tu je log z AVP Tool
Autoscan: stopped 5 hours ago (events: 2, objects: 0, time: 00:00:03)
23. 3. 2010 17:36:09 Task started
23. 3. 2010 17:36:12 Task stopped
Autoscan: completed 6 minutes ago (events: 83, objects: 399951, time: 01:49:44)
23. 3. 2010 17:36:17 Task started
23. 3. 2010 17:36:36 Task stopped
23. 3. 2010 17:36:41 Task started
23. 3. 2010 18:22:47 Detected: Trojan-Dropper.Win32.Agent.bkhq C:\Qoobox\Quarantine\C\Users\Dj Mirente\AppData\Roaming\cowboy.exe.vir
23. 3. 2010 18:22:48 Detected: Worm.Win32.VB.fi C:\Qoobox\Quarantine\D\autorun.inf.vir
23. 3. 2010 18:22:48 Detected: Rootkit.Win32.Tdss.ai C:\Qoobox\Quarantine\C\Windows\System32\drivers\nvstor.sys.vir
23. 3. 2010 18:22:51 Disinfected: Rootkit.Win32.Tdss.ai C:\Qoobox\Quarantine\C\Windows\System32\drivers\nvstor.sys.vir
23. 3. 2010 18:22:52 Disinfected: Rootkit.Win32.Tdss.ai C:\Qoobox\Quarantine\C\Windows\System32\drivers\nvstor.sys.vir
23. 3. 2010 18:22:52 Detected: Worm.Win32.VB.fi C:\Qoobox\Quarantine\E\autorun.inf.vir
23. 3. 2010 18:23:04 Deleted: Worm.Win32.VB.fi C:\Qoobox\Quarantine\D\autorun.inf.vir
23. 3. 2010 18:23:04 Deleted: Worm.Win32.VB.fi C:\Qoobox\Quarantine\E\autorun.inf.vir
23. 3. 2010 18:23:26 Deleted: Trojan-Dropper.Win32.Agent.bkhq C:\Qoobox\Quarantine\C\Users\Dj Mirente\AppData\Roaming\cowboy.exe.vir
23. 3. 2010 20:44:59 Task stopped
23. 3. 2010 20:45:35 Task started
23. 3. 2010 21:15:05 Detected: Trojan.Win32.Agent.wmy D:\software\Hack\Shadylog-Keylogger\logger_tray.exe
23. 3. 2010 21:15:05 Detected: Trojan.Win32.Agent.vvl D:\software\Hack\Shadylog-Keylogger\logger_tray_deb.exe
23. 3. 2010 21:15:32 Deleted: Trojan.Win32.Agent.vvl D:\software\Hack\Shadylog-Keylogger\logger_tray_deb.exe
23. 3. 2010 21:15:54 Deleted: Trojan.Win32.Agent.wmy D:\software\Hack\Shadylog-Keylogger\logger_tray.exe
23. 3. 2010 21:28:31 Detected: Trojan-Dropper.Win32.StartPage.co D:\software\Software\Icq Haluze\Black Glas_mc.exe/PE_Patch.UPX/UPX
23. 3. 2010 21:28:58 Detected: Trojan.Win32.StartPage.hlr D:\software\Software\Icq Haluze\Ganja Skin_mc.exe/PE_Patch.UPX/UPX/data0000.res/data0011.res
23. 3. 2010 21:29:26 Deleted: Trojan.Win32.StartPage.hlr D:\software\Software\Icq Haluze\Ganja Skin_mc.exe
23. 3. 2010 21:29:35 Deleted: Trojan-Dropper.Win32.StartPage.co D:\software\Software\Icq Haluze\Black Glas_mc.exe
23. 3. 2010 21:29:35 Detected: HackTool.Win32.ICQPass.aw D:\software\Software\Icq Haluze\ICQ Ignore Checker.exe
23. 3. 2010 21:29:40 Deleted: HackTool.Win32.ICQPass.aw D:\software\Software\Icq Haluze\ICQ Ignore Checker.exe
23. 3. 2010 21:29:40 Detected: HackTool.Win32.ICQPass.av D:\software\Software\Icq Haluze\ICQ Status Checker.exe
23. 3. 2010 21:29:45 Deleted: HackTool.Win32.ICQPass.av D:\software\Software\Icq Haluze\ICQ Status Checker.exe
23. 3. 2010 21:29:47 Detected: Backdoor.Win32.Shark.giz D:\software\Software\Icq Haluze\ICQAwayReader.exe/ASPack
23. 3. 2010 21:30:06 Deleted: Backdoor.Win32.Shark.giz D:\software\Software\Icq Haluze\ICQAwayReader.exe
23. 3. 2010 21:30:14 Detected: Trojan-Dropper.Win32.StartPage.et D:\software\Software\Icq Haluze\Vista Skin_mc.exe/PE_Patch.UPX/UPX
23. 3. 2010 21:30:14 Detected: Trojan-Dropper.Win32.StartPage.is D:\software\Software\Icq Haluze\Vista Skin v3 NEW_mc.exe/PE_Patch.UPX/UPX
23. 3. 2010 21:30:15 Deleted: Trojan-Dropper.Win32.StartPage.is D:\software\Software\Icq Haluze\Vista Skin v3 NEW_mc.exe
23. 3. 2010 21:30:15 Deleted: Trojan-Dropper.Win32.StartPage.et D:\software\Software\Icq Haluze\Vista Skin_mc.exe
23. 3. 2010 21:30:17 Detected: Trojan.Win32.StartPage.hlr D:\software\Software\Icq Haluze\White elegant_mc.exe/PE_Patch.UPX/UPX/data0000.res/data0011.res
