prosím o kontrolu logu

Zpráva

strojmir · #1 Příspěvek od **strojmir** » 16 říj 2011 21:48

Avast mě hlásil opakovaně výskyt Rootkitu v souboru C:\WINDOWS\system32\drivers\hardlock. Pokaždé nabídl smazání a následný scan počítače, to nepřineslo řešení. Použil jsem tedy ComboFix a zde je log z něj. Děkuji za posouzení a rady.

ComboFix 11-10-15.04 - user 16.10.2011 10:54:11.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.579 [GMT 2:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\user\Local Settings\Temporary Internet Files\TRNCOM.INI
c:\documents and settings\user\WINDOWS
c:\windows\IsUn0405.exe
c:\windows\system32\CF29235.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-16 do 2011-10-16 )))))))))))))))))))))))))))))))
.
.
2011-10-09 20:44 . 2011-10-09 20:44 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\Babylon
2011-10-09 20:44 . 2011-10-09 20:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Babylon
2011-10-09 20:44 . 2011-10-09 20:44 -------- d-----w- c:\documents and settings\user\Data aplikací\Babylon
2011-10-09 20:43 . 2011-10-09 20:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-10-09 20:23 . 2011-10-09 20:24 -------- d-----w- c:\documents and settings\user\Data aplikací\GetRightToGo
2011-10-02 08:18 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-10-02 08:18 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2011-10-02 08:15 . 2011-10-02 08:15 -------- d-----w- c:\program files\Microsoft Works
2011-10-02 08:15 . 2011-10-02 08:15 -------- d-----w- c:\program files\MSBuild
2011-10-02 08:13 . 2011-10-02 08:13 -------- d-----w- c:\program files\Microsoft.NET
2011-10-02 08:10 . 2011-10-02 08:10 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-10-02 08:09 . 2011-10-02 08:14 -------- d-----w- c:\windows\SHELLNEW
2011-10-02 08:08 . 2011-10-02 08:08 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\Microsoft Help
2011-10-02 08:08 . 2011-10-08 17:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2011-10-02 08:07 . 2011-10-02 08:07 -------- d-----r- C:\MSOCache
2011-09-22 23:56 . 2011-09-22 23:56 -------- d-----w- c:\documents and settings\user\Data aplikací\ATI
2011-09-22 23:56 . 2011-09-22 23:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-09-22 23:56 . 2011-09-22 23:56 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\ATI
2011-09-22 23:55 . 2011-09-22 23:55 0 ----a-w- c:\windows\ativpsrm.bin
2011-09-22 23:52 . 2003-11-10 16:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-09-22 23:52 . 2003-11-10 16:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-09-22 23:52 . 2003-11-10 16:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-09-22 23:52 . 2003-11-10 16:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-09-22 23:52 . 2003-11-10 16:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-09-22 23:52 . 2011-09-22 23:52 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-09-22 23:52 . 2011-09-22 23:52 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-09-22 23:52 . 2010-02-10 19:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2011-09-22 23:51 . 2011-09-22 23:54 -------- d-----w- c:\program files\ATI Technologies
2011-09-22 23:49 . 2011-09-22 23:49 -------- d-----w- C:\ATI
2011-09-22 22:50 . 2010-02-11 04:12 2670592 ----a-w- c:\windows\system32\ativvaxx.dll
2011-09-22 22:50 . 2004-08-17 13:49 516768 -c--a-w- c:\windows\system32\dllcache\ativvaxx.dll
2011-09-22 22:50 . 2010-02-11 04:25 3818144 ----a-w- c:\windows\system32\ati3duag.dll
2011-09-22 22:50 . 2004-08-17 13:49 1888992 -c--a-w- c:\windows\system32\dllcache\ati3duag.dll
2011-09-22 22:50 . 2010-02-11 07:38 3565056 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-09-22 22:50 . 2004-08-17 13:43 701440 -c--a-w- c:\windows\system32\dllcache\ati2mtag.sys
2011-09-22 22:50 . 2004-08-17 13:49 870784 -c--a-w- c:\windows\system32\dllcache\ati3d1ag.dll
2011-09-22 22:50 . 2004-08-17 13:49 870784 ----a-w- c:\windows\system32\ati3d1ag.dll
2011-09-22 22:50 . 2010-02-11 04:45 325120 ----a-w- c:\windows\system32\ati2dvag.dll
2011-09-22 22:50 . 2004-08-17 13:49 201728 -c--a-w- c:\windows\system32\dllcache\ati2dvag.dll
2011-09-22 22:50 . 2010-02-11 03:47 626688 ----a-w- c:\windows\system32\ati2cqag.dll
2011-09-22 22:50 . 2004-08-17 13:49 229376 -c--a-w- c:\windows\system32\dllcache\ati2cqag.dll
2011-09-22 20:52 . 2011-09-22 20:52 -------- d-----w- c:\program files\Intel
2011-09-22 20:51 . 2004-08-03 20:59 95360 ----a-w- c:\windows\system32\drivers\SET32.tmp
2011-09-22 20:48 . 2011-09-22 20:48 -------- d-----w- C:\PNP
2011-09-22 20:10 . 2004-08-03 21:07 42368 -c--a-w- c:\windows\system32\dllcache\agp440.sys
2011-09-22 20:10 . 2004-08-03 21:07 42368 ----a-w- c:\windows\system32\drivers\AGP440.SYS
2011-09-22 20:10 . 2004-08-17 13:44 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2011-09-22 20:10 . 2004-08-17 13:44 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2011-09-22 20:10 . 2004-08-03 21:08 20480 -c--a-w- c:\windows\system32\dllcache\usbuhci.sys
2011-09-22 20:10 . 2004-08-03 21:08 20480 ----a-w- c:\windows\system32\drivers\usbuhci.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-05 19:36 . 2011-05-30 21:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 20:45 . 2010-10-07 22:42 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-10-07 22:42 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-06-19 20:48 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2010-10-07 22:42 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-10-07 22:42 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-10-07 22:42 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-10-07 22:42 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2010-10-07 22:42 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2010-10-07 22:42 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2010-10-07 22:42 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-25 20:04 . 2009-02-21 17:22 824042 ----a-w- c:\documents and settings\user\Data aplikací\mdbu.bin
2008-01-12 10:57 . 2008-01-12 10:56 6583976 ----a-w- c:\program files\Opera_9.25_International_Setup.exe
2004-11-08 15:39 . 2009-04-09 12:07 65952 ----a-w- c:\program files\ttdvblcd.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-03 20:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_2.dll" [2011-01-17 175912]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-01-17 14:54 175912 ----a-w- c:\program files\MyAshampoo\prxtbMyA2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\BS_Player\prxtbBS_2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_2.dll" [2011-01-17 175912]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\prxtbBS_2.dll" [2011-01-17 175912]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyA2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-07-25 433360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-09-26 17353352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-01 4112384]
"nwiz"="nwiz.exe" [2004-07-01 843776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-01 81920]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-9-27 113664]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Hauppauge\\WinTV NOVA\\DVB-TV.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\gamese\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\Hauppauge\\WinTV NOVA\\DVBData.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\user\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"f:\\Blitzkrieg Anthology\\BK\\game.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [16.2.2007 23:11 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [16.2.2007 23:11 5248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [19.6.2011 22:48 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8.10.2010 0:42 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.10.2010 0:42 20568]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 CX88IR;Conexant 2388x IR Decoder;c:\windows\system32\drivers\cx88ir.sys [26.9.2005 16:08 10368]
S2 CX88XBAR;Conexant 2388x Crossbar;c:\windows\system32\drivers\cx88xbar.sys [26.9.2005 16:09 6528]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.1.2010 13:54 135664]
S2 P1C1394;Phase One 1394 Camera Driver;c:\windows\system32\Drivers\p1c1394.sys --> c:\windows\system32\Drivers\p1c1394.sys [?]
S3 ADM8211;corega WLPCIB-11;c:\windows\system32\drivers\COWPCIB5.sys [23.10.2005 18:51 84992]
S3 CXAVSAUD;Conexant 2388x AvStream Audio Capture;c:\windows\system32\drivers\cxavsaud.sys [26.9.2005 16:07 8320]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31.1.2010 13:54 135664]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\MTK.SYS [29.7.2007 11:14 15670]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [31.7.2011 20:24 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [31.7.2011 20:24 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [31.7.2011 20:24 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [31.7.2011 20:24 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [31.7.2011 20:24 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [31.7.2011 20:24 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [31.7.2011 20:24 123504]
S3 TTDVBLCD;TechnoTrend DVB PCI budget Driver;c:\windows\system32\drivers\ttdvblcd.sys [11.10.2005 21:24 65952]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 11:54]
.
2011-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 11:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=101433&mntrId=c8c0618e000000000000001109769f60
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
TCP: Interfaces\{092B6781-51F5-46E1-AD4E-53519D34694F}: NameServer = 10.102.177.129,10.102.1.1
TCP: Interfaces\{D53F8F48-4E0C-4A0C-BFDA-349107E1EEB2}: NameServer = 10.102.0.252,10.102.0.253
TCP: Interfaces\{F90B2F85-CCD4-453E-A220-6D87A3286DD8}: NameServer = 10.102.0.252,10.102.0.253
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Hauppauge Digital Teletext - c:\program files\Hauppauge\Digital Teletext\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-16 11:05
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-10-16 11:11:28
ComboFix-quarantined-files.txt 2011-10-16 09:11
.
Před spuštěním: 8 107 552 768
Po spuštění: Volných bajtů: 11 266 293 760
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3E141D8F19AF5877757FFCDE57D9BFEE

