VIRY.CZ

Neodpustim si oblibenou otazku zde na foru: To jste si tak zasral sam nebo Vam nekdo pomahal

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Registry::
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"=-
  "{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
  [-HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
  [-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
  [-HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
  [-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
  [-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
  [-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
  [-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
  [-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{EEE6C35B-6118-11DC-9C72-001320C79847}"= -
  [-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
  [-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
  [-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
  [-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
  
  Folder::
  c:\program files\SweetIM\Toolbars
  
  DDS::
  uStart Page = hxxp://home.sweetim.com
  uDefault_Search_URL = hxxp://www.google.com/ie
  mStart Page = hxxp://home.sweetim.com
  uSearchAssistant = hxxp://www.google.com/ie
  uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
  IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Popravdě ani jedno. Navečer mi ho sem přivezl kamarád. Protože už mu nenaběhl. No a řikal že poslední na něm byl jeho švára celý dny na takových těch xxx stránkách. A najednou nezájem o pc. Tak ho zapl a nic.

Ono ty pochybne xxx stranky jsou velmi kvalitnim zdrojem haveti...Tak provedte ten skript pro CF a pujdem dale...

ComboFix 10-08-12.03 - admin 13.08.2010 21:53:16.2.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.682 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\admin\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
c:\program files\SweetIM\Toolbars
c:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\default.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mghooking.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\about.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dating.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\find.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\games.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\help.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\music.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\news.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\options.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\photos.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\version.txt
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-13 do 2010-08-13 )))))))))))))))))))))))))))))))
.

2010-08-13 17:02 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-13 17:02 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-13 17:02 . 2010-08-13 17:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-13 16:12 . 2010-08-13 16:12 -------- d-----w- c:\program files\trend micro
2010-08-13 16:12 . 2010-08-13 16:12 -------- d-----w- C:\rsit
2010-08-13 15:40 . 2004-08-17 13:49 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-08-13 15:40 . 2004-08-17 13:49 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2010-08-13 15:39 . 2001-10-24 09:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-08-13 15:39 . 2001-10-24 09:54 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2010-08-13 15:39 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-08-13 15:39 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2010-08-07 18:58 . 2010-08-07 18:58 -------- d-----w- C:\FOUND.006
2010-07-23 06:53 . 2004-08-03 21:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-07-23 06:53 . 2004-08-03 21:08 25600 ----a-w- c:\windows\system32\dllcache\usbser.sys
2010-07-23 06:52 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-07-14 22:26 . 2004-08-17 11:49 121856 ----a-w- c:\windows\system32\nddeap.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 06:55 . 2001-10-25 12:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2010-07-23 06:55 . 2001-10-25 12:00 309990 ----a-w- c:\windows\system32\perfh005.dat
2010-07-23 06:54 . 2010-07-23 06:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-07-23 06:54 . 2010-07-23 06:54 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2010-07-23 06:52 . 2010-07-23 06:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-07-23 06:52 . 2010-07-23 06:52 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-23 06:48 . 2010-07-23 06:48 -------- d-----w- c:\program files\Common Files\PCSuite
2010-07-23 06:48 . 2010-07-23 06:48 -------- d-----w- c:\program files\Common Files\Nokia
2010-07-23 06:48 . 2010-07-23 06:48 -------- d-----w- c:\program files\DIFX
2010-07-23 06:48 . 2010-07-23 06:48 -------- d-----w- c:\program files\PC Connectivity Solution
2010-07-23 06:48 . 2010-07-23 06:47 -------- d-----w- c:\program files\Nokia
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2009-11-02 448664]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-12-10 13:57 133016 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-26 16:09 135664 ----a-w- c:\documents and settings\admin\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-17 13:58 1667584 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-01-17 18:58 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-12 19:02 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [22.1.2010 16:09 222456]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.2.2010 16:04 135664]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [22.1.2010 22:35 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [22.1.2010 22:39 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [22.1.2010 22:39 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [15.3.2010 21:59 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [15.3.2010 21:58 86368]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.1.2010 23:34 642560]
.
Obsah adresáře 'Naplánované úlohy'

2010-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 14:04]

2010-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 14:04]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {4B75FE79-661C-4725-B123-E9A7E7A189A3} = 192.168.5.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-13 21:57
Windows 5.1.2600 Service Pack 2 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-08-13 21:59:16
ComboFix-quarantined-files.txt 2010-08-13 19:59
ComboFix2.txt 2010-08-13 19:16

Před spuštěním: Volných bajtů: 55 579 246 592
Po spuštění: Volných bajtů: 55 573 544 960

- - End Of File - - 95608AEA3AD1EA17D886CE565C9FCD99

Tak to by bylo, jak se chova PC

Zdá se být v pohodě. Díky moc za pomoc.

No jeste neutikejte, PC bylo pekne zaprasene, tak udelame s dovolenim jeste jeden test

Odinstalujte vsechny emulatory virtualnich jednotek (Deamon Tools, Alcohol 120%, PowerISO apod)

Stahnete SPTD http://www.duplexsecure.com/en/downloads

• Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
• Ulozte na plochu a spustte
• Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe

• Ulozte na plochu a spustte
• Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

• Vyskoci na Vas okenko, do ktereho zkopirujte text nize

• Kód: Vybrat vše

  "%userprofile%\plocha\mbr" -t

• Kliknete na OK
• Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

Dejte logy z Gmeru - viz muj podpis

Tak je tu jenom daemon. A ten mi píše chybu: Setup is unable to validate instalation.
Nejde ani spustit. V přidat nebo odebrat programy není vůbec.

Dobra tedy, pokracujte dale = krok s odinstalaci preskocte...

Vytvořil se mi mbr.log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS tcpip.sys
kernel: MBR read successfully
user & kernel MBR OK

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-13 22:35:25
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\admin\LOCALS~1\Temp\pgtdypob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

---- EOF - GMER 1.0.15 ----

Ten je spravnej a v poradku...a prvni log z gmeru taktez v cajku...
Ted vzhuru na druhy log z gmeru - ten bude trvat uz dele

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-13 22:41:02
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\admin\LOCALS~1\Temp\pgtdypob.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\admin\LOCALS~1\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[316] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 00]
.text C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F29C
.text C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F330
.text C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F4BD
.text C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2692] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEA 0xCE 0xD4 0xD7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x02 0xD4 0xCA 0x93 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8D 0x4D 0x2A 0x6A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEA 0xCE 0xD4 0xD7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x02 0xD4 0xCA 0x93 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8D 0x4D 0x2A 0x6A ...

---- EOF - GMER 1.0.15 ----

Log v poradku...

PC se tez chova v poradku

Chová.