23. 3. 2010 21:30:24 Deleted: Trojan.Win32.StartPage.hlr D:\software\Software\Icq Haluze\White elegant_mc.exe
23. 3. 2010 21:30:51 Detected: Trojan.Win32.VB.qmb D:\software\Software\PowerDVD_Ultra_9.0.1501\PowerDVD Ultra 9.0.1501\CyberLink_PowerDVD9_Ultra.exe/data0002
23. 3. 2010 21:48:50 Deleted: Trojan.Win32.VB.qmb D:\software\Software\PowerDVD_Ultra_9.0.1501\PowerDVD Ultra 9.0.1501\CyberLink_PowerDVD9_Ultra.exe
23. 3. 2010 21:50:17 Detected: Worm.Win32.VB.fi D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP101\A0045879.inf
23. 3. 2010 21:50:17 Detected: Worm.Win32.AutoRun.rja D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP102\A0045975.inf
23. 3. 2010 21:50:17 Detected: Worm.Win32.AutoRun.rja D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP103\A0046047.inf
23. 3. 2010 21:50:32 Deleted: Worm.Win32.AutoRun.rja D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP102\A0045975.inf
23. 3. 2010 21:50:32 Detected: Worm.Win32.AutoRun.rja D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP103\A0046104.inf
23. 3. 2010 21:50:32 Deleted: Worm.Win32.AutoRun.rja D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP103\A0046047.inf
23. 3. 2010 21:50:32 Deleted: Worm.Win32.AutoRun.rja D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP103\A0046104.inf
23. 3. 2010 21:50:32 Detected: Worm.Win32.AutoRun.rja D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP104\A0046235.inf
23. 3. 2010 21:50:32 Deleted: Worm.Win32.AutoRun.rja D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP104\A0046235.inf
23. 3. 2010 21:50:33 Detected: Worm.Win32.AutoRun.rja D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP105\A0046336.inf
23. 3. 2010 21:50:33 Detected: Worm.Win32.AutoRun.rja D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP105\A0046410.inf
23. 3. 2010 21:50:33 Deleted: Worm.Win32.AutoRun.rja D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP105\A0046336.inf
23. 3. 2010 21:50:33 Detected: Worm.Win32.AutoRun.rja D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP105\A0046442.inf
23. 3. 2010 21:50:33 Deleted: Worm.Win32.AutoRun.rja D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP105\A0046410.inf
23. 3. 2010 21:50:33 Deleted: Worm.Win32.AutoRun.rja D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP105\A0046442.inf
23. 3. 2010 21:50:33 Detected: Worm.Win32.AutoRun.ets D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP106\A0046478.inf
23. 3. 2010 21:50:33 Deleted: Worm.Win32.AutoRun.ets D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP106\A0046478.inf
23. 3. 2010 21:50:33 Detected: Trojan-Dropper.Win32.Agent.afdh D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP106\A0046563.cmd
23. 3. 2010 21:50:33 Detected: Worm.Win32.AutoRun.rja D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP106\A0046565.inf
23. 3. 2010 21:50:34 Deleted: Trojan-Dropper.Win32.Agent.afdh D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP106\A0046563.cmd
23. 3. 2010 21:50:34 Deleted: Worm.Win32.AutoRun.rja D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP106\A0046565.inf
23. 3. 2010 21:50:34 Detected: Trojan-Dropper.Win32.Agent.afdh D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP106\A0046813.cmd
23. 3. 2010 21:50:34 Detected: Worm.Win32.AutoRun.rja D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP106\A0046814.inf
23. 3. 2010 21:50:34 Deleted: Trojan-Dropper.Win32.Agent.afdh D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP106\A0046813.cmd
23. 3. 2010 21:50:35 Deleted: Worm.Win32.AutoRun.rja D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP106\A0046814.inf
