Moc prosím o kontrolu logu z HJT

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Pravidla fóra
Návod na použití programu HijackThis || Návod na vyčištění počítače CCleanerem || FAQ: Antiviry
Odpovědět
MaFire
nováček
Příspěvky: 22
Registrován: 16 zář 2008 16:25

Re: Moc prosím o kontrolu logu z HJT

Příspěvek od MaFire »

Tak jsem vše udělal, bohužel bez výsledku.

CHKDSK jsem provedl.

Vykřičník ani otazník ve správci nemám. To vím, že tam být nesmí.

ESET ani můj McAfee antivirus nenašli vůbec nic.

:-(
Nahoru
Uživatelský avatar
zlobyl
Tvůrce článků
Příspěvky: 1760
Registrován: 16 dub 2006 19:25
Bydliště: Slaný
Kontaktovat uživatele:
Kontaktovat uživatele zlobyl

Re: Moc prosím o kontrolu logu z HJT

Příspěvek od zlobyl »

Použij ComboFix:
fredik píše:Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah


A dále použij GMER.
Prosím, omluvte mou častou nepřítomnost na fóru.Bohužel jsou věci, které člověk nemůže ovlivnit a já tudíž nemám moc času, abych se sem dostal.Budu se snažit tady být vždy, když to bude možné, ale nic zaručit nemohu.Je mi to líto.
Nahoru
MaFire
nováček
Příspěvky: 22
Registrován: 16 zář 2008 16:25

Re: Moc prosím o kontrolu logu z HJT

Příspěvek od MaFire »

LOG z ComboFixu:

ComboFix 08-09-27.01 - Roman 2008-09-28 12:31:12.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1251 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Roman\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
* Resident AV is active


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Dvbpws.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-08-28 do 2008-09-28 )))))))))))))))))))))))))))))))
.

