VIRY.CZ

Ještě poprosím o log z posledního skenu CF.

Nastal problém ked som do combofixu hodil tne CFScript.txt začalo to robiť normálne tie stage potom to reštartlo PC dalo čiernu obrazovku v strede modré okno Combofixu s textom Please wait. a stálo to tam nechal som to tam asi 30min nič sa nedialo tak som potom vypol pc...

Zkuste to v nouz. režimu.

Prosím vás ako mám vypnuť Antivirak v Nudzovom režime nikde to tu nevidim lebo to vyskakuje pri tom combofixe

Hlášku v tomhle případě ignorujte.

nic nejde to ani v nouzovím režimu stale když ten combofix restartne pc ostane čierna obrazovka strede modré okno combofix s hláškou please wait a znova som to tam nechal stat pul hodiny a nic...

OK. Nastala nějaká změna?

Ne počítač stále sekne po 3-4 restartoch sa ale zatial rozbehne.

Co jste instaloval těsně před tím, než se problém objevil?

ako vravím dela to už hodne dlouho raž sem ten pc dal opravit vraj to blokoval nejaký program ktorý odstranili a išlo to normálne ale nepamatujem že by som neco instaloval čo by to mohlo robiť lebo mi to už robí niečo cez 3-4 mesiace

Stáhněte, nainstalujte a spusťte CrystalDiskInfo: http://www.stahuj.centrum.cz/utility_a_ ... ldiskinfo/ . Přes Úpravy>kopírovat sem dejte log.

----------------------------------------------------------------------------
CrystalDiskInfo 5.0.5 Shizuku Edition (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Ultimate Edition SP1 [6.1 Build 7601] (x86)
Date : 2012/12/06 17:14:08

-- Controller Map ----------------------------------------------------------
- ATA Channel 1 (1) [ATA]
+ Intel(R) 82801GB/GR/GH (ICH7 Family) Serial ATA Storage Controller - 27C0 [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
+ Intel(R) 82801G (ICH7 Family) Ultra ATA Storage Controllers - 27DF [ATA]
+ ATA Channel 0 (0)
- HL-DT-ST DVDRAM GSA-H42L ATA Device
- SAMSUNG HD322HJ ATA Device
- ATA Channel 1 (1)

-- Disk List ---------------------------------------------------------------
(1) SAMSUNG HD322HJ : 320,0 GB [0/2/0, pd1]

----------------------------------------------------------------------------
(1) SAMSUNG HD322HJ
----------------------------------------------------------------------------
Model : SAMSUNG HD322HJ
Firmware : 1AG01118
Serial Number : S17AJ9FSB03635
Disk Size : 320,0 GB (8,4/137,4/320,0)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 625142448
Rotation Rate : Unknown
Interface : Serial ATA
Major Version : ATA/ATAPI-7
Minor Version : ATA8-ACS version 3b
Transfer Mode : SATA/300
Power On Hours : 7723 hours
Power On Count : 3378 count
Temparature : 24 C (75 F)
Health Status : Good
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 0000h [OFF]
AAM Level : FE00h [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _51 000000000000 Read Error Rate
03 _92 _92 _11 000000000D7A Spin-Up Time
04 _97 _97 __0 000000000D41 Start/Stop Count
05 100 100 _10 000000000000 Reallocated Sectors Count
07 100 100 _51 000000000000 Seek Error Rate
08 100 100 _15 000000000000 Seek Time Performance
09 _98 _98 __0 000000001E2B Power-On Hours
0A 100 100 _51 000000000000 Spin Retry Count
0B 100 100 __0 000000000000 Recalibration Retries
0C _97 _97 __0 000000000D32 Power Cycle Count
0D 100 100 __0 000000000000 Soft Read Error Rate stab
B7 100 100 __0 000000000000 Unknown
B8 100 100 __0 000000000000 End-to-End Error
BB 100 100 __0 000000000000 Reported Uncorrectable Errors
BC 100 100 __0 000000000000 Command Timeout
BE _80 _60 __0 000014140014 Airflow Temperature
C2 _76 _59 __0 000018140018 Temperature
C3 100 100 __0 00000000F5AD Hardware ECC recovered
C4 100 100 __0 000000000000 Reallocation Event Count
C5 100 100 __0 000000000000 Current Pending Sector Count
C6 100 100 __0 000000000000 Uncorrectable Sector Count
C7 100 100 __0 000000000000 UltraDMA CRC Error Count
C8 100 100 __0 000000000000 Write Error Rate
C9 253 253 __0 000000000000 Soft Read Error Rate