23. 3. 2010 21:50:35 Detected: Trojan-Dropper.Win32.Agent.afdh D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP107\A0046837.cmd
23. 3. 2010 21:50:35 Detected: Worm.Win32.AutoRun.rja D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP107\A0046838.inf
23. 3. 2010 21:50:36 Deleted: Trojan-Dropper.Win32.Agent.afdh D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP107\A0046837.cmd
23. 3. 2010 21:50:36 Deleted: Worm.Win32.AutoRun.rja D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP107\A0046838.inf
23. 3. 2010 21:50:36 Detected: Trojan-Dropper.Win32.Agent.afdh D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP107\A0046913.cmd
23. 3. 2010 21:50:36 Detected: Worm.Win32.AutoRun.rja D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP107\A0046915.inf
23. 3. 2010 21:50:37 Deleted: Trojan-Dropper.Win32.Agent.afdh D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP107\A0046913.cmd
23. 3. 2010 21:50:38 Deleted: Worm.Win32.AutoRun.rja D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP107\A0046915.inf
23. 3. 2010 21:50:39 Detected: Worm.Win32.AutoRun.yzc D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP108\A0046952.inf
23. 3. 2010 21:50:40 Deleted: Worm.Win32.AutoRun.yzc D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP108\A0046952.inf
23. 3. 2010 21:50:40 Detected: Worm.Win32.AutoRun.yzc D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP109\A0047046.inf
23. 3. 2010 21:50:40 Deleted: Worm.Win32.AutoRun.yzc D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP109\A0047046.inf
23. 3. 2010 21:50:41 Detected: Worm.Win32.AutoRun.yzc D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP109\A0047140.inf
23. 3. 2010 21:50:41 Deleted: Worm.Win32.AutoRun.yzc D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP109\A0047140.inf
23. 3. 2010 21:50:41 Detected: Worm.Win32.AutoRun.yzc D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP109\A0047212.inf
23. 3. 2010 21:50:42 Deleted: Worm.Win32.AutoRun.yzc D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP109\A0047212.inf
23. 3. 2010 21:50:48 Detected: Trojan-GameThief.Win32.Magania.atzj D:\System Volume Information\_restore{C5B228DB-B238-4E7F-8C78-EC7FC4FC39B1}\RP1\A0000015.com
23. 3. 2010 21:50:48 Detected: Worm.Win32.VB.fi D:\System Volume Information\_restore{C5B228DB-B238-4E7F-8C78-EC7FC4FC39B1}\RP1\A0000016.inf
23. 3. 2010 21:50:49 Deleted: Trojan-GameThief.Win32.Magania.atzj D:\System Volume Information\_restore{C5B228DB-B238-4E7F-8C78-EC7FC4FC39B1}\RP1\A0000015.com
23. 3. 2010 21:50:50 Deleted: Worm.Win32.VB.fi D:\System Volume Information\_restore{C5B228DB-B238-4E7F-8C78-EC7FC4FC39B1}\RP1\A0000016.inf
23. 3. 2010 21:50:56 Deleted: Worm.Win32.VB.fi D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP101\A0045879.inf
23. 3. 2010 22:35:19 Task completed
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
poprosim kontrolu - samo otvara browser
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: poprosim kontrolu - samo otvara browser
Jak to ted vypadá s počítačem? Pokud nejste proti, udělala bych jetě test na rootkity 
.
Používáte Daemon nebo alcohol?
Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:
ComboFix /Uninstall
-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
***********
Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
***********
Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner
záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít
Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
***********
Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech
.Používáte Daemon nebo alcohol?
