Restartovani Pc

[cernohous13]

Nastavení mám takto a při mluvení do mikrofonu ti musí běhat zelený ukazatel úrovně signálu ve žlutě označeném poli.

Skype-mikr.png (29.3 KiB) Zobrazeno 2190 x

Takže otestuj jak pracuje mikrofon - všechny tři soupravy

[Y0G1]

nastavene to mam zitra skusim jeste bych se chtel zeptat o nejaku optimalizaciu systemu popripade boostu pc respk vypnuti danych veci pri hrani aby mi to slo plnylejc a jestli je nejaky takovy program jestli se mohu optat sem nechci zakladat 2 topicy nove kvuli zvuku a kvuli pc . dakujem

[cernohous13]

Udělej mi aktuální RSIT - zatím z předchozích logů nevidím nic závadného - motji ti to vyčistila

[Y0G1]

jj chystam se i na combo fix na kontrolu

ty veci sem ymslel nepotrebne veci vypnuti co zerou pamet nebo tak

[cernohous13]

můžeš i ComboFix - stáhni si aktuální verzi

[Y0G1]

jasny rozumiem ale combofix a rsit tady co sou odkazy mi nejdou stranku nelze zobrazit takze ak by nekdo mnel funkcni linky

[cernohous13]

http://subs.geekstogo.com/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

Můžeš ho stáhnout na jiném PC a přenést na flešce přejmenovaný na zmije.com?


Stejně tak přenes do PC
Stáhni Rkill z jednoho z odkazů, pokud by ho vir blokoval, zkus stáhnout jiný

Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif

Jdi do nouzového režimu
-spusť Rkill a nechej ho pracovat. Sám se ukončí.

- Teď nesmíš restartovat počítač!

Spusť zmije.com

[Y0G1]

fuha osobne sem nikdy v nuzovem rezimu nebyl a taky nwm jak se spousti ten zmije .com ej vlastne co? oba soubory aj combo fix mam mam sem hodit ten log s combo fixu?

[cernohous13]

http://subs.geekstogo.com/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
Můžeš ho stáhnout na jiném PC a přenést na flešce přejmenovaný na zmije.com?
..............................
Spusť zmije.com

Jestli se ti podařilo stáhnout a spustit ComboFix, tak sem dej log.

[Y0G1]

ComboFix 11-05-16.04 - Martin 17.05.2011 18:29:39.8.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.767 [GMT 2:00]
Running from: c:\documents and settings\Martin\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-17 to 2011-05-17 )))))))))))))))))))))))))))))))
.
.
2011-05-15 15:28 . 2011-05-15 15:28 -------- d-----w- c:\documents and settings\Martin\Application Data\IObit
2011-05-15 15:28 . 2011-05-15 15:28 -------- d-----w- c:\program files\IObit
2011-05-15 15:27 . 2011-05-15 15:27 -------- d-----w- c:\documents and settings\All Users\Uniblue
2011-05-15 15:26 . 2011-05-15 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-05-14 06:49 . 2011-05-15 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2011-05-14 06:48 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-05-14 06:48 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-05-12 12:40 . 2011-05-12 17:09 -------- d--h--w- c:\windows\msdownld.tmp
2011-05-12 12:40 . 2011-05-12 17:17 -------- d-----w- c:\documents and settings\Martin\Application Data\RIFT
2011-05-10 11:37 . 2011-05-10 11:37 -------- d-----w- c:\documents and settings\Martin\.system32
2011-05-06 07:31 . 2008-04-14 03:41 33792 -c----w- c:\windows\system32\dllcache\custsat.dll
2011-05-06 07:30 . 2008-04-13 22:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2011-05-06 07:29 . 2006-12-28 22:31 19569 ----a-w- c:\windows\005454_.tmp
2011-05-05 16:42 . 2011-05-05 16:42 -------- d-----w- C:\rsit
2011-05-05 16:42 . 2011-05-05 16:42 -------- d-----w- c:\program files\trend micro
2011-04-21 19:35 . 2011-04-21 19:35 -------- d-----w- c:\windows\SoftwareProtection
2011-04-19 17:03 . 2011-04-19 17:03 -------- d-----w- c:\documents and settings\Martin\Application Data\vlc
2011-04-19 11:34 . 2011-04-19 11:34 -------- d-----w- c:\documents and settings\Martin\Local Settings\Application Data\Help
2011-04-18 12:39 . 2011-04-18 12:42 2829 ----a-w- c:\windows\War3Unin.pif
2011-04-18 12:39 . 2011-04-18 12:42 139264 ----a-w- c:\windows\War3Unin.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-26 16:49 . 2011-04-08 19:46 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-26 16:49 . 2011-04-08 19:51 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-26 16:49 . 2011-04-08 19:45 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-26 15:55 . 2011-04-08 19:45 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-21 18:59 . 2011-04-08 19:46 22328 ----a-w- c:\documents and settings\Martin\Application Data\PnkBstrK.sys
2011-04-05 08:20 . 2011-04-05 08:20 146 ----a-w- c:\windows\DelMR.bat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-15 19:02 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\programy\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\programy\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-01-07 17:56 13880424 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-01-07 17:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-11-04 06:51 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programy\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6756:TCP"= 6756:TCP:rvgbebls
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.11.2010 16:55 691696]
S2 jzmwnkm;Center Task;c:\windows\system32\svchost.exe -k netsvcs [23.8.2001 14:00 14336]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\programy\Garena\safedrv.sys --> c:\programy\Garena\safedrv.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
jzmwnkm
.
.
------- Supplementary Scan -------
.
uSearchAssistant =
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\ghya889f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - azet.sk
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DriverScanner - c:\programy\DriverScanner\launcher.exe
MSConfigStartUp-Pando Media Booster - c:\program files\Pando Networks\Media Booster\PMB.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-17 18:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jzmwnkm]
"ServiceDll"="c:\windows\system32\oqhre.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-05-17 18:34:55
ComboFix-quarantined-files.txt 2011-05-17 16:34
.
Pre-Run: 59 104 096 256 bytes free
Post-Run: 59 108 667 392 bytes free
.
- - End Of File - - 798AD4AC1A0AD9824EB80135B57C682C

