Moc prosím o kontrolu logu z HJT

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Odpovědět
MaFire
nováček
Příspěvky: 22
Registrován: září 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Moc prosím o kontrolu logu z HJT

Příspěvekod MaFire » 27 zář 2008 14:31

Tak jsem vše udělal, bohužel bez výsledku.

CHKDSK jsem provedl.

Vykřičník ani otazník ve správci nemám. To vím, že tam být nesmí.

ESET ani můj McAfee antivirus nenašli vůbec nic.

:-(
Nahoru
Reklama
Top
Uživatelský avatar
zlobyl
Tvůrce článků
Level 4.5
Level 4.5
Příspěvky: 1760
Registrován: duben 06
Bydliště: Slaný
Pohlaví: Nespecifikováno
Stav:
Offline
Kontakt:
Kontaktovat uživatele zlobyl

Re: Moc prosím o kontrolu logu z HJT

Příspěvekod zlobyl » 28 zář 2008 11:25

Použij ComboFix:
fredik píše:Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah


A dále použij GMER.
Prosím, omluvte mou častou nepřítomnost na fóru.Bohužel jsou věci, které člověk nemůže ovlivnit a já tudíž nemám moc času, abych se sem dostal.Budu se snažit tady být vždy, když to bude možné, ale nic zaručit nemohu.Je mi to líto.
Nahoru
MaFire
nováček
Příspěvky: 22
Registrován: září 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Moc prosím o kontrolu logu z HJT

Příspěvekod MaFire » 28 zář 2008 12:57

LOG z ComboFixu:

ComboFix 08-09-27.01 - Roman 2008-09-28 12:31:12.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1251 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Roman\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
* Resident AV is active


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Dvbpws.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-08-28 do 2008-09-28 )))))))))))))))))))))))))))))))
.