Odinstalujte combofix přes Start - Spustit- zkopírujte do okénka:
ComboFix /Uninstall
-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
***********
Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
***********
Z mého podpisu stahněte Ccleaner- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner
záložka Registry- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy
ok zavřít Záložka Nástroje- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
***********
Stahněte OTC a použijtehttp://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: poprosim kontrolu - samo otvara browser
Okej spravil som vsetko dakujem
dakujemRe: poprosim kontrolu - samo otvara browser
Jak to ted vypadá s počítačem? Pokud nejste proti, udělala bych jetě test na rootkity
Používáte Daemon nebo alcohol?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: poprosim kontrolu - samo otvara browser
Kludne mozeme pretoze by som chcel mat pc cisty
pretoze by som chcel mat pc cisty Re: poprosim kontrolu - samo otvara browser
Ještě Vám skáčou ty stránky? Daemona nebo alcohol používáte?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: poprosim kontrolu - samo otvara browser
stranky zatial nie nevyskakuju a nepouzivam daemona a alcohol pretoze na Win 7 mi to nechce ist
Re: poprosim kontrolu - samo otvara browser
Děkuji za odpověd
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: poprosim kontrolu - samo otvara browser
Teraz uz musim ist spat tak rano sa tomu venujem znova zatial dakujem
log 1
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-23 23:23:02
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\DJMIRE~1\AppData\Local\Temp\kwdoquod.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x3a384890 size 0x1ac
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys
---- EOF - GMER 1.0.15 ----
log 2
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-23 23:33:19
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\DJMIRE~1\AppData\Local\Temp\kwdoquod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x88EF6CDE]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x88EF6ED0]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x88EF70D8]
SSDT \SystemRoot\system32\drivers\TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0x88F3CB30]
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2AAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C132D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C12898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2AF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2B1A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C8A579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CAEF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 32C 82CB682C 8 Bytes [DE, 6C, EF, 88, D0, 6E, EF, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 364 82CB6864 4 Bytes [D8, 70, EF, 88]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82CB6CB8 4 Bytes [30, CB, F3, 88]
? \Device\Harddisk0\Partition1\Windows\system32\drivers\PctWfpFilter.sys Systém nemôže nájsť zadanú cestu. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F614340, 0x411407, 0xE8000020]
.text C:\Windows\system32\drivers\ACEDRV07.sys section is writeable [0x90E34000, 0x328BA, 0xE8000020]
.pklstb C:\Windows\system32\drivers\ACEDRV07.sys entry point in ".pklstb" section [0x90E78000]
.relo2 C:\Windows\system32\drivers\ACEDRV07.sys unknown last section [0x90E94000, 0x8E, 0x42000040]
.text peauth.sys 99E08C9D 28 Bytes JMP 15943D94
.text peauth.sys 99E08CC1 28 Bytes JMP 15943D94
.text C:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0x99ED3000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0x99EF6050]
? C:\Windows\system32\Drivers\PROCEXP113.SYS Systém nemôže nájsť zadaný súbor. !
? system32\DRIVERS\2586557.sys Systém nemôže nájsť zadanú cestu. !
? system32\DRIVERS\25865571.sys Systém nemôže nájsť zadanú cestu. !