2009-09-05 15:03 . 2008-09-06 16:48 <DIR> d-------- C:\Program Files\VirtualDJ(2)
2008-09-24 19:59 . 2008-09-24 20:00 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-09-22 15:21 . 2008-09-22 15:21 <DIR> d-------- C:\Program Files\Bobabo
2008-09-22 15:21 . 2008-07-03 14:42 9,974,784 --a------ C:\WINDOWS\system32\MioPlayer2.dll
2008-09-22 15:21 . 2008-07-03 14:26 6,294,528 --a------ C:\WINDOWS\system32\MediaIO1.dll
2008-09-17 20:30 . 2008-09-17 20:30 <DIR> d-------- C:\Program Files\Sun
2008-09-16 17:06 . 2008-09-16 17:06 <DIR> d-------- C:\Program Files\VirtualDJ
2008-09-07 22:10 . <DIR> C:\Documents and Settings\Roman\Data aplikací\ABBYY
2008-09-07 22:09 . 2008-09-07 22:10 <DIR> d-------- C:\Program Files\ABBYY FineReader 9.0
2008-09-07 22:08 . 2008-09-07 22:09 <DIR> d-------- C:\Temp\FR90PE
2008-09-07 22:05 . 2008-09-07 22:05 <DIR> d-------- C:\Program Files\PDFCreator Toolbar
2008-09-07 22:05 . 2008-09-07 22:05 253,116 --a------ C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_390.exe
2008-09-07 22:05 . 2008-09-07 22:05 14,290 --a------ C:\Program Files\settings.dat
2008-09-07 22:04 . 2008-09-07 22:05 <DIR> d-------- C:\Program Files\PDFCreator
2008-09-07 22:04 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-09-07 22:04 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
2008-09-07 22:04 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2008-09-07 21:57 . 2008-09-24 20:25 <DIR> d-------- C:\Program Files\ElcomSoft
2008-09-07 21:54 . 2008-09-24 20:30 <DIR> d-------- C:\Program Files\Freeware PDF Unlocker
2008-09-06 16:47 . 2008-09-06 16:47 <DIR> d-------- C:\WFDB
2008-09-03 20:54 . 2008-09-19 14:15 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-29 15:42 . 2008-05-01 16:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 10:37 --------- d-----w C:\Program Files\ScreenShot Wizard
2008-09-28 10:35 --------- d-----w C:\Documents and Settings\Roman\Data aplikací\uTorrent
2008-09-28 01:56 --------- d-----w C:\Program Files\Save
2008-09-24 18:30 --------- d-----w C:\Program Files\ICQ6
2008-09-24 18:26 --------- d-----w C:\Program Files\Winamp
2008-09-17 18:38 --------- d-----w C:\Program Files\Java
2008-09-14 15:54 --------- d-----w C:\Documents and Settings\Roman\Data aplikací\Real
2008-09-13 10:32 --------- d-----w C:\Program Files\McAfee
2008-09-06 15:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-31 18:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-30 19:43 --------- d-----w C:\Program Files\Gothic III
2008-08-30 19:42 --------- d-----w C:\Program Files\Diablo II
2008-08-12 01:29 --------- d-----w C:\Program Files\HLSW
2008-08-01 00:24 --------- d-----w C:\Program Files\Free iPod Video Converter
2008-08-01 00:20 --------- d-----w C:\Program Files\popsoftware
2008-07-30 13:28 --------- d-----w C:\Program Files\Hesky-Data Software
2007-08-18 22:03 7,780 ----a-w C:\Documents and Settings\Roman\FMCodec.dat
2006-11-27 15:46 22,328 ----a-w C:\Documents and Settings\Roman\Data aplikací\PnkBstrK.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"X-Grabber"="C:\Program Files\ScreenShot Wizard\sswizard.exe" [2001-11-15 190464]
"WhenUSave"="C:\Program Files\Save\Save.exe" [2006-08-25 803184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 271672]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-09-17 8491008]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-09-17 81920]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 37376]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2007-03-01 69632]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2007-03-08 397312]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"ThrustTSR"="C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe" [2001-07-10 163840]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"nwiz"="nwiz.exe" [2007-09-17 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 35328]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [2007-09-24 566560]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 69120]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 9446]
S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [ ]
S1 wfcxacap;WinFast TV PCI Audio Capture Driver;C:\WINDOWS\system32\DRIVERS\wfcxacap.sys [2006-10-23 9856]
S2 wfcxatun;WinFast TV Analog Tuner Driver;C:\WINDOWS\system32\drivers\wfcxatun.sys [2006-10-23 31616]
S2 WFCXVCAP;WinFast TV Video Capture Driver;C:\WINDOWS\system32\drivers\wfcxvcap.sys [2006-10-23 167424]
S3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 18432]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [ ]
S3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;C:\WINDOWS\system32\drivers\wfcxdtun.sys [2006-10-23 21248]
S3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;C:\WINDOWS\system32\drivers\wfcxtcap.sys [2006-10-23 15872]
S3 wfcxxbar;WinFast TV Crossbar Driver;C:\WINDOWS\system32\drivers\wfcxxbar.sys [2006-10-23 10496]
.
Obsah adresáře 'Naplánované úlohy'
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-adsnwi - C:\WINDOWS\System32\adsnwi.exe
Notify-WgaLogon - (no file)


.
------- Doplňkový sken -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.atlas.cz/?from=icqhp
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 12:37:40
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Celkový čas: 2008-09-28 12:46:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-09-28 10:45:58

Před spuštěním: 2˙057˙105˙408
Po spuštění: 1,981,992,960

163 --- E O F --- 2008-09-19 12:15:58
Nahoru
MaFire
nováček
Příspěvky: 22
Registrován: 16 zář 2008 16:25

Re: Moc prosím o kontrolu logu z HJT

Příspěvek od MaFire »