2009-09-05 15:03 . 2008-09-06 16:48 <DIR> d-------- C:\Program Files\VirtualDJ(2)
2008-09-24 19:59 . 2008-09-24 20:00 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-09-22 15:21 . 2008-09-22 15:21 <DIR> d-------- C:\Program Files\Bobabo
2008-09-22 15:21 . 2008-07-03 14:42 9,974,784 --a------ C:\WINDOWS\system32\MioPlayer2.dll
2008-09-22 15:21 . 2008-07-03 14:26 6,294,528 --a------ C:\WINDOWS\system32\MediaIO1.dll
2008-09-17 20:30 . 2008-09-17 20:30 <DIR> d-------- C:\Program Files\Sun
2008-09-16 17:06 . 2008-09-16 17:06 <DIR> d-------- C:\Program Files\VirtualDJ
2008-09-07 22:10 . <DIR> C:\Documents and Settings\Roman\Data aplikací\ABBYY
2008-09-07 22:09 . 2008-09-07 22:10 <DIR> d-------- C:\Program Files\ABBYY FineReader 9.0
2008-09-07 22:08 . 2008-09-07 22:09 <DIR> d-------- C:\Temp\FR90PE
2008-09-07 22:05 . 2008-09-07 22:05 <DIR> d-------- C:\Program Files\PDFCreator Toolbar
2008-09-07 22:05 . 2008-09-07 22:05 253,116 --a------ C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_390.exe
2008-09-07 22:05 . 2008-09-07 22:05 14,290 --a------ C:\Program Files\settings.dat
2008-09-07 22:04 . 2008-09-07 22:05 <DIR> d-------- C:\Program Files\PDFCreator
2008-09-07 22:04 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-09-07 22:04 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
2008-09-07 22:04 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2008-09-07 21:57 . 2008-09-24 20:25 <DIR> d-------- C:\Program Files\ElcomSoft
2008-09-07 21:54 . 2008-09-24 20:30 <DIR> d-------- C:\Program Files\Freeware PDF Unlocker
2008-09-06 16:47 . 2008-09-06 16:47 <DIR> d-------- C:\WFDB
2008-09-03 20:54 . 2008-09-19 14:15 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-29 15:42 . 2008-05-01 16:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 10:37 --------- d-----w C:\Program Files\ScreenShot Wizard
2008-09-28 10:35 --------- d-----w C:\Documents and Settings\Roman\Data aplikací\uTorrent
2008-09-28 01:56 --------- d-----w C:\Program Files\Save
2008-09-24 18:30 --------- d-----w C:\Program Files\ICQ6
2008-09-24 18:26 --------- d-----w C:\Program Files\Winamp
2008-09-17 18:38 --------- d-----w C:\Program Files\Java
2008-09-14 15:54 --------- d-----w C:\Documents and Settings\Roman\Data aplikací\Real
2008-09-13 10:32 --------- d-----w C:\Program Files\McAfee
2008-09-06 15:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-31 18:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-30 19:43 --------- d-----w C:\Program Files\Gothic III
2008-08-30 19:42 --------- d-----w C:\Program Files\Diablo II
2008-08-12 01:29 --------- d-----w C:\Program Files\HLSW
2008-08-01 00:24 --------- d-----w C:\Program Files\Free iPod Video Converter
2008-08-01 00:20 --------- d-----w C:\Program Files\popsoftware
2008-07-30 13:28 --------- d-----w C:\Program Files\Hesky-Data Software
2007-08-18 22:03 7,780 ----a-w C:\Documents and Settings\Roman\FMCodec.dat
2006-11-27 15:46 22,328 ----a-w C:\Documents and Settings\Roman\Data aplikací\PnkBstrK.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"X-Grabber"="C:\Program Files\ScreenShot Wizard\sswizard.exe" [2001-11-15 190464]
"WhenUSave"="C:\Program Files\Save\Save.exe" [2006-08-25 803184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 271672]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-09-17 8491008]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-09-17 81920]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 37376]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2007-03-01 69632]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2007-03-08 397312]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"ThrustTSR"="C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe" [2001-07-10 163840]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"nwiz"="nwiz.exe" [2007-09-17 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 35328]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [2007-09-24 566560]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 69120]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 9446]
S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [ ]
S1 wfcxacap;WinFast TV PCI Audio Capture Driver;C:\WINDOWS\system32\DRIVERS\wfcxacap.sys [2006-10-23 9856]
S2 wfcxatun;WinFast TV Analog Tuner Driver;C:\WINDOWS\system32\drivers\wfcxatun.sys [2006-10-23 31616]
S2 WFCXVCAP;WinFast TV Video Capture Driver;C:\WINDOWS\system32\drivers\wfcxvcap.sys [2006-10-23 167424]
S3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 18432]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [ ]
S3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;C:\WINDOWS\system32\drivers\wfcxdtun.sys [2006-10-23 21248]
S3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;C:\WINDOWS\system32\drivers\wfcxtcap.sys [2006-10-23 15872]
S3 wfcxxbar;WinFast TV Crossbar Driver;C:\WINDOWS\system32\drivers\wfcxxbar.sys [2006-10-23 10496]
.
Obsah adresáře 'Naplánované úlohy'
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-adsnwi - C:\WINDOWS\System32\adsnwi.exe
Notify-WgaLogon - (no file)


.
------- Doplňkový sken -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.atlas.cz/?from=icqhp
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 12:37:40
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Celkový čas: 2008-09-28 12:46:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-09-28 10:45:58

Před spuštěním: 2˙057˙105˙408
Po spuštění: 1,981,992,960

163 --- E O F --- 2008-09-19 12:15:58
Nahoru
MaFire
nováček
Příspěvky: 22
Registrován: září 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Moc prosím o kontrolu logu z HJT

Příspěvekod MaFire » 28 zář 2008 13:00

První "malý" log z GMERU:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-09-28 12:50:47
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwEnumerateKey [0xBA6DCC7E]
SSDT sptd.sys ZwEnumerateValueKey [0xBA6DCFF6]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB5BA79AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB5BA7958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB5BA796C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB5BA7A59]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB5BA7A85]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB5BA79EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB5BA7B1D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB5BA7930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB5BA7944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB5BA79BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB5BA7AC7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB5BA7A6F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB5BA7B45]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB5BA7B31]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB5BA7996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB5BA7982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB5BA7A19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB5BA7B07]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB5BA7A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB5BA79D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8A5B3450

