ním nech zkontrolovat disk a po jeho proběhnutí sem vlož jeho log

#Krok8:
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře:
command
- otevře se ti okno a tam napiš postupně tyto příkazy zvýrazněné modře:
cd\ (dej <enter>)
swreg null delete HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55} (dej <enter>)
swreg null delete HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D55C3C11-C38F-42A9-B461-1791DCA47211} (dej <enter>)
exit (dej <enter>)
-dej pozor ať opíšeš přesně syntaxi tak jak je napsaná
- mezi Shell a Extensionsje mezera a patří to celé na jeden řádek za sebe, ne jak se to zobrazuje na dvou.

#Krok9:
Spusť soubor Fix.reg, vyskočí hláška kde odklikni Ano poté je další hláška kde odklikni OK

#Krok10:
*případně pokračuj v tomto bodě v okně command*
- jdi do adresáře/složky abc
- Spusť program (SREngPS.com), zvol System Repair
- Na záložce File Associations zatrhni čtvereček před položkou .EXE (měl by být zatrhnutý/vybraný) a pak klikni dole na tlačítko Repair
- Po té spusť znovu DAFT.com a dej Scan
- pokud by vypsal nějakou chybnou asociaci tak před nimi zatrhni ty čtverečky klikni na tlačítko Fix
Pak znovu spusť Scan a po jeho proběhnutí klikni na tlačítko Save Log, ulož si log a dej sem jeho obsah.

#Krok11:
Spusť znovu GMER a dej sem z něho log.

#Krok12:
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře "%userprofile%\plocha\dss.exe" /config
- Otevře se ti okno kde v sekci Main Log zruš všechny zatržené položky a nech zatržené/zatrhni jen tyto dvě (ostatní části nech jak jsou viz. obr.):

• File Associations
  Drivers
  Services
  Files Created/Modified
  Registry Dump

- Pak dole klikni na tlačítko Scan!
Za chvíli se ti objeví log main.txt tak sem vlož jeho obsah (jinak ho najdeš zde: C:\Deckard\System Scanner\main.txt)

******************************************************************************************************************************************

V následujícím příspěvku sem vlož tyto logy/výsledky:
- log z AVPTool
- log z DAFT
- log z GMER
- log z DSS

[štefy]

U kroku3 si mam ty programy stahnout znova nebo ne kdyz uz je mam nainstalovany?

[fredik]

Programy co tam máš nemusíš stahovat znovu, ale po použití T-cleaneru např. DSS na ploše nemáš, soubor swreg.exe nemáš v adresáři (C:\WINDOWS\system32\) atd. Takže programy co odstranil a nemáš je tak si je znovu stáhni. Co ti tam zůstalo tak nemusíš. Pak si rozbal/nahraj jednotlivé programy tam kam bylo napsáno + dopsal jsem ti alternativu pro bod 10 tak se na to mrkni.

[štefy]

DAFT Log saved on 2008-04-04 18:06:07
-----------------------------------------------------------------------
All associations okay!

[štefy]

GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-04-04 18:11:59
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwCreateKey [0xF83970D0]
SSDT sptd.sys ZwEnumerateKey [0xF839CE2C]
SSDT sptd.sys ZwEnumerateValueKey [0xF839D1BA]
SSDT sptd.sys ZwOpenKey [0xF83970B0]
SSDT sptd.sys ZwQueryKey [0xF839D292]
SSDT sptd.sys ZwQueryValueKey [0xF839D112]
SSDT sptd.sys ZwSetValueKey [0xF839D324]

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
.text USBPORT.SYS!DllUnload F7FEA62C 5 Bytes JMP 82951780
.text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F7BFD4D0 48 Bytes [ F0, 18, 96, 32, 4B, A8, 46, ... ]
? C:\WINDOWS\System32\Drivers\vaxscsi.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
? System32\Drivers\achftlql.SYS Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1476] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [ C2, 04, 00, 00 ]