První "malý" log z GMERU:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-09-28 12:50:47
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwEnumerateKey [0xBA6DCC7E]
SSDT sptd.sys ZwEnumerateValueKey [0xBA6DCFF6]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB5BA79AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB5BA7958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB5BA796C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB5BA7A59]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB5BA7A85]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB5BA79EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB5BA7B1D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB5BA7930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB5BA7944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB5BA79BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB5BA7AC7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB5BA7A6F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB5BA7B45]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB5BA7B31]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB5BA7996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB5BA7982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB5BA7A19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB5BA7B07]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB5BA7A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB5BA79D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8A5B3450

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.14 ----
Nahoru
MaFire
nováček
Příspěvky: 22
Registrován: 16 zář 2008 16:25

Re: Moc prosím o kontrolu logu z HJT

Příspěvek od MaFire »

Velký log z GMERU (první část, do jednoho příspěvku se nevešel):


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-09-28 12:59:52
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwCreateKey [0xBA6DCB3A]
SSDT sptd.sys ZwEnumerateKey [0xBA6DCC7E]
SSDT sptd.sys ZwEnumerateValueKey [0xBA6DCFF6]
SSDT sptd.sys ZwOpenKey [0xBA6DCA18]
SSDT sptd.sys ZwQueryKey [0xBA6DD0C0]
SSDT sptd.sys ZwQueryValueKey [0xBA6DCF58]
SSDT sptd.sys ZwSetValueKey [0xBA6DD148]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB5BA79AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB5BA7958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB5BA796C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB5BA7A59]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB5BA7A85]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB5BA79EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB5BA7B1D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB5BA7930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB5BA7944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB5BA79BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB5BA7AC7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB5BA7A6F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB5BA7B45]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB5BA7B31]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB5BA7996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB5BA7982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB5BA7A19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB5BA7B07]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB5BA7A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB5BA79D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwYieldExecution 80503FC8 7 Bytes JMP B5BA79D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? C:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
? C:\WINDOWS\System32\Drivers\SPTD0221.SYS Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
? Combo-Fix.sys Systém nemůže nalézt uvedený soubor. !
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 B92E04D0 16 Bytes [ BC, 0D, 5D, D1, B6, F9, 4F, ... ]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 B92E04E1 31 Bytes [ F0, 2D, B9, F5, 92, 82, 8F, ... ]
? C:\WINDOWS\System32\Drivers\dtscsi.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
? C:\ComboFix\catchme.sys Systém nemůže nalézt uvedenou cestu. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008A0FEF
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008A0F85
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008A0084
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008A0073
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008A0058
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008A002C
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008A0F63
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008A00AB
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008A00E1
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008A0F3E
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 008A00FC
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 008A0047
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 008A000A
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 008A0F74
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 008A0FC0
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 008A001B
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 008A00BC
.text C:\WINDOWS\System32\svchost.exe[296] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 00890047
.text C:\WINDOWS\System32\svchost.exe[296] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 0089007D
.text C:\WINDOWS\System32\svchost.exe[296] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 0089002C
.text C:\WINDOWS\System32\svchost.exe[296] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 0089001B
.text C:\WINDOWS\System32\svchost.exe[296] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00890062
.text C:\WINDOWS\System32\svchost.exe[296] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 00890FC0
.text C:\WINDOWS\System32\svchost.exe[296] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 0089000A
.text C:\WINDOWS\System32\svchost.exe[296] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 00890FDB
.text C:\WINDOWS\System32\svchost.exe[296] WS2_32.dll!socket 71A93B91 5 Bytes JMP 007C000A
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00800FEF
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00800089
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00800F94
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00800FA5
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00800058
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0080002C
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00800F52
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0080009A
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00800F30
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008000BF
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00800F1F
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00800047
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0080000A
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00800F6F
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 0080001B
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00800FD4
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00800F41
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 007B001E
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 007B0F86
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 007B0FC3
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 007B0FD4
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 007B0043
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 007B0FA1
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 007B0FE5
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 007B0FB2