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.14 ----
Nahoru
MaFire
nováček
Příspěvky: 22
Registrován: září 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Moc prosím o kontrolu logu z HJT

Příspěvekod MaFire » 28 zář 2008 13:10

Velký log z GMERU (první část, do jednoho příspěvku se nevešel):


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-09-28 12:59:52
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwCreateKey [0xBA6DCB3A]
SSDT sptd.sys ZwEnumerateKey [0xBA6DCC7E]
SSDT sptd.sys ZwEnumerateValueKey [0xBA6DCFF6]
SSDT sptd.sys ZwOpenKey [0xBA6DCA18]
SSDT sptd.sys ZwQueryKey [0xBA6DD0C0]
SSDT sptd.sys ZwQueryValueKey [0xBA6DCF58]
SSDT sptd.sys ZwSetValueKey [0xBA6DD148]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB5BA79AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB5BA7958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB5BA796C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB5BA7A59]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB5BA7A85]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB5BA79EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB5BA7B1D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB5BA7930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB5BA7944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB5BA79BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB5BA7AC7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB5BA7A6F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB5BA7B45]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB5BA7B31]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB5BA7996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB5BA7982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB5BA7A19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB5BA7B07]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB5BA7A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB5BA79D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwYieldExecution 80503FC8 7 Bytes JMP B5BA79D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? C:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
? C:\WINDOWS\System32\Drivers\SPTD0221.SYS Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
? Combo-Fix.sys Systém nemůže nalézt uvedený soubor. !
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 B92E04D0 16 Bytes [ BC, 0D, 5D, D1, B6, F9, 4F, ... ]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 B92E04E1 31 Bytes [ F0, 2D, B9, F5, 92, 82, 8F, ... ]
? C:\WINDOWS\System32\Drivers\dtscsi.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
? C:\ComboFix\catchme.sys Systém nemůže nalézt uvedenou cestu. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008A0FEF
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008A0F85
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008A0084
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008A0073
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008A0058
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008A002C
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008A0F63
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008A00AB
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008A00E1
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008A0F3E
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 008A00FC
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 008A0047
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 008A000A
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 008A0F74
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 008A0FC0
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 008A001B
.text C:\WINDOWS\System32\svchost.exe[296] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 008A00BC
.text C:\WINDOWS\System32\svchost.exe[296] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 00890047
.text C:\WINDOWS\System32\svchost.exe[296] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 0089007D
.text C:\WINDOWS\System32\svchost.exe[296] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 0089002C
.text C:\WINDOWS\System32\svchost.exe[296] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 0089001B
.text C:\WINDOWS\System32\svchost.exe[296] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00890062
.text C:\WINDOWS\System32\svchost.exe[296] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 00890FC0
.text C:\WINDOWS\System32\svchost.exe[296] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 0089000A
.text C:\WINDOWS\System32\svchost.exe[296] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 00890FDB
.text C:\WINDOWS\System32\svchost.exe[296] WS2_32.dll!socket 71A93B91 5 Bytes JMP 007C000A
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00800FEF
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00800089
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00800F94
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00800FA5
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00800058
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0080002C
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00800F52
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0080009A
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00800F30
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008000BF
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00800F1F
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00800047
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0080000A
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00800F6F
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 0080001B
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00800FD4
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00800F41
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 007B001E
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 007B0F86
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 007B0FC3
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 007B0FD4
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 007B0043
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 007B0FA1
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 007B0FE5
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 007B0FB2
.text C:\WINDOWS\system32\svchost.exe[416] WS2_32.dll!socket 71A93B91 5 Bytes JMP 00780000
.text C:\WINDOWS\system32\svchost.exe[416] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00790FD4
.text C:\WINDOWS\system32\svchost.exe[416] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00790FE5
.text C:\WINDOWS\system32\svchost.exe[416] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00790000
.text C:\WINDOWS\system32\svchost.exe[416] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00790FAD
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 011E0000
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 011E00B1
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 011E008C
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 011E0FB2
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 011E0FC3
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 011E005B
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 011E0F90
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 011E0FA1