? system32\DRIVERS\25865572.sys Systém nemôže nájsť zadanú cestu. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[620] USER32.dll!UnhookWindowsHookEx 76B0CC7B 5 Bytes JMP 69A87E18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[620] USER32.dll!CallNextHookEx 76B0CC8F 5 Bytes JMP 69A694EC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[620] USER32.dll!CreateWindowExW 76B10E51 5 Bytes JMP 69A77AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[620] USER32.dll!SetWindowsHookExW 76B1210A 5 Bytes JMP 69A24243 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[620] USER32.dll!DialogBoxIndirectParamW 76B34AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[620] USER32.dll!DialogBoxIndirectParamW 76B34AA7 5 Bytes JMP 69BC58AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[620] USER32.dll!DialogBoxParamW 76B3564A 5 Bytes JMP 6999490B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[620] USER32.dll!DialogBoxParamA 76B4CF6A 5 Bytes JMP 69BC5848 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[620] USER32.dll!DialogBoxIndirectParamA 76B4D29C 5 Bytes JMP 69BC590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[620] USER32.dll!MessageBoxIndirectA 76B5E8C9 5 Bytes JMP 69BC57DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[620] USER32.dll!MessageBoxIndirectW 76B5E9C3 5 Bytes JMP 69BC5772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[620] USER32.dll!MessageBoxExA 76B5EA29 5 Bytes JMP 69BC5710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[620] USER32.dll!MessageBoxExW 76B5EA4D 5 Bytes JMP 69BC56AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[620] ole32.dll!OleLoadFromStream 76DD5B88 5 Bytes JMP 69BC5B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[620] ole32.dll!CoCreateInstance 76E257FC 5 Bytes JMP 69A78595 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3340] USER32.dll!CreateWindowExW 76B10E51 5 Bytes JMP 69A77AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3340] USER32.dll!DialogBoxIndirectParamW 76B34AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3340] USER32.dll!DialogBoxIndirectParamW 76B34AA7 5 Bytes JMP 69BC58AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3340] USER32.dll!DialogBoxParamW 76B3564A 5 Bytes JMP 6999490B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3340] USER32.dll!DialogBoxParamA 76B4CF6A 5 Bytes JMP 69BC5848 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3340] USER32.dll!DialogBoxIndirectParamA 76B4D29C 5 Bytes JMP 69BC590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3340] USER32.dll!MessageBoxIndirectA 76B5E8C9 5 Bytes JMP 69BC57DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3340] USER32.dll!MessageBoxIndirectW 76B5E9C3 5 Bytes JMP 69BC5772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3340] USER32.dll!MessageBoxExA 76B5EA29 5 Bytes JMP 69BC5710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3340] USER32.dll!MessageBoxExW 76B5EA4D 5 Bytes JMP 69BC56AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3340] ole32.dll!OleLoadFromStream 76DD5B88 5 Bytes JMP 69BC5B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Winamp\winamp.exe[3828] USER32.dll!SetScrollRange 76B0AE3C 5 Bytes JMP 0658C71A C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[3828] USER32.dll!GetScrollInfo 76B15151 7 Bytes JMP 0658C64C C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[3828] USER32.dll!SetScrollInfo 76B16632 7 Bytes JMP 0658C6C4 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[3828] USER32.dll!GetScrollRange 76B31B6C 5 Bytes JMP 0658C699 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[3828] USER32.dll!SetScrollPos 76B31BD0 5 Bytes JMP 0658C6EF C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[3828] USER32.dll!GetScrollPos 76B3252B 5 Bytes JMP 0658C674 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[3828] USER32.dll!EnableScrollBar 76B3386D 7 Bytes JMP 0658C624 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[3828] USER32.dll!ShowScrollBar 76B35785 5 Bytes JMP 0658C748 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [04992DF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [04992E30] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [04992CF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CloseHandle] [0496C3F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [04992D20] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [0496BB60] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [04992DC0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] [0496C5B0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!ReadFile] [0496C4F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [04992DF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CloseHandle] [0496C3F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!ReadFile] [0496C4F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [0496C040] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [04992DC0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [04992E30] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [04992D20] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [0496BB60] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [04992DF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [04992CF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [04992D20] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [04992E30] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CloseHandle] [0496C3F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] [0496C5B0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [0496BB60] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [04992D20] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] [0496C5B0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReadFile] [0496C4F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [04992CF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [04992DF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [0496BB60] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [0496B950] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [04992E30] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [04992DC0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CloseHandle] [0496C3F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [0496A1A0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [0496A1A0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHELL32.dll [USER32.dll!MessageBoxIndirectW] [0496B1D0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [04992CF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [04992D20] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] [0496A1A0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [04992D20] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [04992CF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [0496B950] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [04992DF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!ReadFile] [0496C4F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] [0496C5B0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CloseHandle] [0496C3F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [0496BB60] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [04992DC0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [04992CF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [04992E30] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [04992D20] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [04992DF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [04992E30] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [04992CF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CloseHandle] [0496C3F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!ReadFile] [0496C4F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileA] [0496B950] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileW] [0496BB60] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!WriteFile] [0496C5B0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\WININET.dll [USER32.dll!DialogBoxParamW] [0496A1A0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\inetmib1.dll [KERNEL32.dll!CloseHandle] [0496C3F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!LoadLibraryExA] [04992DC0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [04992E30] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Windows\system32\rundll32.exe[1356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74FD5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1356] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74FD5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74FD5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74FD5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1656] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74FD5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1656] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74FD5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1656] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74FD5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1656] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74FD5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1656] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74FD5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [73CF250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [73CF2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [73CD5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [73CD56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73CE8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [73CE4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [73CE50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [73CE51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73CE66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73CE82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73CE8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73CE907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73CEE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [73CE4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3248] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74FD5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3248] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74FD5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3248] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74FD5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3248] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74FD5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\QIP Infium\infium.exe[6672] @ C:\Windows\system32\user32.dll [KERNEL32.dll!CreateThread] [00450220] C:\Program Files\QIP Infium\infium.exe (QIP Infium/QIP)
IAT C:\Program Files\QIP Infium\infium.exe[6672] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [00450220] C:\Program Files\QIP Infium\infium.exe (QIP Infium/QIP)
IAT C:\Program Files\QIP Infium\infium.exe[6672] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [00450424] C:\Program Files\QIP Infium\infium.exe (QIP Infium/QIP)
IAT C:\Program Files\QIP Infium\infium.exe[6672] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [00450424] C:\Program Files\QIP Infium\infium.exe (QIP Infium/QIP)
IAT C:\Program Files\QIP Infium\infium.exe[6672] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!CreateThread] [00450220] C:\Program Files\QIP Infium\infium.exe (QIP Infium/QIP)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000005e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \FileSystem\setup_9.0.0.722_23.03.2010_18-47drv \FileSystem\Filters\setup_9.0.0.722_23.03.2010_18-47drv 2586557.sys
---- Modules - GMER 1.0.15 ----
Module (noname) (*** hidden *** ) 00400000-00400000 (0 bytes)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167000000
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167000000@347e39513cf9 0x6F 0x90 0xDA 0x54 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167000000 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167000000@347e39513cf9 0x6F 0x90 0xDA 0x54 ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x3a384890 size 0x1ac
---- EOF - GMER 1.0.15 ----
tak rano sa tomu venujem znova zatial dakujemlog 1
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-23 23:23:02
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\DJMIRE~1\AppData\Local\Temp\kwdoquod.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x3a384890 size 0x1ac
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys
---- EOF - GMER 1.0.15 ----
log 2
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-23 23:33:19
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\DJMIRE~1\AppData\Local\Temp\kwdoquod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x88EF6CDE]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x88EF6ED0]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x88EF70D8]
SSDT \SystemRoot\system32\drivers\TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0x88F3CB30]
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2AAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C132D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C12898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2AF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2B1A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C8A579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CAEF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 32C 82CB682C 8 Bytes [DE, 6C, EF, 88, D0, 6E, EF, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 364 82CB6864 4 Bytes [D8, 70, EF, 88]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82CB6CB8 4 Bytes [30, CB, F3, 88]
? \Device\Harddisk0\Partition1\Windows\system32\drivers\PctWfpFilter.sys Systém nemôže nájsť zadanú cestu. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F614340, 0x411407, 0xE8000020]
.text C:\Windows\system32\drivers\ACEDRV07.sys section is writeable [0x90E34000, 0x328BA, 0xE8000020]
.pklstb C:\Windows\system32\drivers\ACEDRV07.sys entry point in ".pklstb" section [0x90E78000]
.relo2 C:\Windows\system32\drivers\ACEDRV07.sys unknown last section [0x90E94000, 0x8E, 0x42000040]
.text peauth.sys 99E08C9D 28 Bytes JMP 15943D94
.text peauth.sys 99E08CC1 28 Bytes JMP 15943D94
.text C:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0x99ED3000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0x99EF6050]
? C:\Windows\system32\Drivers\PROCEXP113.SYS Systém nemôže nájsť zadaný súbor. !
? system32\DRIVERS\2586557.sys Systém nemôže nájsť zadanú cestu. !
? system32\DRIVERS\25865571.sys Systém nemôže nájsť zadanú cestu. !