.text C:\WINDOWS\system32\svchost.exe[416] WS2_32.dll!socket 71A93B91 5 Bytes JMP 00780000
.text C:\WINDOWS\system32\svchost.exe[416] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00790FD4
.text C:\WINDOWS\system32\svchost.exe[416] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00790FE5
.text C:\WINDOWS\system32\svchost.exe[416] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00790000
.text C:\WINDOWS\system32\svchost.exe[416] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00790FAD
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 011E0000
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 011E00B1
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 011E008C
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 011E0FB2
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 011E0FC3
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 011E005B
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 011E0F90
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 011E0FA1
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 011E0F53
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 011E0F64
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 011E0F38
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 011E0FD4
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 011E001B
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 011E00C2
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 011E0FE5
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 011E0036
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 011E0F7F
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 011D003D
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 011D0FB6
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 011D0022
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 011D0011
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 011D0FC7
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 011D0069
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 011D0000
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 011D004E
.text C:\WINDOWS\system32\svchost.exe[1068] WS2_32.dll!socket 71A93B91 5 Bytes JMP 011B0FEF
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00070F65
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070064
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00070053
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00070036
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 0007009C
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00070F54
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00070F1E
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 000700B7
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00070EF9
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00070F94
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0007007F
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00070FAF
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070F39
.text C:\WINDOWS\system32\services.exe[1356] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 00060FC3
.text C:\WINDOWS\system32\services.exe[1356] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00060F8D
.text C:\WINDOWS\system32\services.exe[1356] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 00060FDE
.text C:\WINDOWS\system32\services.exe[1356] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[1356] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 0006004A
.text C:\WINDOWS\system32\services.exe[1356] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 0006002F
.text C:\WINDOWS\system32\services.exe[1356] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[1356] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 00060FA8
.text C:\WINDOWS\system32\services.exe[1356] WS2_32.dll!socket 71A93B91 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00FF006E
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00FF0F83
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00FF0F94
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00FF0051
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00FF0FB9
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00FF0F30
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00FF0F41
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00FF00A4
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00FF0089
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00FF0EF0
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00FF0036
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00FF0FE5
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00FF0F5E
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00FF001B
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00FF0FD4
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00FF0F15
.text C:\WINDOWS\system32\lsass.exe[1368] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 00FE0022
.text C:\WINDOWS\system32\lsass.exe[1368] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00FE0047
.text C:\WINDOWS\system32\lsass.exe[1368] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 00FE0011
.text C:\WINDOWS\system32\lsass.exe[1368] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\lsass.exe[1368] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00FE0F8A
.text C:\WINDOWS\system32\lsass.exe[1368] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 00FE0FAF
.text C:\WINDOWS\system32\lsass.exe[1368] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\lsass.exe[1368] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 00FE0FC0
.text C:\WINDOWS\system32\lsass.exe[1368] WS2_32.dll!socket 71A93B91 5 Bytes JMP 00E80FEF
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00BE0089
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00BE0F94
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00BE006C
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00BE005B
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00BE0039
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00BE0F72
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00BE0F83
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00BE0F35
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00BE0F46
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00BE00E9
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00BE004A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00BE00AE
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00BE0FC3
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00BE0FD4
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00BE0F61
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 00BD0FD4
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00BD0087
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 00BD001B
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00BD006C
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 00BD005B
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 00BD0040
.text C:\WINDOWS\system32\svchost.exe[1544] WS2_32.dll!socket 71A93B91 5 Bytes JMP 00BB000A
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A50FEF
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A5007F
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A5006E
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A5005D
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A50036
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A50F9E
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A50F52
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A5009A
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A50F26
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A50F41
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00A50F0B