#2 Příspěvek od **Rudy** » 16 říj 2011 22:08

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\program files\BS_Player\prxtbBS_2.dll

Folder::
c:\program files\Winamp Toolbar

FCopy::
c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys | c:\windows\system32\drivers\atapi.sys

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"=-
[-HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKLM\Software\Microsoft\Internet Explorer\Main]
"Start Page"=

Uložte na plochu jako CFScript.txt. Pak jej maší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

strojmir · #3 Příspěvek od **strojmir** » 17 říj 2011 09:14

Děkuji za podporu. Vykonáno dle rady. Jen mě překvapilo, že ač předtím po prvním scanu AVAST nic nehlásil, po tomto dočištění ihned jakmile jsem jej zapnul opět vyskočila hláška o rootkitu ve stejném souboru. Pro jistotu vkládám log z následujícího scanu CF

ComboFix 11-10-16.02 - user 17.10.2011 1:19.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.668 [GMT 2:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\user\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
file zipped: c:\program files\BS_Player\prxtbBS_2.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Winamp Toolbar
c:\program files\Winamp Toolbar\apopup.dll
c:\program files\Winamp Toolbar\install.log
c:\program files\Winamp Toolbar\msvcr71.dll
c:\program files\Winamp Toolbar\uninstall.exe
c:\program files\Winamp Toolbar\winamptb.dll
c:\program files\Winamp Toolbar\winampTbServer.exe
c:\program files\Winamp Toolbar\winamptbServerPS.dll
c:\program files\Winamp Toolbar\xprt5.dll
.
.
--------------- FCopy ---------------
.
c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-16 do 2011-10-16 )))))))))))))))))))))))))))))))
.
.
2011-10-09 20:44 . 2011-10-09 20:44 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\Babylon
2011-10-09 20:44 . 2011-10-09 20:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Babylon
2011-10-09 20:44 . 2011-10-09 20:44 -------- d-----w- c:\documents and settings\user\Data aplikací\Babylon
2011-10-09 20:43 . 2011-10-09 20:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-10-09 20:23 . 2011-10-09 20:24 -------- d-----w- c:\documents and settings\user\Data aplikací\GetRightToGo
2011-10-02 08:18 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-10-02 08:18 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2011-10-02 08:15 . 2011-10-02 08:15 -------- d-----w- c:\program files\Microsoft Works
2011-10-02 08:15 . 2011-10-02 08:15 -------- d-----w- c:\program files\MSBuild
2011-10-02 08:13 . 2011-10-02 08:13 -------- d-----w- c:\program files\Microsoft.NET
2011-10-02 08:10 . 2011-10-02 08:10 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-10-02 08:09 . 2011-10-02 08:14 -------- d-----w- c:\windows\SHELLNEW
2011-10-02 08:08 . 2011-10-02 08:08 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\Microsoft Help
2011-10-02 08:08 . 2011-10-08 17:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2011-10-02 08:07 . 2011-10-02 08:07 -------- d-----r- C:\MSOCache
2011-09-22 23:56 . 2011-09-22 23:56 -------- d-----w- c:\documents and settings\user\Data aplikací\ATI
2011-09-22 23:56 . 2011-09-22 23:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-09-22 23:56 . 2011-09-22 23:56 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\ATI
2011-09-22 23:55 . 2011-09-22 23:55 0 ----a-w- c:\windows\ativpsrm.bin
2011-09-22 23:52 . 2003-11-10 16:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-09-22 23:52 . 2003-11-10 16:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-09-22 23:52 . 2003-11-10 16:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-09-22 23:52 . 2003-11-10 16:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-09-22 23:52 . 2003-11-10 16:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-09-22 23:52 . 2011-09-22 23:52 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-09-22 23:52 . 2011-09-22 23:52 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-09-22 23:52 . 2010-02-10 19:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2011-09-22 23:51 . 2011-09-22 23:54 -------- d-----w- c:\program files\ATI Technologies
2011-09-22 23:49 . 2011-09-22 23:49 -------- d-----w- C:\ATI
2011-09-22 22:50 . 2010-02-11 04:12 2670592 ----a-w- c:\windows\system32\ativvaxx.dll
2011-09-22 22:50 . 2004-08-17 13:49 516768 -c--a-w- c:\windows\system32\dllcache\ativvaxx.dll
2011-09-22 22:50 . 2010-02-11 04:25 3818144 ----a-w- c:\windows\system32\ati3duag.dll
2011-09-22 22:50 . 2004-08-17 13:49 1888992 -c--a-w- c:\windows\system32\dllcache\ati3duag.dll
2011-09-22 22:50 . 2010-02-11 07:38 3565056 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-09-22 22:50 . 2004-08-17 13:43 701440 -c--a-w- c:\windows\system32\dllcache\ati2mtag.sys
2011-09-22 22:50 . 2004-08-17 13:49 870784 -c--a-w- c:\windows\system32\dllcache\ati3d1ag.dll
2011-09-22 22:50 . 2004-08-17 13:49 870784 ----a-w- c:\windows\system32\ati3d1ag.dll
2011-09-22 22:50 . 2010-02-11 04:45 325120 ----a-w- c:\windows\system32\ati2dvag.dll
2011-09-22 22:50 . 2004-08-17 13:49 201728 -c--a-w- c:\windows\system32\dllcache\ati2dvag.dll
2011-09-22 22:50 . 2010-02-11 03:47 626688 ----a-w- c:\windows\system32\ati2cqag.dll
2011-09-22 22:50 . 2004-08-17 13:49 229376 -c--a-w- c:\windows\system32\dllcache\ati2cqag.dll
2011-09-22 20:52 . 2011-09-22 20:52 -------- d-----w- c:\program files\Intel
2011-09-22 20:51 . 2004-08-03 20:59 95360 ----a-w- c:\windows\system32\drivers\SET32.tmp
2011-09-22 20:48 . 2011-09-22 20:48 -------- d-----w- C:\PNP
2011-09-22 20:10 . 2004-08-03 21:07 42368 -c--a-w- c:\windows\system32\dllcache\agp440.sys
2011-09-22 20:10 . 2004-08-03 21:07 42368 ----a-w- c:\windows\system32\drivers\AGP440.SYS