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 011E0F53
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 011E0F64
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 011E0F38
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 011E0FD4
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 011E001B
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 011E00C2
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 011E0FE5
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 011E0036
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 011E0F7F
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 011D003D
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 011D0FB6
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 011D0022
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 011D0011
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 011D0FC7
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 011D0069
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 011D0000
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 011D004E
.text C:\WINDOWS\system32\svchost.exe[1068] WS2_32.dll!socket 71A93B91 5 Bytes JMP 011B0FEF
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00070F65
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070064
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00070053
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00070036
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 0007009C
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00070F54
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00070F1E
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 000700B7
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00070EF9
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00070F94
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0007007F
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00070FAF
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[1356] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070F39
.text C:\WINDOWS\system32\services.exe[1356] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 00060FC3
.text C:\WINDOWS\system32\services.exe[1356] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00060F8D
.text C:\WINDOWS\system32\services.exe[1356] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 00060FDE
.text C:\WINDOWS\system32\services.exe[1356] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[1356] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 0006004A
.text C:\WINDOWS\system32\services.exe[1356] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 0006002F
.text C:\WINDOWS\system32\services.exe[1356] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[1356] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 00060FA8
.text C:\WINDOWS\system32\services.exe[1356] WS2_32.dll!socket 71A93B91 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00FF006E
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00FF0F83
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00FF0F94
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00FF0051
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00FF0FB9
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00FF0F30
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00FF0F41
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00FF00A4
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00FF0089
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00FF0EF0
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00FF0036
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00FF0FE5
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00FF0F5E
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00FF001B
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00FF0FD4
.text C:\WINDOWS\system32\lsass.exe[1368] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00FF0F15
.text C:\WINDOWS\system32\lsass.exe[1368] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 00FE0022
.text C:\WINDOWS\system32\lsass.exe[1368] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00FE0047
.text C:\WINDOWS\system32\lsass.exe[1368] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 00FE0011
.text C:\WINDOWS\system32\lsass.exe[1368] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\lsass.exe[1368] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00FE0F8A
.text C:\WINDOWS\system32\lsass.exe[1368] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 00FE0FAF
.text C:\WINDOWS\system32\lsass.exe[1368] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\lsass.exe[1368] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 00FE0FC0
.text C:\WINDOWS\system32\lsass.exe[1368] WS2_32.dll!socket 71A93B91 5 Bytes JMP 00E80FEF
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00BE0089
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00BE0F94
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00BE006C
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00BE005B
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00BE0039
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00BE0F72
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00BE0F83
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00BE0F35
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00BE0F46
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00BE00E9
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00BE004A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00BE00AE
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00BE0FC3
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00BE0FD4
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00BE0F61
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 00BD0FD4
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00BD0087
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 00BD001B
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00BD006C
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 00BD005B
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 00BD0040
.text C:\WINDOWS\system32\svchost.exe[1544] WS2_32.dll!socket 71A93B91 5 Bytes JMP 00BB000A
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A50FEF
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A5007F
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A5006E
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A5005D
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A50036
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A50F9E
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A50F52
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A5009A
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A50F26
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A50F41
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00A50F0B
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00A5001B
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00A50FDE
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00A50F79
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00A5000A
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00A50FB9
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00A500BF
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 00A40FB9
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00A40F9E