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 8856 022A 003F 0000 0000 0000
010: 5331 3741 4A39 4653 4230 3336 3335 2020 2020 2020
020: 0003 8000 0004 3141 4730 3131 3138 5341 4D53 554E
030: 4720 4844 3332 3248 4A20 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 1706 0000 004C 0040
080: 00F8 0052 746B 7F69 4133 7469 BC41 4123 20FF 0024
090: 0024 0000 FFFE 0000 FE00 0008 0005 005D 86A0 0001
100: EAB0 2542 0000 0000 0064 0000 0000 0000 5002 4E92
110: 016D A21E 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 003F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0400 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 0FA5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 0F 00 64 64 00 00 00 00 00 00 00 03 07
010: 00 5C 5C 7A 0D 00 00 00 00 00 04 32 00 61 61 41
020: 0D 00 00 00 00 00 05 33 00 64 64 00 00 00 00 00
030: 00 00 07 0F 00 64 64 00 00 00 00 00 00 00 08 25
040: 00 64 64 00 00 00 00 00 00 00 09 32 00 62 62 2B
050: 1E 00 00 00 00 00 0A 33 00 64 64 00 00 00 00 00
060: 00 00 0B 12 00 64 64 00 00 00 00 00 00 00 0C 32
070: 00 61 61 32 0D 00 00 00 00 00 0D 0E 00 64 64 00
080: 00 00 00 00 00 00 B7 32 00 64 64 00 00 00 00 00
090: 00 00 B8 33 00 64 64 00 00 00 00 00 00 00 BB 32
0A0: 00 64 64 00 00 00 00 00 00 00 BC 32 00 64 64 00
0B0: 00 00 00 00 00 00 BE 22 00 50 3C 14 00 14 14 00
0C0: 00 00 C2 22 00 4C 3B 18 00 14 18 00 00 00 C3 1A
0D0: 00 64 64 AD F5 00 00 00 00 00 C4 32 00 64 64 00
0E0: 00 00 00 00 00 00 C5 12 00 64 64 00 00 00 00 00
0F0: 00 00 C6 30 00 64 64 00 00 00 00 00 00 00 C7 3E
100: 00 64 64 00 00 00 00 00 00 00 C8 0A 00 64 64 00
110: 00 00 00 00 00 00 C9 0A 00 FD FD 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 48 11 00 7B
170: 03 00 01 00 02 4B 09 4B 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2D

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 00 00 00 00 00 00 00 00 00 00 03 0B
010: 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00
020: 00 00 00 00 00 00 05 0A 00 00 00 00 00 00 00 00
030: 00 00 07 33 00 00 00 00 00 00 00 00 00 00 08 0F
040: 00 00 00 00 00 00 00 00 00 00 09 00 00 00 00 00
050: 00 00 00 00 00 00 0A 33 00 00 00 00 00 00 00 00
060: 00 00 0B 00 00 00 00 00 00 00 00 00 00 00 0C 00
070: 00 00 00 00 00 00 00 00 00 00 0D 00 00 00 00 00
080: 00 00 00 00 00 00 B7 00 00 00 00 00 00 00 00 00
090: 00 00 B8 00 00 00 00 00 00 00 00 00 00 00 BB 00
0A0: 00 00 00 00 00 00 00 00 00 00 BC 00 00 00 00 00
0B0: 00 00 00 00 00 00 BE 00 00 00 00 00 00 00 00 00
0C0: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C3 00
0D0: 00 00 00 00 00 00 00 00 00 00 C4 00 00 00 00 00
0E0: 00 00 00 00 00 00 C5 00 00 00 00 00 00 00 00 00
0F0: 00 00 C6 00 00 00 00 00 00 00 00 00 00 00 C7 00
100: 00 00 00 00 00 00 00 00 00 00 C8 00 00 00 00 00
110: 00 00 00 00 00 00 C9 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10

Disk je OK. Zkuste ještě sken GMER: http://forum.viry.cz/viewtopic.php?f=29&t=62878 a dejte oba logy.

LOG malý :
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-12-06 19:05:02
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD322HJ rev.1AG01118
Running: gmer.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys


---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E871F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 84E871F8
Device \Driver\atapi \Device\Ide\IdePort0 84E871F8
Device \Driver\atapi \Device\Ide\IdePort1 84E871F8
Device \Driver\atapi \Device\Ide\IdePort2 84E871F8
Device \Driver\atapi \Device\Ide\IdePort3 84E871F8
Device \Driver\az74rj88 \Device\Scsi\az74rj881Port4Path0Target0Lun0 860A81F8
Device \Driver\az74rj88 \Device\Scsi\az74rj881 860A81F8
Device \FileSystem\Ntfs \Ntfs 85B1D1F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