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00A5001B
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00A50FDE
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00A50F79
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00A5000A
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00A50FB9
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00A500BF
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 00A40FB9
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00A40F9E
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 00A40FCA
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 00A40000
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00A4005B
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 00A40036
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 00A40025
.text C:\WINDOWS\system32\svchost.exe[1604] WS2_32.dll!socket 71A93B91 5 Bytes JMP 00A20FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1808] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1808] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 03750FEF
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 03750040
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 03750025
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 03750F4B
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 03750F68
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 03750F94
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 03750F30
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0375006C
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 03750093
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 03750F04
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 037500B8
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 03750F79
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 03750000
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0375005B
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 03750FB9
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 03750FCA
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 03750F1F
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 0374005B
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 03740FE5
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 03740036
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 0374001B
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 037400A2
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 03740091
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 03740000
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 03740076
.text C:\WINDOWS\System32\svchost.exe[1856] WS2_32.dll!socket 71A93B91 5 Bytes JMP 02D30FEF
.text C:\WINDOWS\System32\svchost.exe[1856] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 02DD0FDE
.text C:\WINDOWS\System32\svchost.exe[1856] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 02DD0FEF
.text C:\WINDOWS\System32\svchost.exe[1856] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 02DD0FCD
.text C:\WINDOWS\System32\svchost.exe[1856] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 02DD0FB0
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A004C
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F57
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0F72
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0F83
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0025
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0082
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0F3A
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A00AE
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F15
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A00BF
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A0F94
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A0FDE
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A0071
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A0014
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A0093
.text C:\WINDOWS\explorer.exe[2796] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 002D002F
.text C:\WINDOWS\explorer.exe[2796] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 002D0FA8
.text C:\WINDOWS\explorer.exe[2796] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 002D0FD4
.text C:\WINDOWS\explorer.exe[2796] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 002D0FE5
.text C:\WINDOWS\explorer.exe[2796] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 002D0065
.text C:\WINDOWS\explorer.exe[2796] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 002D004A
.text C:\WINDOWS\explorer.exe[2796] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 002D0000
.text C:\WINDOWS\explorer.exe[2796] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 002D0FC3
.text C:\WINDOWS\explorer.exe[2796] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00300000
.text C:\WINDOWS\explorer.exe[2796] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00300FE5
.text C:\WINDOWS\explorer.exe[2796] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 0030001D
.text C:\WINDOWS\explorer.exe[2796] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00300038
.text C:\WINDOWS\explorer.exe[2796] WS2_32.dll!socket 71A93B91 5 Bytes JMP 00E7000A
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0000
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F7C
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F8D
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0FA8
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0FB9
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0040
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A00C4
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A00A7
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0F46
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F57
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A00F0
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A0051
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A0FE5
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A008C
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A0FD4
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A001B
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A00DF
.text C:\Program Files\Messenger\msmsgs.exe[3984] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 002E0FE5
.text C:\Program Files\Messenger\msmsgs.exe[3984] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 002E0098
.text C:\Program Files\Messenger\msmsgs.exe[3984] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 002E0040
.text C:\Program Files\Messenger\msmsgs.exe[3984] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 002E0025
.text C:\Program Files\Messenger\msmsgs.exe[3984] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 002E007D
.text C:\Program Files\Messenger\msmsgs.exe[3984] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 002E006C
.text C:\Program Files\Messenger\msmsgs.exe[3984] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 002E000A
.text C:\Program Files\Messenger\msmsgs.exe[3984] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 002E0051
.text C:\Program Files\Messenger\msmsgs.exe[3984] WS2_32.dll!socket 71A93B91 5 Bytes JMP 002F0FEF
.text C:\Program Files\Messenger\msmsgs.exe[3984] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 0030001B
.text C:\Program Files\Messenger\msmsgs.exe[3984] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00300000
.text C:\Program Files\Messenger\msmsgs.exe[3984] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00300FE5
.text C:\Program Files\Messenger\msmsgs.exe[3984] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00300038