[cernohous13]

Stáhni OTM z jednoho odkazu a rozbal nejlépe na plochu.
http://oldtimer.geekstogo.com/OTM.exe
http://www.itxassociates.com/OT-Tools/OTM.exe

Spusť program „OTM.exe“ (pro Vistu a Win7 – pravým a „Run As Administrator“).
Do okna pod žlutou čáru vlož celý text zeleným písmem ze „Scriptu“

Klikni na červené „Moveit!“

Při nabídce restartu „YES“
a log potom najdeš v C:\_OTM\MovedFiles\

Script OTM

Kód: Vybrat vše

:Commands
[emptytemp]

:Files
c:\windows\005454_.tmp
rvgbebls /s
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
c:\windows\system32\oqhre.dll

:Reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"6756:TCP"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jzmwnkm]

:Services
jzmwnkm

[Y0G1]

nech sa paci



All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Martin
->Temp folder emptied: 67659 bytes
->Temporary Internet Files folder emptied: 413949 bytes
->FireFox cache emptied: 284695722 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 3338 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 272,00 mb

========== FILES ==========
File/Folder c:\windows\005454_.tmp not found.
File/Folder rvgbebls not found.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
LoadLibrary failed for c:\windows\system32\oqhre.dll
File move failed. c:\windows\system32\oqhre.dll scheduled to be moved on reboot.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\6756:TCP deleted successfully.
Registry key HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jzmwnkm\ deleted successfully.
========== SERVICES/DRIVERS ==========
Service jzmwnkm stopped successfully!
Service jzmwnkm deleted successfully!

OTM by OldTimer - Version 3.1.17.2 log created on 05182011_095804

Files moved on Reboot...
c:\windows\system32\oqhre.dll moved successfully.

Registry entries deleted on Reboot...

[cernohous13]

dalším krokem je Gmer

http://www.gmer.net/gmer.zip

Stáhni a rozbal přímo na C: a spusť
po ukonční scanu se zobrazí výsledek > "Save" > uloží log který zkopíruj do svého příspěvku.

dále:
Při zaškrtnutých všech položkách v pravém sloupci klik na "Scan"
po dokončení scanu opět "Save" > uloží se log který rovněž zkopíruj na fórum.

http://www.viry.cz/forum/viewtopic.php?f=29&t=62878 - kompletní návod

[Y0G1]

prvy log

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit quick scan 2011-05-18 11:06:28
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 MAXTOR_6L080L4 rev.A93.0500
Running: gmer.exe; Driver: C:\DOCUME~1\Martin\LOCALS~1\Temp\pfedrfow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- System - GMER 1.0.15 ----

SSDT spgg.sys ZwEnumerateKey [0xF72ACDA4]
SSDT spgg.sys ZwEnumerateValueKey [0xF72AD132]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 [F71D7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F71D7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F71D7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F71D7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F71D7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F71D7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b [F71D7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\axk4zdmm \Device\Scsi\axk4zdmm1 86A431F8
Device \Driver\axk4zdmm \Device\Scsi\axk4zdmm1Port5Path0Target0Lun0 86A431F8
Device \FileSystem\Ntfs \Ntfs 86D721F8
Device \FileSystem\Fastfat \Fat 860431F8

---- EOF - GMER 1.0.15 ----

[Y0G1]

druhy log


GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-18 11:11:42
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 MAXTOR_6L080L4 rev.A93.0500
Running: gmer.exe; Driver: C:\DOCUME~1\Martin\LOCALS~1\Temp\pfedrfow.sys