---- EOF - GMER 1.0.15 ----

Log Velky :
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-12-06 20:36:41
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD322HJ rev.1AG01118
Running: gmer.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C8FA49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CC94D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\sppm.sys Systém nemôže nájsť zadanú cestu. !
.text USBPORT.SYS!DllUnload 8E758DB9 5 Bytes JMP 860251D8
.text az74rj88.SYS 8E7C1000 12 Bytes [44, 08, C2, 82, EE, 06, C2, ...]
.text az74rj88.SYS 8E7C100D 9 Bytes [E7, C1, 82, 48, 0B, C2, 82, ...] {OUT 0xc1, EAX; OR BYTE [EAX+0xb], -0x3e; ADD BYTE [EAX], 0x0}
.text az74rj88.SYS 8E7C1017 47 Bytes [00, DE, B7, B9, 88, E6, B5, ...]
.text az74rj88.SYS 8E7C1047 109 Bytes [82, 8E, 2E, CD, 82, 04, C9, ...]
.text az74rj88.SYS 8E7C10B5 12 Bytes [D4, CC, 82, F0, B9, CC, 82, ...]
.text ...
.text autochk.exe 004311D1 73 Bytes [10, 08, FE, 75, 41, 8B, 4D, ...]
.text autochk.exe 0043121B 4 Bytes [0F, 84, C8, 00]
.text autochk.exe 00431220 129 Bytes [00, 83, 7D, 18, 00, 7E, 6D, ...]
.text autochk.exe 004312A2 1 Byte [00]
.text autochk.exe 004312A2 7 Bytes [00, 00, C7, 44, 01, 04, 00]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1668] kernel32.dll!SetUnhandledExceptionFilter 767CF4FB 4 Bytes [C2, 04, 00, 00]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [88A9F042] \SystemRoot\System32\Drivers\sppm.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [88A9F6D6] \SystemRoot\System32\Drivers\sppm.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [88A9F800] \SystemRoot\System32\Drivers\sppm.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [88A9F13E] \SystemRoot\System32\Drivers\sppm.sys
IAT \SystemRoot\System32\Drivers\az74rj88.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\az74rj88.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\az74rj88.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\az74rj88.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\az74rj88.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\az74rj88.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\az74rj88.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\az74rj88.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\az74rj88.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\az74rj88.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\az74rj88.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\az74rj88.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\az74rj88.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\az74rj88.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\az74rj88.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\az74rj88.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\az74rj88.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\az74rj88.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\az74rj88.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\az74rj88.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\az74rj88.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\az74rj88.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\az74rj88.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748B24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7489562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [748956EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [748B2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [748A85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748A4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [748A5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748A51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [748A6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [748A8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [748A8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [748A90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [748AE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [748A4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free] [69DD11EB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\user\Desktop\gmer\gmer.exe[4532] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\user\Desktop\gmer\gmer.exe[4532] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\user\Desktop\gmer\gmer.exe[4532] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\user\Desktop\gmer\gmer.exe[4532] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free] [69DD11EB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\user\Desktop\gmer\gmer.exe[4532] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\user\Desktop\gmer\gmer.exe[4532] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\user\Desktop\gmer\gmer.exe[4532] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\user\Desktop\gmer\gmer.exe[4532] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85B1D1F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\volmgr \Device\VolMgrControl 84E851F8
Device \Driver\usbuhci \Device\USBPDO-0 860281F8
Device \Driver\usbuhci \Device\USBPDO-1 860281F8
Device \Driver\usbuhci \Device\USBPDO-2 860281F8
Device \Driver\ACPI_HAL \Device\00000053 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-3 860281F8
Device \Driver\usbehci \Device\USBPDO-4 85FE1500
Device \Driver\volmgr \Device\HarddiskVolume1 84E851F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 85DC51F8
Device \Driver\volmgr \Device\HarddiskVolume2 84E851F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{81E0CF24-E213-489A-A05C-236B6C0C8AC3} 85FB51F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E871F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 84E871F8
Device \Driver\atapi \Device\Ide\IdePort0 84E871F8
Device \Driver\atapi \Device\Ide\IdePort1 84E871F8
Device \Driver\atapi \Device\Ide\IdePort2 84E871F8
Device \Driver\atapi \Device\Ide\IdePort3 84E871F8
Device \Driver\cdrom \Device\CdRom1 85DC51F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 85FB51F8
Device \Driver\PCI_PNP1904 \Device\0000005b sppm.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{768E416E-DD00-494F-853D-21EF371ADE82} 85FB51F8
Device \Driver\sptd \Device\283383905 sppm.sys
Device \Driver\usbuhci \Device\USBFDO-0 860281F8
Device \Driver\usbuhci \Device\USBFDO-1 860281F8
Device \Driver\usbuhci \Device\USBFDO-2 860281F8
Device \Driver\usbuhci \Device\USBFDO-3 860281F8
Device \Driver\usbehci \Device\USBFDO-4 85FE1500
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0F1A7FF-768D-4296-A888-BD531DE3E3D5} 85FB51F8
Device \Driver\az74rj88 \Device\Scsi\az74rj881Port4Path0Target0Lun0 860A81F8
Device \Driver\az74rj88 \Device\Scsi\az74rj881 860A81F8
Device Fs_Rec.sys (File System Recognizer Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x97 0x44 0xDB 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x25 0x85 0xAB 0xC5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3E 0x54 0xFC 0x5C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x36 0x80 0x48 0xF1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x97 0x44 0xDB 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x25 0x85 0xAB 0xC5 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3E 0x54 0xFC 0x5C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x36 0x80 0x48 0xF1 ...

---- EOF - GMER 1.0.15 ----