2011-09-22 20:10 . 2004-08-17 13:44 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2011-09-22 20:10 . 2004-08-17 13:44 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2011-09-22 20:10 . 2004-08-03 21:08 20480 -c--a-w- c:\windows\system32\dllcache\usbuhci.sys
2011-09-22 20:10 . 2004-08-03 21:08 20480 ----a-w- c:\windows\system32\drivers\usbuhci.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-05 19:36 . 2011-05-30 21:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 20:45 . 2010-10-07 22:42 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-10-07 22:42 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-06-19 20:48 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2010-10-07 22:42 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-10-07 22:42 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-10-07 22:42 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-10-07 22:42 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2010-10-07 22:42 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2010-10-07 22:42 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2010-10-07 22:42 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-25 20:04 . 2009-02-21 17:22 824042 ----a-w- c:\documents and settings\user\Data aplikací\mdbu.bin
2008-01-12 10:57 . 2008-01-12 10:56 6583976 ----a-w- c:\program files\Opera_9.25_International_Setup.exe
2004-11-08 15:39 . 2009-04-09 12:07 65952 ----a-w- c:\program files\ttdvblcd.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-03 20:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-10-16_09.05.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-16 23:33 . 2011-10-16 23:33 16384 c:\windows\Temp\Perflib_Perfdata_280.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-01-17 14:54 175912 ----a-w- c:\program files\MyAshampoo\prxtbMyA2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyA2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-07-25 433360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-09-26 17353352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-01 4112384]
"nwiz"="nwiz.exe" [2004-07-01 843776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-01 81920]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-9-27 113664]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Hauppauge\\WinTV NOVA\\DVB-TV.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\gamese\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\Hauppauge\\WinTV NOVA\\DVBData.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\user\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"f:\\Blitzkrieg Anthology\\BK\\game.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [16.2.2007 23:11 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [16.2.2007 23:11 5248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [19.6.2011 22:48 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8.10.2010 0:42 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.10.2010 0:42 20568]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 CX88IR;Conexant 2388x IR Decoder;c:\windows\system32\drivers\cx88ir.sys [26.9.2005 16:08 10368]
S2 CX88XBAR;Conexant 2388x Crossbar;c:\windows\system32\drivers\cx88xbar.sys [26.9.2005 16:09 6528]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.1.2010 13:54 135664]
S2 OMSCAN;OMSCAN;\SysČ --> \SysČ [?]
S2 P1C1394;Phase One 1394 Camera Driver;c:\windows\system32\Drivers\p1c1394.sys --> c:\windows\system32\Drivers\p1c1394.sys [?]
S3 ADM8211;corega WLPCIB-11;c:\windows\system32\drivers\COWPCIB5.sys [23.10.2005 18:51 84992]
S3 CXAVSAUD;Conexant 2388x AvStream Audio Capture;c:\windows\system32\drivers\cxavsaud.sys [26.9.2005 16:07 8320]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31.1.2010 13:54 135664]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\MTK.SYS [29.7.2007 11:14 15670]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [31.7.2011 20:24 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [31.7.2011 20:24 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [31.7.2011 20:24 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [31.7.2011 20:24 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [31.7.2011 20:24 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [31.7.2011 20:24 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [31.7.2011 20:24 123504]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [31.7.2011 20:24 155344]
S3 TTDVBLCD;TechnoTrend DVB PCI budget Driver;c:\windows\system32\drivers\ttdvblcd.sys [11.10.2005 21:24 65952]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 11:54]
.
2011-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 11:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=101433&mntrId=c8c0618e000000000000001109769f60
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
TCP: Interfaces\{092B6781-51F5-46E1-AD4E-53519D34694F}: NameServer = 10.102.177.129,10.102.1.1
TCP: Interfaces\{D53F8F48-4E0C-4A0C-BFDA-349107E1EEB2}: NameServer = 10.102.0.252,10.102.0.253
TCP: Interfaces\{F90B2F85-CCD4-453E-A220-6D87A3286DD8}: NameServer = 10.102.0.252,10.102.0.253
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
BHO-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
AddRemove-Winamp Toolbar - c:\program files\Winamp Toolbar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-17 01:34
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(556)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\devldr32.exe
c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2011-10-17 01:39:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-16 23:39
ComboFix2.txt 2011-10-16 09:11
.
Před spuštěním: Volných bajtů: 11 200 016 384
Po spuštění: Volných bajtů: 11 198 828 544
.
- - End Of File - - CC85228AB5C8F816F3CFBBE8AAFD4A62
Nahr nˇ probŘhlo ŁspŘçnŘ