---- System - GMER 1.0.15 ----

SSDT spgg.sys ZwCreateKey [0xF72940E0]
SSDT spgg.sys ZwEnumerateKey [0xF72ACDA4]
SSDT spgg.sys ZwEnumerateValueKey [0xF72AD132]
SSDT spgg.sys ZwOpenKey [0xF72940C0]
SSDT spgg.sys ZwQueryKey [0xF72AD20A]
SSDT spgg.sys ZwQueryValueKey [0xF72AD08A]
SSDT spgg.sys ZwSetValueKey [0xF72AD29C]

INT 0x62 ? 86D73BF8
INT 0x63 ? 86BF2BF8
INT 0x73 ? 86BF2BF8
INT 0x82 ? 86D73BF8
INT 0x83 ? 86D73BF8
INT 0x83 ? 86D73BF8
INT 0x83 ? 86D73BF8

---- Kernel code sections - GMER 1.0.15 ----

? spgg.sys Systém nemôže nájsť zadaný súbor. !
.text USBPORT.SYS!DllUnload F70498AC 5 Bytes JMP 86BF21D8
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF63D53A0, 0x5FE082, 0xE8000020]
.text axk4zdmm.SYS F6388386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text axk4zdmm.SYS F63883AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text axk4zdmm.SYS F63883C4 3 Bytes [00, 80, 02]
.text axk4zdmm.SYS F63883C9 1 Byte [30]
.text axk4zdmm.SYS F63883C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Programy\Mozilla\firefox.exe[2228] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00401410 C:\Programy\Mozilla\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Programy\Mozilla\plugin-container.exe[2424] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 10698DD9 C:\Programy\Mozilla\xul.dll (Mozilla Foundation)
.text C:\Programy\Mozilla\plugin-container.exe[2424] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 10698D6B C:\Programy\Mozilla\xul.dll (Mozilla Foundation)
.text C:\Programy\Mozilla\plugin-container.exe[2424] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104C7187 C:\Programy\Mozilla\xul.dll (Mozilla Foundation)
.text C:\Programy\Mozilla\plugin-container.exe[2424] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104C7781 C:\Programy\Mozilla\xul.dll (Mozilla Foundation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7295042] spgg.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F729513E] spgg.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72950C0] spgg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7295800] spgg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72956D6] spgg.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72A4B90] spgg.sys
IAT \SystemRoot\System32\Drivers\axk4zdmm.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\axk4zdmm.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\axk4zdmm.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\axk4zdmm.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\axk4zdmm.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\axk4zdmm.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\axk4zdmm.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\axk4zdmm.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\axk4zdmm.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\axk4zdmm.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\axk4zdmm.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\axk4zdmm.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\axk4zdmm.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\axk4zdmm.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\axk4zdmm.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86D721F8
Device \FileSystem\Fastfat \FatCdrom 860431F8
Device \Driver\usbohci \Device\USBPDO-0 86BE11F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86DDF1F8
Device \Driver\dmio \Device\DmControl\DmConfig 86DDF1F8
Device \Driver\dmio \Device\DmControl\DmPnP 86DDF1F8
Device \Driver\dmio \Device\DmControl\DmInfo 86DDF1F8
Device \Driver\usbohci \Device\USBPDO-1 86BE11F8
Device \Driver\usbehci \Device\USBPDO-2 86B901F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{82E1B57E-D3D6-4597-B223-9532A75A4DAE} 860991F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 86D741F8
Device \Driver\Cdrom \Device\CdRom0 86B1A500
Device \Driver\atapi \Device\Ide\IdePort0 [F71D7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F71D7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F71D7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F71D7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F71D7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F71D7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b [F71D7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 86B1A500
Device \Driver\Cdrom \Device\CdRom2 86B1A500
Device \Driver\PCI_PNP4276 \Device\0000003d spgg.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 860991F8
Device \Driver\NetBT \Device\NetbiosSmb 860991F8
Device \Driver\sptd \Device\1537843026 spgg.sys
Device \Driver\usbohci \Device\USBFDO-0 86BE11F8
Device \Driver\usbohci \Device\USBFDO-1 86BE11F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8607F1F8
Device \Driver\usbehci \Device\USBFDO-2 86B901F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8607F1F8
Device \Driver\Ftdisk \Device\FtControl 86D741F8
Device \Driver\axk4zdmm \Device\Scsi\axk4zdmm1 86A431F8
Device \Driver\axk4zdmm \Device\Scsi\axk4zdmm1Port5Path0Target0Lun0 86A431F8
Device \FileSystem\Fastfat \Fat 860431F8
Device \FileSystem\Cdfs \Cdfs 860711F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programy\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0x10 0x3A 0x69 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x85 0xA8 0xD1 0x3D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA4 0xC8 0x20 0xBD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programy\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0x10 0x3A 0x69 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x85 0xA8 0xD1 0x3D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA4 0xC8 0x20 0xBD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programy\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0x10 0x3A 0x69 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x85 0xA8 0xD1 0x3D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA4 0xC8 0x20 0xBD ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- EOF - GMER 1.0.15 ----