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F83AD886] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F83AD832] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F83CF892] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F83AD886] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8397AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F8397C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F8397B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F8398748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F839861E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F83ACACA] sptd.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 82AD91E8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \FileSystem\Fastfat \FatCdrom 81F891E8
Device \Driver\usbuhci \Device\USBPDO-0 828F01E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 82A661E8
Device \Driver\dmio \Device\DmControl\DmConfig 82A661E8
Device \Driver\dmio \Device\DmControl\DmPnP 82A661E8
Device \Driver\dmio \Device\DmControl\DmInfo 82A661E8
Device \Driver\usbuhci \Device\USBPDO-1 828F01E8
Device \Driver\usbuhci \Device\USBPDO-2 828F01E8
Device \Driver\usbuhci \Device\USBPDO-3 828F01E8
Device \Driver\usbehci \Device\USBPDO-4 828C31E8

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

Device \Driver\Ftdisk \Device\HarddiskVolume1 82ADB1E8
Device \Driver\atapi \Device\Ide\IdePort0 82ADA1E8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 82ADA1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 82ADA1E8
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 82ADA1E8
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 82ADA1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 82ADA1E8
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 82ADA1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetBt_Wins_Export 8241F430
Device \Driver\NetBT \Device\NetbiosSmb 8241F430
Device \Driver\PCI_NTPNP4304 \Device\0000004e sptd.sys
Device \Driver\PCI_NTPNP4304 \Device\0000004f sptd.sys
Device \Driver\usbuhci \Device\USBFDO-0 828F01E8
Device \Driver\usbuhci \Device\USBFDO-1 828F01E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CDB7F34E-4A5E-4BAA-BF50-CCF50D92FC7F} 8241F430
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 824111E8
Device \Driver\usbuhci \Device\USBFDO-2 828F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 824111E8
Device \Driver\usbuhci \Device\USBFDO-3 828F01E8
Device \Driver\usbehci \Device\USBFDO-4 828C31E8
Device \Driver\Ftdisk \Device\FtControl 82ADB1E8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 828971E8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\achftlql \Device\Scsi\achftlql1 828811E8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port5Path0Target0Lun0 828971E8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port5Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Fastfat \Fat 81F891E8