#4 Příspěvek od **Rudy** » 17 říj 2011 16:59

Stáhněte MBR: http://www2.gmer.net/mbr/mbr.exe a uložte na plochu. Pak přes Start>spustit>(napsat)>"%userprofile%\plocha\mbr -t -s MBR spusťte. Utilita vytvoří krátký log, který sem vložte.

strojmir · #5 Příspěvek od **strojmir** » 18 říj 2011 10:31

Rád bych, ale nejde mi takto spustit, na ploše ale je a funkční

Nemůže ho nalézt. Zkusil jsem i napsat celou cestu, ale to samé...

#6 Příspěvek od **Rudy** » 18 říj 2011 17:45

Zkuste ho spustit standardně dvouklikem.

strojmir · #7 Příspěvek od **strojmir** » 19 říj 2011 17:13

Aha, to jsem už měl a chtěl sem dát hned, ale jsem myslel že je tam v tom řádku ještě nějaký doplňující příkaz. Takže z normálního spuštění je výsledek tento :

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HDS728080PLAT20 rev.PF2OA21B -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

#8 Příspěvek od **Rudy** » 19 říj 2011 17:59

Toto je OK, ale jedna věc v logu ComboFix se mi nelíbí. Zkuste ještě GMER: http://www.viry.cz/forum/viewtopic.php?f=29&t=62878 . Dejte oba logy.

strojmir · #9 Příspěvek od **strojmir** » 20 říj 2011 09:16

1 log z GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-10-19 22:30:16
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HDS728080PLAT20 rev.PF2OA21B
Running: gmer.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\uwtdypow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xBA4C3D5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xBA4C3BC5]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xBA5439A6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 86BBD528
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 86BBD528
Device \Driver\atapi \Device\Ide\IdePort1 86BBD528
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 86BBD528
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 86BBD528
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 86B70308
Device \Driver\a347scsi \Device\Scsi\a347scsi1 86B70308
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 86F86268

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Fastfat \Fat 86DF4B90

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Modules - GMER 1.0.15 ----

Module _________ F7589000-F75A1000 (98304 bytes)

---- EOF - GMER 1.0.15 ----

strojmir · #10 Příspěvek od **strojmir** » 20 říj 2011 09:21

2log z GMER 1 část

MER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-20 06:29:49
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HDS728080PLAT20 rev.PF2OA21B
Running: gmer.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\uwtdypow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xBA49F374]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xBA52E2B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xBA4C3829]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xBA4A1996]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xBA4A19EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xBA4A1B04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xBA4C31DD]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xBA4A18EC]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xF7626B00]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xBA4A1A3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xBA4A1940]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xBA4A1AB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xBA49F398]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xBA4C3EEF]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xBA4C41A5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xBA4A1D88]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xBA4C3D5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xBA4C3BC5]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xBA52E368]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xBA49F162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xBA49F3BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xBA4A1EFC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xBA49FE54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xBA4A19C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xBA4A1A16]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenFile [0xF7626B40]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xBA4A1B2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xBA4C3539]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xBA4A1918]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xBA4A1BC0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xBA4A1A7E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xBA4A196E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xBA4A1CA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xBA4A1ADC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xBA52E400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xBA4C3A40]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xBA49FD1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xBA4C3892]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xBA5366E2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xBA4C2850]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xBA49F3E0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xBA49F404]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xBA49F1BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xBA49F2F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xBA4C3FF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xBA49F2D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xBA49F31C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xBA49F428]

INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) B7F6D16D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) B7F6CFC2