? system32\DRIVERS\25865572.sys Systém nemôže nájsť zadanú cestu. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[620] USER32.dll!UnhookWindowsHookEx 76B0CC7B 5 Bytes JMP 69A87E18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[620] USER32.dll!CallNextHookEx 76B0CC8F 5 Bytes JMP 69A694EC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[620] USER32.dll!CreateWindowExW 76B10E51 5 Bytes JMP 69A77AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[620] USER32.dll!SetWindowsHookExW 76B1210A 5 Bytes JMP 69A24243 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[620] USER32.dll!DialogBoxIndirectParamW 76B34AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[620] USER32.dll!DialogBoxIndirectParamW 76B34AA7 5 Bytes JMP 69BC58AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[620] USER32.dll!DialogBoxParamW 76B3564A 5 Bytes JMP 6999490B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[620] USER32.dll!DialogBoxParamA 76B4CF6A 5 Bytes JMP 69BC5848 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[620] USER32.dll!DialogBoxIndirectParamA 76B4D29C 5 Bytes JMP 69BC590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[620] USER32.dll!MessageBoxIndirectA 76B5E8C9 5 Bytes JMP 69BC57DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[620] USER32.dll!MessageBoxIndirectW 76B5E9C3 5 Bytes JMP 69BC5772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[620] USER32.dll!MessageBoxExA 76B5EA29 5 Bytes JMP 69BC5710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[620] USER32.dll!MessageBoxExW 76B5EA4D 5 Bytes JMP 69BC56AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[620] ole32.dll!OleLoadFromStream 76DD5B88 5 Bytes JMP 69BC5B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[620] ole32.dll!CoCreateInstance 76E257FC 5 Bytes JMP 69A78595 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3340] USER32.dll!CreateWindowExW 76B10E51 5 Bytes JMP 69A77AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3340] USER32.dll!DialogBoxIndirectParamW 76B34AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3340] USER32.dll!DialogBoxIndirectParamW 76B34AA7 5 Bytes JMP 69BC58AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3340] USER32.dll!DialogBoxParamW 76B3564A 5 Bytes JMP 6999490B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3340] USER32.dll!DialogBoxParamA 76B4CF6A 5 Bytes JMP 69BC5848 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3340] USER32.dll!DialogBoxIndirectParamA 76B4D29C 5 Bytes JMP 69BC590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3340] USER32.dll!MessageBoxIndirectA 76B5E8C9 5 Bytes JMP 69BC57DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3340] USER32.dll!MessageBoxIndirectW 76B5E9C3 5 Bytes JMP 69BC5772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3340] USER32.dll!MessageBoxExA 76B5EA29 5 Bytes JMP 69BC5710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3340] USER32.dll!MessageBoxExW 76B5EA4D 5 Bytes JMP 69BC56AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3340] ole32.dll!OleLoadFromStream 76DD5B88 5 Bytes JMP 69BC5B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Winamp\winamp.exe[3828] USER32.dll!SetScrollRange 76B0AE3C 5 Bytes JMP 0658C71A C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[3828] USER32.dll!GetScrollInfo 76B15151 7 Bytes JMP 0658C64C C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[3828] USER32.dll!SetScrollInfo 76B16632 7 Bytes JMP 0658C6C4 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[3828] USER32.dll!GetScrollRange 76B31B6C 5 Bytes JMP 0658C699 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[3828] USER32.dll!SetScrollPos 76B31BD0 5 Bytes JMP 0658C6EF C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[3828] USER32.dll!GetScrollPos 76B3252B 5 Bytes JMP 0658C674 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[3828] USER32.dll!EnableScrollBar 76B3386D 7 Bytes JMP 0658C624 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[3828] USER32.dll!ShowScrollBar 76B35785 5 Bytes JMP 0658C748 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [04992DF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [04992E30] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [04992CF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CloseHandle] [0496C3F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [04992D20] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [0496BB60] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [04992DC0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] [0496C5B0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!ReadFile] [0496C4F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [04992DF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CloseHandle] [0496C3F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!ReadFile] [0496C4F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [0496C040] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [04992DC0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [04992E30] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [04992D20] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [0496BB60] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [04992DF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [04992CF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [04992D20] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [04992E30] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CloseHandle] [0496C3F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] [0496C5B0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [0496BB60] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [04992D20] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] [0496C5B0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReadFile] [0496C4F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [04992CF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [04992DF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [0496BB60] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [0496B950] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [04992E30] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [04992DC0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CloseHandle] [0496C3F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [0496A1A0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [0496A1A0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHELL32.dll [USER32.dll!MessageBoxIndirectW] [0496B1D0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [04992CF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [04992D20] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] [0496A1A0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [04992D20] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [04992CF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [0496B950] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [04992DF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!ReadFile] [0496C4F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] [0496C5B0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CloseHandle] [0496C3F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [0496BB60] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [04992DC0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [04992CF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [04992E30] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [04992D20] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [04992DF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [04992E30] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [04992CF0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CloseHandle] [0496C3F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!ReadFile] [0496C4F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileA] [0496B950] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileW] [0496BB60] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!WriteFile] [0496C5B0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\WININET.dll [USER32.dll!DialogBoxParamW] [0496A1A0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\system32\inetmib1.dll [KERNEL32.dll!CloseHandle] [0496C3F0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!LoadLibraryExA] [04992DC0] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[620] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [04992E30] C:\Windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Windows\system32\rundll32.exe[1356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74FD5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1356] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74FD5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74FD5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74FD5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1656] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74FD5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1656] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74FD5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1656] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74FD5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1656] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74FD5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1656] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74FD5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [73CF250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [73CF2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [73CD5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [73CD56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73CE8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [73CE4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [73CE50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [73CE51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73CE66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73CE82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73CE8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73CE907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73CEE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[1972] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [73CE4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3248] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74FD5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3248] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74FD5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3248] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74FD5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3248] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74FD5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\QIP Infium\infium.exe[6672] @ C:\Windows\system32\user32.dll [KERNEL32.dll!CreateThread] [00450220] C:\Program Files\QIP Infium\infium.exe (QIP Infium/QIP)
IAT C:\Program Files\QIP Infium\infium.exe[6672] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [00450220] C:\Program Files\QIP Infium\infium.exe (QIP Infium/QIP)
IAT C:\Program Files\QIP Infium\infium.exe[6672] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [00450424] C:\Program Files\QIP Infium\infium.exe (QIP Infium/QIP)
IAT C:\Program Files\QIP Infium\infium.exe[6672] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [00450424] C:\Program Files\QIP Infium\infium.exe (QIP Infium/QIP)
IAT C:\Program Files\QIP Infium\infium.exe[6672] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!CreateThread] [00450220] C:\Program Files\QIP Infium\infium.exe (QIP Infium/QIP)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000005e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \FileSystem\setup_9.0.0.722_23.03.2010_18-47drv \FileSystem\Filters\setup_9.0.0.722_23.03.2010_18-47drv 2586557.sys
---- Modules - GMER 1.0.15 ----
Module (noname) (*** hidden *** ) 00400000-00400000 (0 bytes)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167000000
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167000000@347e39513cf9 0x6F 0x90 0xDA 0x54 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167000000 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167000000@347e39513cf9 0x6F 0x90 0xDA 0x54 ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x3a384890 size 0x1ac
---- EOF - GMER 1.0.15 ----
Re: poprosim kontrolu - samo otvara browser
Dobrou noc
Zítra Vás ještě trošku potrápím
stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu a spusťte
-vytvoří se log s názvem mbr.log, vložte ho zde
Zítra Vás ještě trošku potrápím
stáhněte MBR http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu a spusťte
-vytvoří se log s názvem mbr.log, vložte ho zde
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: poprosim kontrolu - samo otvara browser
Pekné ráno
tu je ten log z mbr
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
malicious code @ sector 0x3a384890 size 0x1ac !
tu je ten log z mbr
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
malicious code @ sector 0x3a384890 size 0x1ac !
Re: poprosim kontrolu - samo otvara browser
Stáhněte http://rootrepeal.googlepages.com/RootRepeal.zip
-Stáhněte,rozbalte a spusťte
-vyberte záložku Files, klikněte na Scan,
-proběhne sken, po něm klikněte na Save Report , tím se uloží log, který zkopírujete sem
-postupně vyberte všechny záložky a udělejte skeny.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: poprosim kontrolu - samo otvara browser
hádže mi error 
Re: poprosim kontrolu - samo otvara browser
Asi má problém s win7 
Jak to ted vypadá s počítačem?
Já ještě něco pohledám a ozvu se
Jak to ted vypadá s počítačem?
Já ještě něco pohledám a ozvu se
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: poprosim kontrolu - samo otvara browser
no vyzera to zatial tak ze je vsetko v poriadku, zatial ani stanku nevyhodilu samo ziadnu tak pohode
Přispějete na provoz fóra?