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6D8A32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6D8B6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6D8AF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6D96CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6D95A2] sptd.sys
Nahoru
MaFire
nováček
Příspěvky: 22
Registrován: 16 zář 2008 16:25

Re: Moc prosím o kontrolu logu z HJT

Příspěvek od MaFire »

Druhá část logu z GMERu


---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8A5B3450

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{D8E80890-7A03-424A-A340-B1B6B7E4C626} 8971C728

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5B3EB0
Device \Driver\dmio \Device\DmControl\DmConfig 8A5B3EB0
Device \Driver\dmio \Device\DmControl\DmPnP 8A5B3EB0
Device \Driver\dmio \Device\DmControl\DmInfo 8A5B3EB0
Device \Driver\00000047 \Device\00000060 sptd.sys

AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5B30E8
Device \Driver\Cdrom \Device\CdRom0 8A38A1D8
Device \FileSystem\Rdbss \Device\FsWrap 8A1DA228
Device \Driver\Cdrom \Device\CdRom1 8A38A1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetBt_Wins_Export 8971C728
Device \Driver\NetBT \Device\NetbiosSmb 8971C728
Device \Driver\NetBT \Device\NetBT_Tcpip_{7E697649-FE31-4050-853B-5C07B1A6A36C} 8971C728
Device \Driver\NetBT \Device\NetBT_Tcpip_{402EC693-50A4-41BF-8EAB-1760228A7606} 8971C728

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\Disk \Device\Harddisk0\DR0 8A5B3708

AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\nvata \Device\NvAta0 8A5B39C0
Device \Driver\nvata \Device\NvAta0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 890CC878
Device \Driver\nvata \Device\NvAta1 8A5B39C0
Device \Driver\nvata \Device\NvAta1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 890CC878
Device \Driver\nvata \Device\NvAta2 8A5B39C0
Device \Driver\nvata \Device\NvAta2 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Npfs \Device\NamedPipe 8A0F51E8
Device \Driver\Ftdisk \Device\FtControl 8A5B30E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{88E6DBCF-E62B-4C2C-A596-E5D24CFAE78B} 8971C728
Device \FileSystem\Msfs \Device\Mailslot 8A0548C0
Device \Driver\nvata \Device\0000008a 8A5B39C0
Device \Driver\nvata \Device\0000008a sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 8A1B77B0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\dtscsi \Device\Scsi\dtscsi1 8A1B77B0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Cdfs \Cdfs 8A3E1AE0

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 -672785286
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 735598520
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1954479627
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE0 0x33 0x1C 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCB 0xF5 0xB5 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x59 0x98 0x88 0x61 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE0 0x33 0x1C 0xF9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCB 0xF5 0xB5 0x9B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x41 0x24 0xE6 0x32 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE0 0x33 0x1C 0xF9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCB 0xF5 0xB5 0x9B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x59 0x98 0x88 0x61 ...

---- EOF - GMER 1.0.14 ----
Nahoru
Uživatelský avatar
zlobyl
Tvůrce článků
Příspěvky: 1760
Registrován: 16 dub 2006 19:25
Bydliště: Slaný
Kontaktovat uživatele:
Kontaktovat uživatele zlobyl

Re: Moc prosím o kontrolu logu z HJT

Příspěvek od zlobyl »

Použij v ComboFixu script:

Zkopíruj si následující text do poznámkového bloku (Start-Spustit-Notepad) a ulož ho na Plochu jako CFScript.txt.
(nepoužívej funkci Vybrat vše!)

Kód: Vybrat vše

Folder::
C:\Program Files\Save

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WhenUSave"=-


Pak tento soubor přetáhni na ikonu ComboFixu a pusť.(předpokládám, že máš ComboFix také na ploše)

Obrázek

Pak sem dej log, který ti z něj vyleze.


A dále provedeme kontrolu paměti-stáhni si memtest.Z archivu vybal soubor s příponou ISO a z něho vypal CD (soubor nerozbaluj, ale např. v Neru použij volbu Vypálit obraz na CD).Toto CD je bootovací, takže ho stačí nechat při najíždění v mechanice.
Test se spustí automaticky a bude probíhat cyklicky až do přerušení.Nech ho proběhnout alespoň 2x.
Prosím, omluvte mou častou nepřítomnost na fóru.Bohužel jsou věci, které člověk nemůže ovlivnit a já tudíž nemám moc času, abych se sem dostal.Budu se snažit tady být vždy, když to bude možné, ale nic zaručit nemohu.Je mi to líto.
Nahoru
Odpovědět

Zpět na „HiJackThis“