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xBA5439A6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 217 804E2EE8 16 Bytes [C6, 19, 4A, BA, 16, 1A, 4A, ...]
PAGE ntoskrnl.exe!ObInsertObject 805648A3 5 Bytes JMP BA540E84 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056A5DC 4 Bytes CALL BA4A04AF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 805885D3 7 Bytes JMP BA5439AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A2BF9 5 Bytes JMP BA53F3DE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF680F000, 0x1C5D38, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF80BA4F 5 Bytes JMP BA4A2E48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF810175 5 Bytes JMP BA4A2D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 92C BF827A40 5 Bytes JMP BA4A20DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + D80 BF83331E 5 Bytes JMP BA4A2FB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 7717 BF839CB5 5 Bytes JMP BA4A31BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 112EA BF843888 5 Bytes JMP BA4A2016 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 5509 BF849B03 5 Bytes JMP BA4A21E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 1437 BF854BF4 5 Bytes JMP BA4A2CC4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1036 BF857AD0 5 Bytes JMP BA4A2EFA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 62A3 BF87FFC9 5 Bytes JMP BA4A2326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 632C BF880052 5 Bytes JMP BA4A24CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 70B0 BF880DD6 5 Bytes JMP BA4A1FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 245E BF884C65 5 Bytes JMP BA4A3118 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_hGetColorTransform + AFDD BF89F83F 5 Bytes JMP BA4A24A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4E4C BF8CEEE3 5 Bytes JMP BA4A1F32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + A434 BF8DAA77 5 Bytes JMP BA4A2D7E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 77D BF8FAF04 5 Bytes JMP BA4A214A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 58C BF908B12 5 Bytes JMP BA4A2254 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 80C BF908D92 5 Bytes JMP BA4A228E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1993 BF911AD9 5 Bytes JMP BA4A2096 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2567 BF9126AD 5 Bytes JMP BA4A21AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EC1 BF915007 5 Bytes JMP BA4A25E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 191E BF94290C 5 Bytes JMP BA4A3070 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xB790E400, 0x4F80E, 0xE0000020]
.protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB7978620] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB7978620]
.protect˙˙˙˙hardlockunknown last code section [0xB7978400, 0x54C8, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xB7978400, 0x54C8, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\ctfmon.exe[200] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[200] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[200] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[200] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[200] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00371014
.text C:\WINDOWS\system32\ctfmon.exe[200] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00370804
.text C:\WINDOWS\system32\ctfmon.exe[200] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00370A08
.text C:\WINDOWS\system32\ctfmon.exe[200] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00370C0C
.text C:\WINDOWS\system32\ctfmon.exe[200] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00370E10
.text C:\WINDOWS\system32\ctfmon.exe[200] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\ctfmon.exe[200] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\ctfmon.exe[200] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00370600
.text C:\WINDOWS\system32\ctfmon.exe[200] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\ctfmon.exe[200] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\ctfmon.exe[200] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\ctfmon.exe[200] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\ctfmon.exe[200] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00380600
.text C:\Program Files\Bonjour\mDNSResponder.exe[244] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[244] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[244] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[244] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[244] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\Program Files\Bonjour\mDNSResponder.exe[244] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[244] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[244] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[244] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[244] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[244] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[244] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[244] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[244] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E03FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[244] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[244] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[244] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003E0600
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe[300] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe[300] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe[300] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe[300] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe[300] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003F01F8
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe[300] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003F03FC
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe[300] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003F0804
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe[300] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003F0A08
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe[300] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003F0600
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe[300] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 004D1014
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe[300] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 004D0804
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe[300] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 004D0A08
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe[300] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 004D0C0C
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe[300] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 004D0E10
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe[300] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 004D01F8
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe[300] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 004D03FC
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe[300] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 004D0600
.text C:\WINDOWS\System32\smss.exe[680] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[688] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[688] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[688] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[688] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[688] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00301014
.text C:\WINDOWS\Explorer.EXE[688] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00300804
.text C:\WINDOWS\Explorer.EXE[688] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00300A08
.text C:\WINDOWS\Explorer.EXE[688] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00300C0C
.text C:\WINDOWS\Explorer.EXE[688] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00300E10
.text C:\WINDOWS\Explorer.EXE[688] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003001F8
.text C:\WINDOWS\Explorer.EXE[688] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003003FC
.text C:\WINDOWS\Explorer.EXE[688] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00300600
.text C:\WINDOWS\Explorer.EXE[688] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003101F8
.text C:\WINDOWS\Explorer.EXE[688] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003103FC
.text C:\WINDOWS\Explorer.EXE[688] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00310804
.text C:\WINDOWS\Explorer.EXE[688] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00310A08
.text C:\WINDOWS\Explorer.EXE[688] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[744] KERNEL32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[776] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[776] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[776] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[776] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[776] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\winlogon.exe[776] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\winlogon.exe[776] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\winlogon.exe[776] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\winlogon.exe[776] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\winlogon.exe[776] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\winlogon.exe[776] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\winlogon.exe[776] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\winlogon.exe[776] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\winlogon.exe[776] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\winlogon.exe[776] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\winlogon.exe[776] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\winlogon.exe[776] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\lsass.exe[840] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[840] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[840] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[840] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[840] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\lsass.exe[840] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\lsass.exe[840] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\lsass.exe[840] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\lsass.exe[840] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\lsass.exe[840] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\lsass.exe[840] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\lsass.exe[840] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\lsass.exe[840] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\lsass.exe[840] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\lsass.exe[840] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\lsass.exe[840] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\lsass.exe[840] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600