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 00A40FCA
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 00A40000
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00A4005B
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 00A40036
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 00A40025
.text C:\WINDOWS\system32\svchost.exe[1604] WS2_32.dll!socket 71A93B91 5 Bytes JMP 00A20FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1808] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1808] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 03750FEF
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 03750040
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 03750025
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 03750F4B
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 03750F68
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 03750F94
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 03750F30
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0375006C
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 03750093
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 03750F04
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 037500B8
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 03750F79
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 03750000
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0375005B
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 03750FB9
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 03750FCA
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 03750F1F
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 0374005B
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 03740FE5
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 03740036
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 0374001B
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 037400A2
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 03740091
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 03740000
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 03740076
.text C:\WINDOWS\System32\svchost.exe[1856] WS2_32.dll!socket 71A93B91 5 Bytes JMP 02D30FEF
.text C:\WINDOWS\System32\svchost.exe[1856] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 02DD0FDE
.text C:\WINDOWS\System32\svchost.exe[1856] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 02DD0FEF
.text C:\WINDOWS\System32\svchost.exe[1856] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 02DD0FCD
.text C:\WINDOWS\System32\svchost.exe[1856] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 02DD0FB0
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A004C
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F57
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0F72
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0F83
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0025
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0082
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0F3A
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A00AE
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F15
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A00BF
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A0F94
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A0FDE
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A0071
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A0014
.text C:\WINDOWS\explorer.exe[2796] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A0093
.text C:\WINDOWS\explorer.exe[2796] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 002D002F
.text C:\WINDOWS\explorer.exe[2796] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 002D0FA8
.text C:\WINDOWS\explorer.exe[2796] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 002D0FD4
.text C:\WINDOWS\explorer.exe[2796] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 002D0FE5
.text C:\WINDOWS\explorer.exe[2796] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 002D0065
.text C:\WINDOWS\explorer.exe[2796] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 002D004A
.text C:\WINDOWS\explorer.exe[2796] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 002D0000
.text C:\WINDOWS\explorer.exe[2796] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 002D0FC3
.text C:\WINDOWS\explorer.exe[2796] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 00300000
.text C:\WINDOWS\explorer.exe[2796] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00300FE5
.text C:\WINDOWS\explorer.exe[2796] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 0030001D
.text C:\WINDOWS\explorer.exe[2796] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00300038
.text C:\WINDOWS\explorer.exe[2796] WS2_32.dll!socket 71A93B91 5 Bytes JMP 00E7000A
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0000
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F7C
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F8D
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0FA8
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0FB9
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0040
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A00C4
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A00A7
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0F46
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F57
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A00F0
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A0051
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A0FE5
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A008C
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A0FD4
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A001B
.text C:\Program Files\Messenger\msmsgs.exe[3984] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A00DF
.text C:\Program Files\Messenger\msmsgs.exe[3984] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 002E0FE5
.text C:\Program Files\Messenger\msmsgs.exe[3984] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 002E0098
.text C:\Program Files\Messenger\msmsgs.exe[3984] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 002E0040
.text C:\Program Files\Messenger\msmsgs.exe[3984] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 002E0025
.text C:\Program Files\Messenger\msmsgs.exe[3984] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 002E007D
.text C:\Program Files\Messenger\msmsgs.exe[3984] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 002E006C
.text C:\Program Files\Messenger\msmsgs.exe[3984] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 002E000A
.text C:\Program Files\Messenger\msmsgs.exe[3984] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 002E0051
.text C:\Program Files\Messenger\msmsgs.exe[3984] WS2_32.dll!socket 71A93B91 5 Bytes JMP 002F0FEF
.text C:\Program Files\Messenger\msmsgs.exe[3984] WININET.dll!InternetOpenW 771AAED5 5 Bytes JMP 0030001B
.text C:\Program Files\Messenger\msmsgs.exe[3984] WININET.dll!InternetOpenA 771B574E 5 Bytes JMP 00300000
.text C:\Program Files\Messenger\msmsgs.exe[3984] WININET.dll!InternetOpenUrlA 771B5A01 5 Bytes JMP 00300FE5
.text C:\Program Files\Messenger\msmsgs.exe[3984] WININET.dll!InternetOpenUrlW 771C5B4A 5 Bytes JMP 00300038

