Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
T8SoB.exe a 5a9v7.exe
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
-
JelenJelcin
- Návštěvník
- Příspěvky: 70
- Registrován: 01 črc 2010 14:27
.....-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
-
JelenJelcin
- Návštěvník
- Příspěvky: 70
- Registrován: 01 črc 2010 14:27
Re: T8SoB.exe a 5a9v7.exe
tu zkratku sem neznal ja myslle ze mam dat strat spustit a do spustit napsat (win + R) tak sem se divil proc to nejde 
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys
kernel: MBR read successfully
user & kernel MBR OK
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
-
JelenJelcin
- Návštěvník
- Příspěvky: 70
- Registrován: 01 črc 2010 14:27
Re: T8SoB.exe a 5a9v7.exe
ten velky se mi dela uz hodinu 
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
-
JelenJelcin
- Návštěvník
- Příspěvky: 70
- Registrován: 01 črc 2010 14:27
Re: T8SoB.exe a 5a9v7.exe
tak to asi necham pres noc 
protoze se mi uz 30 minut prohledava jenom CSS
protoze se mi uz 30 minut prohledava jenom CSS -
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
-
JelenJelcin
- Návštěvník
- Příspěvky: 70
- Registrován: 01 črc 2010 14:27
Re: T8SoB.exe a 5a9v7.exe
a chtel bych se zeptat jetl ise timdle zivite nebo to delate jen tak ve volnym case...
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
-
JelenJelcin
- Návštěvník
- Příspěvky: 70
- Registrován: 01 črc 2010 14:27
Re: T8SoB.exe a 5a9v7.exe
tak to klobouk dolu a dekuju ja bych si nedokazal v zivote poradit a uz mam ten test hotovy
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-02 14:05:14
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: D:\DOCUME~1\ondra\LOCALS~1\Temp\axtdypow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAE5FE6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAE5FE574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAE5FEA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAE5FE14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAE5FE64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAE5FE08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAE5FE0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAE5FE76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAE5FE72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAE5FE8AE]
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 150 804E27BC 4 Bytes JMP 83AAAE5F
.text D:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF71DA000, 0x18FFBC, 0xE8000020]
? D:\DOCUME~1\ondra\LOCALS~1\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !
---- User code sections - GMER 1.0.15 ----
.text D:\Program Files\Internet Explorer\iexplore.exe[304] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 414E5505 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[304] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 415B9A75 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[304] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 415AD101 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[304] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 415BDAC4 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[304] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4152466E D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[304] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 416B473F D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[304] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 416B4671 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[304] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 416B46DC D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[304] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 416B4542 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[304] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 416B45A4 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[304] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 416B47A2 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[304] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 416B4606 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[304] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 415BDB20 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[304] ole32.dll!OleLoadFromStream 77519C85 5 Bytes JMP 416B4AA7 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 414E5505 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 415B9A75 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 415AD101 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 415BDAC4 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4152466E D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 416B473F D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 416B4671 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 416B46DC D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 416B4542 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 416B45A4 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 416B47A2 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 416B4606 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 415BDB20 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] ole32.dll!OleLoadFromStream 77519C85 5 Bytes JMP 416B4AA7 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 414E5505 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 415BDAC4 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 416B473F D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 416B4671 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 416B46DC D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 416B4542 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 416B45A4 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 416B47A2 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 416B4606 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT D:\Program Files\Internet Explorer\iexplore.exe[304] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] D:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT D:\WINDOWS\system32\services.exe[1064] @ D:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT D:\WINDOWS\system32\services.exe[1064] @ D:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
IAT D:\Program Files\Internet Explorer\iexplore.exe[2928] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] D:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x82 0xAB 0x7B 0xA5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x63 0x16 0xE9 0xA5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x70 0x91 0x69 0x59 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x82 0xAB 0x7B 0xA5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x63 0x16 0xE9 0xA5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x70 0x91 0x69 0x59 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C1E7DF78-F317-C3FD-2E38-1849FAADEC67}
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-02 14:05:14
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: D:\DOCUME~1\ondra\LOCALS~1\Temp\axtdypow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAE5FE6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAE5FE574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAE5FEA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAE5FE14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAE5FE64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAE5FE08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAE5FE0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAE5FE76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAE5FE72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAE5FE8AE]
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 150 804E27BC 4 Bytes JMP 83AAAE5F
.text D:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF71DA000, 0x18FFBC, 0xE8000020]
? D:\DOCUME~1\ondra\LOCALS~1\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !
---- User code sections - GMER 1.0.15 ----
.text D:\Program Files\Internet Explorer\iexplore.exe[304] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 414E5505 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[304] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 415B9A75 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[304] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 415AD101 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[304] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 415BDAC4 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[304] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4152466E D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[304] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 416B473F D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[304] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 416B4671 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[304] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 416B46DC D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[304] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 416B4542 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[304] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 416B45A4 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[304] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 416B47A2 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[304] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 416B4606 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[304] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 415BDB20 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[304] ole32.dll!OleLoadFromStream 77519C85 5 Bytes JMP 416B4AA7 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 414E5505 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 415B9A75 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 415AD101 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 415BDAC4 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4152466E D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 416B473F D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 416B4671 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 416B46DC D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 416B4542 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 416B45A4 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 416B47A2 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 416B4606 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 415BDB20 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2928] ole32.dll!OleLoadFromStream 77519C85 5 Bytes JMP 416B4AA7 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 414E5505 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 415BDAC4 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 416B473F D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 416B4671 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 416B46DC D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 416B4542 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 416B45A4 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 416B47A2 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 416B4606 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT D:\Program Files\Internet Explorer\iexplore.exe[304] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] D:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT D:\WINDOWS\system32\services.exe[1064] @ D:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT D:\WINDOWS\system32\services.exe[1064] @ D:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
IAT D:\Program Files\Internet Explorer\iexplore.exe[2928] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] D:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x82 0xAB 0x7B 0xA5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x63 0x16 0xE9 0xA5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x70 0x91 0x69 0x59 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x82 0xAB 0x7B 0xA5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x63 0x16 0xE9 0xA5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x70 0x91 0x69 0x59 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C1E7DF78-F317-C3FD-2E38-1849FAADEC67}
---- EOF - GMER 1.0.15 ----
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
-
JelenJelcin
- Návštěvník
- Příspěvky: 70
- Registrován: 01 črc 2010 14:27
Re: T8SoB.exe a 5a9v7.exe
no chová se parádně dríve před testem sem čekal na přihlášení asi tak 20 minut a porad sem musle vypínat ten program ve správcích uloh tedka tam uz ani neni a počítač běží jak hodinky
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: T8SoB.exe a 5a9v7.exe
Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe
- Spusťte.
- Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)
Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe
- Spusťte.
- Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)
Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
- Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.
Záložka Čistič - Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
Záložka Registry - Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít
Dejte nový log z RSIT.
Přispějete na provoz fóra?