strojmir · #11 Příspěvek od **strojmir** » 20 říj 2011 09:23

2 log z GMER 2část

.text C:\WINDOWS\system32\devldr32.exe[884] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\devldr32.exe[884] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\devldr32.exe[884] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\devldr32.exe[884] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\devldr32.exe[884] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\devldr32.exe[884] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\devldr32.exe[884] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\devldr32.exe[884] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\devldr32.exe[884] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\devldr32.exe[884] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\devldr32.exe[884] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\devldr32.exe[884] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\devldr32.exe[884] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\devldr32.exe[884] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\devldr32.exe[884] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\devldr32.exe[884] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\devldr32.exe[884] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\Ati2evxx.exe[992] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\Ati2evxx.exe[992] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[992] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\Ati2evxx.exe[992] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[992] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[992] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[992] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\Ati2evxx.exe[992] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[992] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\Ati2evxx.exe[992] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003E1014
.text C:\WINDOWS\system32\Ati2evxx.exe[992] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\Ati2evxx.exe[992] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[992] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[992] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003E0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[992] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[992] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[992] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1092] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1092] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1092] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1092] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1092] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1092] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1092] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1092] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\svchost.exe[1180] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[1180] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[1180] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[1180] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[1180] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003E1014
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003E0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003E0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1344] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1344] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1344] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1344] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1344] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1344] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1344] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1344] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1344] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1344] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1344] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1344] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1344] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1344] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1344] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1344] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1344] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003E0600
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1360] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1360] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1360] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1360] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1360] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1360] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1360] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1360] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1360] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1360] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1360] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1360] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1360] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1360] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1360] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1360] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1360] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\Program Files\Winamp\winampa.exe[1368] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000801F8
.text C:\Program Files\Winamp\winampa.exe[1368] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Winamp\winampa.exe[1368] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000803FC
.text C:\Program Files\Winamp\winampa.exe[1368] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Winamp\winampa.exe[1368] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003101F8
.text C:\Program Files\Winamp\winampa.exe[1368] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003103FC
.text C:\Program Files\Winamp\winampa.exe[1368] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00310804
.text C:\Program Files\Winamp\winampa.exe[1368] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00310A08
.text C:\Program Files\Winamp\winampa.exe[1368] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00310600
.text C:\Program Files\Winamp\winampa.exe[1368] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00321014
.text C:\Program Files\Winamp\winampa.exe[1368] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00320804
.text C:\Program Files\Winamp\winampa.exe[1368] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00320A08
.text C:\Program Files\Winamp\winampa.exe[1368] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00320C0C
.text C:\Program Files\Winamp\winampa.exe[1368] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00320E10
.text C:\Program Files\Winamp\winampa.exe[1368] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003201F8
.text C:\Program Files\Winamp\winampa.exe[1368] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003203FC
.text C:\Program Files\Winamp\winampa.exe[1368] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1376] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1376] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1376] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1376] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1376] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1504] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1504] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1504] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1504] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1504] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\Program Files\Java\jre6\bin\jqs.exe[1504] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1504] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1504] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1504] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[1504] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1504] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1504] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1504] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1504] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1504] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1504] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1504] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003E0600
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1524] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1524] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1524] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1524] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1524] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003F01F8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1524] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003F03FC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1524] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003F0804
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1524] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003F0A08
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1524] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003F0600
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1524] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00411014
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1524] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00410804
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1524] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00410A08
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1524] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00410C0C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1524] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00410E10
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1524] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 004101F8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1524] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 004103FC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1524] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00410600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1564] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1564] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1564] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1564] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1564] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1564] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1564] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1564] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1564] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1564] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1564] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1564] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1776] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1776] KERNEL32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]

strojmir · #12 Příspěvek od **strojmir** » 20 říj 2011 09:25

2 log z GMER 3 část

.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1808] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1808] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1808] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1808] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1808] USER32.dll!SetPropW + 11B 77D3DECE 7 Bytes JMP 004C28D0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1808] USER32.dll!SetWindowRgn + 2BD 77D4209D 7 Bytes JMP 004C2780 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1808] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 005101F8
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1808] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 005103FC
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1808] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00510804
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1808] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00510A08
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1808] USER32.dll!SetClipboardData + 259 77D60169 7 Bytes JMP 004C28B0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1808] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00510600
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1808] USER32.dll!MessageBoxA + 49 77D70554 7 Bytes JMP 004C29A0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1808] USER32.dll!MessageBoxExW + 1F 77D70578 7 Bytes JMP 004C29F0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1808] USER32.dll!MessageBoxTimeoutA + CA 77D860B2 7 Bytes JMP 004C2920 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1808] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00521014
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1808] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00520804
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1808] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00520A08
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1808] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00520C0C
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1808] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00520E10
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1808] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 005201F8
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1808] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 005203FC
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1808] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00520600
.text C:\Program Files\Skype\Phone\Skype.exe[1920] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Skype\Phone\Skype.exe[1920] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Skype\Phone\Skype.exe[1920] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Skype\Phone\Skype.exe[1920] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Skype\Phone\Skype.exe[1920] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 029401F8
.text C:\Program Files\Skype\Phone\Skype.exe[1920] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 029403FC
.text C:\Program Files\Skype\Phone\Skype.exe[1920] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 02940804
.text C:\Program Files\Skype\Phone\Skype.exe[1920] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 02940A08
.text C:\Program Files\Skype\Phone\Skype.exe[1920] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 02940600
.text C:\Program Files\Skype\Phone\Skype.exe[1920] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 02931014
.text C:\Program Files\Skype\Phone\Skype.exe[1920] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 02930804
.text C:\Program Files\Skype\Phone\Skype.exe[1920] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 02930A08
.text C:\Program Files\Skype\Phone\Skype.exe[1920] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 02930C0C
.text C:\Program Files\Skype\Phone\Skype.exe[1920] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 02930E10
.text C:\Program Files\Skype\Phone\Skype.exe[1920] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 029301F8
.text C:\Program Files\Skype\Phone\Skype.exe[1920] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 029303FC
.text C:\Program Files\Skype\Phone\Skype.exe[1920] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 02930600
.text C:\WINDOWS\system32\spoolsv.exe[1964] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1964] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1964] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1964] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1964] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\spoolsv.exe[1964] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\spoolsv.exe[1964] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\spoolsv.exe[1964] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1964] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\spoolsv.exe[1964] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\spoolsv.exe[1964] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\spoolsv.exe[1964] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\spoolsv.exe[1964] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\spoolsv.exe[1964] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\spoolsv.exe[1964] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\spoolsv.exe[1964] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\spoolsv.exe[1964] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\alg.exe[2596] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[2596] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2596] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[2596] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2596] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\alg.exe[2596] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\alg.exe[2596] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\alg.exe[2596] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\alg.exe[2596] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\alg.exe[2596] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00301014
.text C:\WINDOWS\System32\alg.exe[2596] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\alg.exe[2596] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\alg.exe[2596] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00300C0C
.text C:\WINDOWS\System32\alg.exe[2596] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00300E10
.text C:\WINDOWS\System32\alg.exe[2596] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\alg.exe[2596] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\alg.exe[2596] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00300600
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3280] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3280] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3280] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3704] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3704] KERNEL32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Documents and Settings\user\Plocha\gmer.exe[3920] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Documents and Settings\user\Plocha\gmer.exe[3920] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Documents and Settings\user\Plocha\gmer.exe[3920] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Documents and Settings\user\Plocha\gmer.exe[3920] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Documents and Settings\user\Plocha\gmer.exe[3920] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 3 Bytes JMP 009B1014
.text C:\Documents and Settings\user\Plocha\gmer.exe[3920] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E26BE5 1 Byte [88]
.text C:\Documents and Settings\user\Plocha\gmer.exe[3920] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 009B0804
.text C:\Documents and Settings\user\Plocha\gmer.exe[3920] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 009B0A08
.text C:\Documents and Settings\user\Plocha\gmer.exe[3920] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 009B0C0C
.text C:\Documents and Settings\user\Plocha\gmer.exe[3920] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 009B0E10
.text C:\Documents and Settings\user\Plocha\gmer.exe[3920] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 009B01F8
.text C:\Documents and Settings\user\Plocha\gmer.exe[3920] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 009B03FC
.text C:\Documents and Settings\user\Plocha\gmer.exe[3920] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 009B0600
.text C:\Documents and Settings\user\Plocha\gmer.exe[3920] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 00AC01F8
.text C:\Documents and Settings\user\Plocha\gmer.exe[3920] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 00AC03FC
.text C:\Documents and Settings\user\Plocha\gmer.exe[3920] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00AC0804
.text C:\Documents and Settings\user\Plocha\gmer.exe[3920] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00AC0A08
.text C:\Documents and Settings\user\Plocha\gmer.exe[3920] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00AC0600