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6D8A32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6D8B6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6D8AF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6D96CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6D95A2] sptd.sys
Nahoru
MaFire
nováček
Příspěvky: 22
Registrován: září 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Moc prosím o kontrolu logu z HJT

Příspěvekod MaFire » 28 zář 2008 13:11

Druhá část logu z GMERu


---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8A5B3450

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{D8E80890-7A03-424A-A340-B1B6B7E4C626} 8971C728

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5B3EB0
Device \Driver\dmio \Device\DmControl\DmConfig 8A5B3EB0
Device \Driver\dmio \Device\DmControl\DmPnP 8A5B3EB0
Device \Driver\dmio \Device\DmControl\DmInfo 8A5B3EB0
Device \Driver\00000047 \Device\00000060 sptd.sys

AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5B30E8
Device \Driver\Cdrom \Device\CdRom0 8A38A1D8
Device \FileSystem\Rdbss \Device\FsWrap 8A1DA228
Device \Driver\Cdrom \Device\CdRom1 8A38A1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetBt_Wins_Export 8971C728
Device \Driver\NetBT \Device\NetbiosSmb 8971C728
Device \Driver\NetBT \Device\NetBT_Tcpip_{7E697649-FE31-4050-853B-5C07B1A6A36C} 8971C728
Device \Driver\NetBT \Device\NetBT_Tcpip_{402EC693-50A4-41BF-8EAB-1760228A7606} 8971C728

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\Disk \Device\Harddisk0\DR0 8A5B3708

AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\nvata \Device\NvAta0 8A5B39C0
Device \Driver\nvata \Device\NvAta0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 890CC878
Device \Driver\nvata \Device\NvAta1 8A5B39C0
Device \Driver\nvata \Device\NvAta1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 890CC878
Device \Driver\nvata \Device\NvAta2 8A5B39C0
Device \Driver\nvata \Device\NvAta2 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Npfs \Device\NamedPipe 8A0F51E8
Device \Driver\Ftdisk \Device\FtControl 8A5B30E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{88E6DBCF-E62B-4C2C-A596-E5D24CFAE78B} 8971C728
Device \FileSystem\Msfs \Device\Mailslot 8A0548C0
Device \Driver\nvata \Device\0000008a 8A5B39C0
Device \Driver\nvata \Device\0000008a sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 8A1B77B0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\dtscsi \Device\Scsi\dtscsi1 8A1B77B0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Cdfs \Cdfs 8A3E1AE0

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 -672785286
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 735598520
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1954479627
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE0 0x33 0x1C 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCB 0xF5 0xB5 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x59 0x98 0x88 0x61 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE0 0x33 0x1C 0xF9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCB 0xF5 0xB5 0x9B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x41 0x24 0xE6 0x32 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE0 0x33 0x1C 0xF9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCB 0xF5 0xB5 0x9B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x59 0x98 0x88 0x61 ...

---- EOF - GMER 1.0.14 ----
Nahoru
Uživatelský avatar
zlobyl
Tvůrce článků
Level 4.5
Level 4.5
Příspěvky: 1760
Registrován: duben 06
Bydliště: Slaný
Pohlaví: Nespecifikováno
Stav:
Offline
Kontakt:
Kontaktovat uživatele zlobyl

Re: Moc prosím o kontrolu logu z HJT

Příspěvekod zlobyl » 05 říj 2008 10:31

Použij v ComboFixu script:

Zkopíruj si následující text do poznámkového bloku (Start-Spustit-Notepad) a ulož ho na Plochu jako CFScript.txt.
(nepoužívej funkci Vybrat vše!)

Kód: Vybrat vše

Folder::
C:\Program Files\Save

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WhenUSave"=-


Pak tento soubor přetáhni na ikonu ComboFixu a pusť.(předpokládám, že máš ComboFix také na ploše)

Obrázek

Pak sem dej log, který ti z něj vyleze.


A dále provedeme kontrolu paměti-stáhni si memtest.Z archivu vybal soubor s příponou ISO a z něho vypal CD (soubor nerozbaluj, ale např. v Neru použij volbu Vypálit obraz na CD).Toto CD je bootovací, takže ho stačí nechat při najíždění v mechanice.
Test se spustí automaticky a bude probíhat cyklicky až do přerušení.Nech ho proběhnout alespoň 2x.
Prosím, omluvte mou častou nepřítomnost na fóru.Bohužel jsou věci, které člověk nemůže ovlivnit a já tudíž nemám moc času, abych se sem dostal.Budu se snažit tady být vždy, když to bude možné, ale nic zaručit nemohu.Je mi to líto.
Nahoru
Odpovědět

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 18 hostů