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 823F51E8

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x36 0xD2 0x57 0x77 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0D 0xE3 0xA2 0x10 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB5 0xC7 0x1B 0x4B ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5A 0x01 0x9E 0xC4 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFA 0x2A 0x0C 0x1E ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDD 0x36 0x42 0x7B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEB 0xDA 0x87 0x24 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0D 0xE3 0xA2 0x10 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB5 0xC7 0x1B 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5A 0x01 0x9E 0xC4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFA 0x2A 0x0C 0x1E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDD 0x36 0x42 0x7B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -447453770
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1085992225
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEB 0xDA 0x87 0x24 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0D 0xE3 0xA2 0x10 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB5 0xC7 0x1B 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5A 0x01 0x9E 0xC4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFA 0x2A 0x0C 0x1E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDD 0x36 0x42 0x7B ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes@\f\1e\0r\0n\0é\0 \0u\0k\0a\0z\0a\0t\0e\0l\0e\0 C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes@\f\1e\0r\0n\0é\0 \0u\0k\0a\0z\0a\0t\0e\0l\0e\0 \0(\0v\0e\0l\0k\0é\0) C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes@\f\1e\0r\0n\0é\0 \0u\0k\0a\0z\0a\0t\0e\0l\0e\0 \0(\0n\0e\0j\0v\0\e\1t\0a\1í\0) C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 1ADEB5A964304E5981E8A04DC4C893228561CE91D3AACA43BA2AB5395EBBE47AC14DE87ED8B36E8158D20A405842A545B2B18AC251B7672CA842B7FC3452666C30D02275CC09B2722EB04835757191D810EC98411FB0A86E3500C4AC248073C7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DA6A0AC4980AC7933A2D97226D213B555D4A6E7A2D71B2083281AF328A123F1F695FEC80F6306BEECE9E82C0E680AB6C4474659C2582F6F7788A0D6C18EB1DEAF88E31430B81923F3A234DA75525D975597E00F7BE51A45BDB95ABEF7A1CD14C162BB86CE3BAFD309C867BC01A3111A43943274A7904F6530D29A4D064A5497362A1617A7D3B03F876F6BBC0B6134AE587D1B8965972665A860DB376E2488461858A44FBC20E5A54B9E49DAB9C5399BE3859DE31BF3DC2F89663AC5F3858DCFF95B3E4D526F7E1C37CF2FA86FBDF8FAB8D462AAEB509304B2D675D51E74ED38EE165AC3F1478B0BB07272CFD96A2E3AAC08B61A4689CCF40E9CF459BAAC175690DD99F8E9DE04AE216A888964A2F79A1AAE08835733F2E807154056581EDA577A7C3B474924431AF60D0B2642EDD833E04DECCA1293521A0D8E04634C6CEC39CEB0A71C6637862F2328BB09690DBAEBE35B9BE62F269A9914D012B0AD6EE851B
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@NoPopUpsOnBoot 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Error Mode 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs wbsys.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\3
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\3@file_name msxmlg
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\3@file_expand drv
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\3@file_path C:\WINDOWS\system32\
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\3@reg_name bkfgsbfi
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\3@reg_id 7237565
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\3@start_function WLEntryPoint
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\4
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\4@file_name wuapckimc
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\4@file_expand nls
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\4@file_path C:\WINDOWS\TEMP\
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\4@reg_name gkqcp
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\4@reg_id 7523455
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\4@start_function WLEntry
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero 7 Ultra Edition\`t
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero 7 Ultra Edition\`t@Order 0x08 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D55C3C11-C38F-42A9-B461-1791DCA47211}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D55C3C11-C38F-42A9-B461-1791DCA47211}@abnplkamdncnpgklkkehbhcmbkjajlmacd 0x61 0x62 0x6C 0x6F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D55C3C11-C38F-42A9-B461-1791DCA47211}@bbnplkamdncnpgklkkdhclafidkgmfeimgee 0x61 0x62 0x61 0x70 ...

---- EOF - GMER 1.0.14 ----

[štefy]

Deckard's System Scanner v20071014.68
Run by uživatel on 2008-04-04 18:13:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 3.24 GiB (less than 15%) free.


-- File Associations -----------------------------------------------------------

.exe - exefile - shell\open\command - rundll32.exe "C:\WINDOWS\TEMP\wuapckimc.nls" WLEntry %1 %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys

S3 adusbmdm6501 (AnyDATA CDMA USB Modem Driver (PID 6501)) - c:\windows\system32\drivers\adusbmdm65.sys <Not Verified; AnyDATA Corporation; AnyDATA CDMA USB Modem/Serial Device Driver>
S3 adusbser6501 (AnyDATA CDMA USB Serial Port (PID 6501)) - c:\windows\system32\drivers\adusbser65.sys <Not Verified; AnyDATA Corporation; AnyDATA CDMA USB Modem/Serial Device Driver>
S3 aswArKrn - c:\docume~1\uivate~1\locals~1\temp\aswarkrn.sys (file missing)
S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing)
S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 MSICPL - d:\install4\msicpl.sys (file missing)
S3 NTACCESS - d:\ntaccess.sys (file missing)
S3 pgfilter - c:\program files\peerguardian2\pgfilter.sys
S3 SetupNTGLM7X - d:\ntglm7x.sys (file missing)
S3 usb2vcom (USB Data Cable) - c:\windows\system32\drivers\usb2vcom.sys <Not Verified; USB World; USB Data Cable>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 IviRegMgr - c:\program files\common files\intervideo\regmgr\iviregmgr.exe
R2 LicCtrlService (LicCtrl Service) - rundll32.exe c:\windows\mmfs.dll,service

S4 NOD32krn (NOD32 Kernel Service) - "c:\program files\nod32\nod32krn.exe" (file missing)


-- Files created between 2008-03-04 and 2008-04-04 -----------------------------

2008-04-04 18:06:28 761856 --a------ C:\gmer.exe
2008-04-04 15:45:24 278016 --a------ C:\swreg.exe <Not Verified; SteelWerX; SteelWerX Command Line Registry Editor>
2008-04-04 15:39:22 0 d-------- C:\abc
2008-04-04 15:37:58 65568 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-25 19:37:25 97104910 --a------ C:\zalreg.reg
2008-03-23 14:21:53 0 d-------- C:\Program Files\SopCast
2008-03-23 12:11:23 0 d-------- C:\reg
2008-03-22 12:36:00 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-21 12:20:28 0 d-------- C:\Program Files\Java
2008-03-21 12:20:26 0 d-------- C:\Program Files\Common Files\Java
2008-03-19 20:43:58 0 d-------- C:\WINDOWS\ERUNT
2008-03-16 19:42:43 0 d-------- C:\Program Files\CCleaner
2008-03-15 14:04:13 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-15 14:04:00 0 d-------- C:\Program Files\DivX


-- Find3M Report ---------------------------------------------------------------

2008-04-03 22:16:37 0 d-------- C:\Documents and Settings\uživatel\Data aplikací\uTorrent
2008-04-03 21:45:29 0 d-------- C:\Program Files\Torrents
2008-03-30 15:06:32 393414 --a------ C:\WINDOWS\system32\perfh005.dat
2008-03-30 15:06:32 69836 --a------ C:\WINDOWS\system32\perfc005.dat
2008-03-21 12:20:26 0 d-------- C:\Program Files\Common Files
2008-03-21 12:19:47 0 d-------- C:\Documents and Settings\uživatel\Data aplikací\Sun
2008-03-21 12:14:31 0 d-------- C:\Program Files\Common Files\InterVideo
2008-03-19 18:36:27 0 d-------- C:\Program Files\Ad-Aware 2007
2008-03-16 17:52:13 0 d-------- C:\Program Files\Your Uninstaller 2008
2008-03-15 14:07:12 0 d-------- C:\Documents and Settings\uživatel\Data aplikací\Roxio
2008-03-06 20:48:50 0 d-------- C:\Program Files\Winamp
2008-03-03 18:02:49 0 d-------- C:\Program Files\PeerGuardian2
2008-02-24 10:28:27 0 d-------- C:\Documents and Settings\uživatel\Data aplikací\DMCache
2008-02-23 13:21:54 0 d-------- C:\Program Files\PPMate
2008-02-23 12:45:31 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-23 00:46:09 0 d-------- C:\Program Files\SUPER
2008-02-22 23:20:46 0 d-------- C:\Program Files\TVUPlayer
2008-02-21 20:09:50 0 d-------- C:\Documents and Settings\uživatel\Data aplikací\Real
2008-02-21 19:00:12 0 d-------- C:\Documents and Settings\uživatel\Data aplikací\TVU Networks
2008-02-21 18:01:41 0 d-------- C:\Documents and Settings\uživatel\Data aplikací\ppStream
2008-02-21 17:49:30 0 d-------- C:\Documents and Settings\uživatel\Data aplikací\PPMate
2008-02-21 17:48:39 0 d-------- C:\Program Files\Common Files\Synacast
2008-02-18 20:21:41 0 d-------- C:\Program Files\Common Files\InstallerA
2008-02-18 20:13:34 0 d-------- C:\Program Files\Gamenext
2008-02-16 20:46:01 0 d-a------ C:\Program Files\Miranda IM
2008-02-05 12:29:06 4046 --a------ C:\WINDOWS\mozver.dat
2008-02-04 21:26:34 151040 ---hs---- C:\WINDOWS\system32\VistaUltm.dll
2008-01-23 19:43:57 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.exe" [28.01.2002 14:48]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [20.03.2006 17:34]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [20.03.2006 17:34]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [20.03.2006 17:34]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [20.02.2008 12:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 05:25]
"AVP"="C:\Documents and Settings\All Users\Plocha\Kaspersky Lab Tool\setup_7.0.0.180_04.04.2008_15-34.exe" [12.10.2007 16:29]
"nqrflhqs"="C:\WINDOWS\TEMP\vgaslbelr.nls WLEntryPoint" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [17.08.2004 15:49]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13.10.2004 18:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=1 (0x1)
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"gmbfi"=rundll32.exe "C:\WINDOWS\system32\cdfkcolkm.sys" WLEntryPoint

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"MemCheckBoxInRunDlg"=0 (0x0)
"NoAutoTrayNotify"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoStartBanner"=01000000
"NoWelcomeScreen"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoSharedDocuments"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\WindowBlinds\wbsrv.dll 20.12.2005 22:57 176128 C:\PROGRA~1\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GPRSpeed Plus Client.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\GPRSpeed Plus Client.lnk
backup=C:\WINDOWS\pss\GPRSpeed Plus Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uživatel^Nabídka Start^Programy^Po spuštění^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\uživatel\Nabídka Start\Programy\Po spuštění\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uživatel^Nabídka Start^Programy^Po spuštění^Ubisoft register.lnk]
path=C:\Documents and Settings\uživatel\Nabídka Start\Programy\Po spuštění\Ubisoft register.lnk
backup=C:\WINDOWS\pss\Ubisoft register.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
"C:\Program Files\Avast4\ashDisp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
"C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]
"c:\program files\divx\divx pro codec\gain_trickler_3202.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NOD32krn"=2 (0x2)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f72c2d0d-4fbc-11db-8aa0-0011098da354}]
AutoRun\command- H:\autorun.exe

*Newly Created Service* - GMER
*Newly Created Service* - SETUP_7.0.0.180_04.04.2008_15-34



-- End of Deckard's System Scanner: finished at 2008-04-04 18:15:11 ------------

[štefy]

Avp log.

[fredik]

#Krok1:
Bude potřeba si doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu:
Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině + návod

#Krok2:
Odinstaluj AVPTool

#Krok3:
Po té si stáhni znovu SDFix a AVPTool

#Krok4: - od tohoto kroku by bylo se dobré zase odpojit od internetu.
- použij znovu SDFix v nouzovém režimu a vlož sem pak z něho log.
- nainstaluj zpět AVPTool

#Krok5:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE (nefunguje korektně pod FireFox)

Kód: Vybrat vše

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\rundll32.exe"=-

Pak dej Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: fixw.reg
Uložit jako typ: tak tam vyber Všechny soubory
Ulož si daný soubor na plochu
Na ploše by se měl objevit soubor fixw.reg
Spusť soubor Fixw.reg, vyskočí hláška kde odklikni Ano poté je další hláška kde odklikni OK

#Krok6:
Projeď Pc pomocí AVPTool a po jeho skončení pokračuj znovu kroky 8, 10 ,11 a 12 zmíněné v příspěvku ze dne:
Dub 02, 2008

Vlož sem pak tyto logy.
- SDFix
- log z AVPTool
- log z GMER
- log z DSS

[štefy]

Jak odinstaluju Avp? kdyz dam unintal tak hodi tuhle chybu

[fredik]

Jsou dvě varianty. Buď spustíš program a půjdeš do Settings a tam zrušíš zatržení u volby Enable Self-Defense. Vypneš program a pak ho odinstaluješ jak jsi chtěl.

Jinak původní postup je když spustíš program tak v hlavní okně dole klikni na položku Complete Antivirus Protection a přes ní to odinstaluješ. Jinak to bylo zmíněno na konci návodu

[štefy]

Postupoval sem podle postupu a u každého scanu(sdfix,gmer,dss) hodil počítač tuto chybu nejméně jednou(ale scan se dokončil).
Mam sem dat i tak logy z tech programu?

[štefy]

A ještě na tohle sem zapomněl. Při přihlášení na mě vyskočí tyhle hlášky, ale všechno normálně funguje