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00620002
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00620000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 86F86268

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Fastfat \FatCdrom 86DF4B90
Device \FileSystem\Udfs \UdfsCdRom 86F63228
Device \FileSystem\Udfs \UdfsDisk 86F63228

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Cdrom \Device\CdRom0 86BB96E8
Device \FileSystem\Rdbss \Device\FsWrap 8661CB70
Device \Driver\atapi \Device\Ide\IdePort0 86BBD528
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 86BBD528
Device \Driver\atapi \Device\Ide\IdePort1 86BBD528
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 86BBD528
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 86BBD528
Device \Driver\Cdrom \Device\CdRom1 86BB96E8
Device \FileSystem\Srv \Device\LanmanServer 86BA6780

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86B92A90
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86B92A90
Device \FileSystem\Npfs \Device\NamedPipe 86B42AF0
Device \FileSystem\Msfs \Device\Mailslot 86CB1178
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 86B70308
Device \Driver\a347scsi \Device\Scsi\a347scsi1 86B70308
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Fastfat \Fat 86DF4B90

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 86B44530
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 86B44530
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 86B44530
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 86B44530
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 86B44530
Device \FileSystem\Cdfs \Cdfs B7848400
Device \FileSystem\Cdfs \Cdfs 86CBD760

---- Modules - GMER 1.0.15 ----

Module _________ F7589000-F75A1000 (98304 bytes)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}@DisplayName Alcohol 120%
Reg HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6@ProductName Alcohol 120%

---- EOF - GMER 1.0.15 ----

#13 Příspěvek od **Rudy** » 20 říj 2011 17:31

Ani zde nic nevidím. Pak nechápu tento zápis ComboFixu.

2004-08-03 20:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys

Zašlu vám ten soubor a vy ho pomocí CF překopírujete do příslušného adresáře. Soubor stáhněte a rozbalte na plochu. Pak spusťte CF tímto skriptem:

FCopy::
c:\documents and settings\user\Plocha\atapi.sys | c:\windows\system32\drivers\atapi.sys

atapi.rar: (44.64 KiB) Staženo 34 x

strojmir · #14 Příspěvek od **strojmir** » 21 říj 2011 20:10

Soubor nahrazen, zde je log z CF

ComboFix 11-10-21.03 - user 21.10.2011 20:45:24.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.461 [GMT 2:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\user\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\user\Plocha\Setup.exe
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\d3d9caps.dat
.
.
--------------- FCopy ---------------
.
c:\documents and settings\user\Plocha\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-21 do 2011-10-21 )))))))))))))))))))))))))))))))
.
.
2011-10-09 20:44 . 2011-10-09 20:44 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\Babylon
2011-10-09 20:44 . 2011-10-09 20:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Babylon
2011-10-09 20:44 . 2011-10-09 20:44 -------- d-----w- c:\documents and settings\user\Data aplikací\Babylon
2011-10-09 20:43 . 2011-10-09 20:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-10-09 20:23 . 2011-10-09 20:24 -------- d-----w- c:\documents and settings\user\Data aplikací\GetRightToGo
2011-10-02 08:18 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-10-02 08:18 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2011-10-02 08:15 . 2011-10-02 08:15 -------- d-----w- c:\program files\Microsoft Works
2011-10-02 08:15 . 2011-10-02 08:15 -------- d-----w- c:\program files\MSBuild
2011-10-02 08:13 . 2011-10-02 08:13 -------- d-----w- c:\program files\Microsoft.NET
2011-10-02 08:10 . 2011-10-02 08:10 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-10-02 08:09 . 2011-10-02 08:14 -------- d-----w- c:\windows\SHELLNEW
2011-10-02 08:08 . 2011-10-02 08:08 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\Microsoft Help
2011-10-02 08:08 . 2011-10-08 17:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2011-10-02 08:07 . 2011-10-02 08:07 -------- d-----r- C:\MSOCache
2011-09-22 23:56 . 2011-09-22 23:56 -------- d-----w- c:\documents and settings\user\Data aplikací\ATI
2011-09-22 23:56 . 2011-09-22 23:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-09-22 23:56 . 2011-09-22 23:56 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\ATI
2011-09-22 23:55 . 2011-09-22 23:55 0 ----a-w- c:\windows\ativpsrm.bin
2011-09-22 23:52 . 2003-11-10 16:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-09-22 23:52 . 2003-11-10 16:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-09-22 23:52 . 2003-11-10 16:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-09-22 23:52 . 2003-11-10 16:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-09-22 23:52 . 2003-11-10 16:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-09-22 23:52 . 2011-09-22 23:52 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-09-22 23:52 . 2011-09-22 23:52 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-09-22 23:52 . 2010-02-10 19:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2011-09-22 23:51 . 2011-09-22 23:54 -------- d-----w- c:\program files\ATI Technologies
2011-09-22 23:49 . 2011-09-22 23:49 -------- d-----w- C:\ATI
2011-09-22 22:50 . 2010-02-11 04:12 2670592 ----a-w- c:\windows\system32\ativvaxx.dll
2011-09-22 22:50 . 2004-08-17 13:49 516768 -c--a-w- c:\windows\system32\dllcache\ativvaxx.dll
2011-09-22 22:50 . 2010-02-11 04:25 3818144 ----a-w- c:\windows\system32\ati3duag.dll
2011-09-22 22:50 . 2004-08-17 13:49 1888992 -c--a-w- c:\windows\system32\dllcache\ati3duag.dll
2011-09-22 22:50 . 2010-02-11 07:38 3565056 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-09-22 22:50 . 2004-08-17 13:43 701440 -c--a-w- c:\windows\system32\dllcache\ati2mtag.sys
2011-09-22 22:50 . 2004-08-17 13:49 870784 -c--a-w- c:\windows\system32\dllcache\ati3d1ag.dll
2011-09-22 22:50 . 2004-08-17 13:49 870784 ----a-w- c:\windows\system32\ati3d1ag.dll
2011-09-22 22:50 . 2010-02-11 04:45 325120 ----a-w- c:\windows\system32\ati2dvag.dll
2011-09-22 22:50 . 2004-08-17 13:49 201728 -c--a-w- c:\windows\system32\dllcache\ati2dvag.dll
2011-09-22 22:50 . 2010-02-11 03:47 626688 ----a-w- c:\windows\system32\ati2cqag.dll
2011-09-22 22:50 . 2004-08-17 13:49 229376 -c--a-w- c:\windows\system32\dllcache\ati2cqag.dll
2011-09-22 20:52 . 2011-09-22 20:52 -------- d-----w- c:\program files\Intel
2011-09-22 20:51 . 2004-08-03 20:59 95360 ----a-w- c:\windows\system32\drivers\SET32.tmp
2011-09-22 20:48 . 2011-09-22 20:48 -------- d-----w- C:\PNP
2011-09-22 20:10 . 2004-08-03 21:07 42368 -c--a-w- c:\windows\system32\dllcache\agp440.sys
2011-09-22 20:10 . 2004-08-03 21:07 42368 ----a-w- c:\windows\system32\drivers\AGP440.SYS
2011-09-22 20:10 . 2004-08-17 13:44 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2011-09-22 20:10 . 2004-08-17 13:44 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2011-09-22 20:10 . 2004-08-03 21:08 20480 -c--a-w- c:\windows\system32\dllcache\usbuhci.sys
2011-09-22 20:10 . 2004-08-03 21:08 20480 ----a-w- c:\windows\system32\drivers\usbuhci.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-05 19:36 . 2011-05-30 21:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 20:45 . 2010-10-07 22:42 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-10-07 22:42 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-06-19 20:48 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2010-10-07 22:42 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-10-07 22:42 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-10-07 22:42 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-10-07 22:42 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2010-10-07 22:42 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2010-10-07 22:42 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2010-10-07 22:42 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-25 20:04 . 2009-02-21 17:22 824042 ----a-w- c:\documents and settings\user\Data aplikací\mdbu.bin
2008-01-12 10:57 . 2008-01-12 10:56 6583976 ----a-w- c:\program files\Opera_9.25_International_Setup.exe
2004-11-08 15:39 . 2009-04-09 12:07 65952 ----a-w- c:\program files\ttdvblcd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-16_09.05.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-21 06:22 . 2011-10-21 06:22 16384 c:\windows\Temp\Perflib_Perfdata_1b8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-01-17 14:54 175912 ----a-w- c:\program files\MyAshampoo\prxtbMyA2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyA2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-07-25 433360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-09-26 17353352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-01 4112384]
"nwiz"="nwiz.exe" [2004-07-01 843776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-01 81920]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-9-27 113664]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Hauppauge\\WinTV NOVA\\DVB-TV.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\gamese\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\Hauppauge\\WinTV NOVA\\DVBData.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\user\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"f:\\Blitzkrieg Anthology\\BK\\game.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [16.2.2007 23:11 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [16.2.2007 23:11 5248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [19.6.2011 22:48 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8.10.2010 0:42 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.10.2010 0:42 20568]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 CX88IR;Conexant 2388x IR Decoder;c:\windows\system32\drivers\cx88ir.sys [26.9.2005 16:08 10368]
S2 CX88XBAR;Conexant 2388x Crossbar;c:\windows\system32\drivers\cx88xbar.sys [26.9.2005 16:09 6528]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.1.2010 13:54 135664]
S2 P1C1394;Phase One 1394 Camera Driver;c:\windows\system32\Drivers\p1c1394.sys --> c:\windows\system32\Drivers\p1c1394.sys [?]
S3 ADM8211;corega WLPCIB-11;c:\windows\system32\drivers\COWPCIB5.sys [23.10.2005 18:51 84992]
S3 CXAVSAUD;Conexant 2388x AvStream Audio Capture;c:\windows\system32\drivers\cxavsaud.sys [26.9.2005 16:07 8320]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31.1.2010 13:54 135664]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\MTK.SYS [29.7.2007 11:14 15670]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [31.7.2011 20:24 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [31.7.2011 20:24 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [31.7.2011 20:24 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [31.7.2011 20:24 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [31.7.2011 20:24 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [31.7.2011 20:24 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [31.7.2011 20:24 123504]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [31.7.2011 20:24 155344]
S3 TTDVBLCD;TechnoTrend DVB PCI budget Driver;c:\windows\system32\drivers\ttdvblcd.sys [11.10.2005 21:24 65952]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 11:54]
.
2011-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 11:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=101433&mntrId=c8c0618e000000000000001109769f60
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
TCP: Interfaces\{092B6781-51F5-46E1-AD4E-53519D34694F}: NameServer = 10.102.177.129,10.102.1.1
TCP: Interfaces\{D53F8F48-4E0C-4A0C-BFDA-349107E1EEB2}: NameServer = 10.102.0.252,10.102.0.253
TCP: Interfaces\{F90B2F85-CCD4-453E-A220-6D87A3286DD8}: NameServer = 10.102.0.252,10.102.0.253
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-21 20:59
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-10-21 21:05:03
ComboFix-quarantined-files.txt 2011-10-21 19:04
ComboFix2.txt 2011-10-16 23:40
ComboFix3.txt 2011-10-16 09:11
.
Před spuštěním: 6 339 117 056
Po spuštění: 6 431 657 984
.
- - End Of File - - AC0E8E5198A72824BD5619E690CB42B7

#15 Příspěvek od **Rudy** » 21 říj 2011 20:16

Log již vypadá čistý. Nastala nějaká změna?

VIRY.CZ

prosím o kontrolu logu

prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu