som zúfala...Samozrejme,ked to nasurovo vypnem a zapnem a chcem ísť do NR, žiadna reakcia na f8, nabehne normal win a mrzne a mrzne
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zas*atý mini NB
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Kengurinka
- Návštěvník
- Příspěvky: 9
- Registrován: 31 pro 2006 00:39
- Bydliště: SK-
Zas*atý mini NB
Zdravim, nutne potrebujem pomoc..dúfam že sa bude dat takto cez net lebo nemam prachy nosit NB do servisu, kde aj tak bez zalohovania len preinštalujú windows. Problém je v tom, že som ešte tesne pred nainštalovaním AVP surfovala kadetade..ano boli to potencionálne nebezpečne stránky, kt.mohli obsahovať malware atd.Hned po tom som nainštalovala Bitdefender-trial,myslím, že ešte pred tým som mala zapnutý Outpost(training mode).PC sa nedal reštartovať ani vypnuť cez štart, tak som ho vypla na surovo. Na druhý deň sa po zapnutí sekalo všetko, na net sa dostat nedá lebo zamrza vobec zapnutie mozilly, úplne všetko zamrza...strašne dlho ukončuje/otvára programy ak vôbec-napíše program nelze ukončit a ani po ukončit hned, nič nejde...ešte ako tak som megadlho robila test pomocou bitDefender a SaS (ktoré inak trvajú o hodinu menej) našlo 4infik.prg. aj to len adaware cookies...ponuka štart po kliknutí zamrzne a nejde s tým pohnuť,tlačitko windows nereaguje,reštart tlačítko nemám a ked krátko podržím vypínacie tlačitko na reštart, furt ukončuje nejaké programy a potom NIČ..nemôžem Vám poskytnúť ani logy,nič...kedže zamrza ked chcem ist na net som zúfala...Samozrejme,ked to nasurovo vypnem a zapnem a chcem ísť do NR, žiadna reakcia na f8, nabehne normal win a mrzne a mrzne
som zúfala...Samozrejme,ked to nasurovo vypnem a zapnem a chcem ísť do NR, žiadna reakcia na f8, nabehne normal win a mrzne a mrzne-
1danab
- Nováček
- Příspěvky: 1412
- Registrován: 21 říj 2007 13:04
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Zas*atý mini NB
zdravím 
máte možnost stáhnout cokoliv na jiném pc a přenést to pomocí flash disku na infikovaný pc?
máte možnost stáhnout cokoliv na jiném pc a přenést to pomocí flash disku na infikovaný pc?
-
Kengurinka
- Návštěvník
- Příspěvky: 9
- Registrován: 31 pro 2006 00:39
- Bydliště: SK-
Re: Zas*atý mini NB
Noo taká možnosť tu je..už len aby to ten zasekovací NB prijal,nainštaloval a tak..ale skusila by som to
-
1danab
- Nováček
- Příspěvky: 1412
- Registrován: 21 říj 2007 13:04
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Zas*atý mini NB
dobře, zkusíme to 
z mého podpisu stáhněte RSIT rovnou na flash disk, nakopírujte do infikovaného pc, spusťte dle návodu, vygenerovný log uložte opět na flash disk a jeho obsah zkopírujte sem
z mého podpisu stáhněte RSIT rovnou na flash disk, nakopírujte do infikovaného pc, spusťte dle návodu, vygenerovný log uložte opět na flash disk a jeho obsah zkopírujte sem
-
Kengurinka
- Návštěvník
- Příspěvky: 9
- Registrován: 31 pro 2006 00:39
- Bydliště: SK-
Re: Zas*atý mini NB
ja idem na to len to trošku asi potrvá..kým mi ten maly vygeneruje dajaky log..ale hned potom ho tu hodim ..teda ak to pojde všetko...dam vediet
-
1danab
- Nováček
- Příspěvky: 1412
- Registrován: 21 říj 2007 13:04
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Zas*atý mini NB
jasně v pohodě a v klidu, máme na to spoustu času
-
Kengurinka
- Návštěvník
- Příspěvky: 9
- Registrován: 31 pro 2006 00:39
- Bydliště: SK-
Re: Zas*atý mini NB
tak tu niečo mám..do tretice sa mi to podarilo, lebo 2x ho pri robení logu rebootlo a potom napísalo že system bol obnoveny po závažnej chybe
Logfile of random's system information tool 1.07 (written by random/random)
Run by SUN at 2010-06-08 22:12:19
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 137 GB (90%) free of 153 GB
Total RAM: 1014 MB (44% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:23:11, on 8. 6. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\RSIT.exe
C:\Program Files\trend micro\SUN.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.maxiwe.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.maxiwe.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.maxiwe.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbReg1.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbReg1.dll
O3 - Toolbar: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbReg1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [OutpostMonitor] "C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Security Suite Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Security Suite Pro\ie_bar.dll
O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?CZ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com/ig/redirectdomain ... &bmod=TSED
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6863963146
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
--
End of file - 9218 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Připomenutí registrace 1.job
C:\WINDOWS\tasks\Připomenutí registrace 2.job
C:\WINDOWS\tasks\Připomenutí registrace 3.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]
Reganam Toolbar - C:\Program Files\Reganam\tbReg1.dll [2010-04-22 2349080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{db9d7a78-a76c-4bf2-97c6-258925ee1542} - Reganam Toolbar - C:\Program Files\Reganam\tbReg1.dll [2010-04-22 2349080]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll [2009-10-20 128832]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-08-12 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-08-12 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-08-12 131072]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-09-11 16851456]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-13 1024000]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"NDSTray.exe"=NDSTray.exe []
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2008-09-05 393216]
"DDWMon"=C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [2007-04-26 495616]
"CFSServ.exe"=CFSServ.exe -NoClient []
"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2010-01-14 2446984]
"OutpostFeedBack"=C:\Program Files\Agnitum\Outpost Security Suite Pro\feedback.exe [2010-01-13 439288]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe [2009-10-19 71152]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe [2010-03-18 1123360]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-09-02 25623336]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-12-16 2002160]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2008-08-19 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
C:\Program Files\Google\Google EULA\\GoogleEULALauncher.exe [2008-08-29 20480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2008-09-10 143360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Online Product Information]
C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2008-09-08 5567800]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\progra~1\agnitum\outpos~1\wl_hook.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-08-12 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"="C:\Program Files\Toshiba\ConfigFree\NDSTray.exe:*:Enabled:ConfigFree(TM) Tray"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-06-08 21:41:21 ----D---- C:\WINDOWS\Minidump
2010-06-07 00:22:03 ----D---- C:\Documents and Settings\SUN\Data aplikací\BitDefender
2010-06-06 22:41:16 ----D---- C:\WINDOWS\system32\Filt
2010-06-06 22:41:16 ----D---- C:\Program Files\Agnitum
2010-06-06 22:41:16 ----D---- C:\Documents and Settings\SUN\Data aplikací\Agnitum
2010-06-06 22:40:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Agnitum
2010-06-03 17:02:25 ----A---- C:\bdlog.txt
2010-06-03 16:38:56 ----A---- C:\pcversion.txt
2010-06-03 16:24:44 ----D---- C:\Program Files\BitDefender
2010-06-03 16:24:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\BitDefender
2010-06-03 16:23:38 ----D---- C:\Program Files\Common Files\BitDefender
2010-06-03 15:21:06 ----SHD---- C:\Config.Msi
2010-06-03 15:14:31 ----D---- C:\Documents and Settings\SUN\Data aplikací\URSoft
2010-06-03 15:14:29 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-06-03 15:14:23 ----D---- C:\Program Files\Your Uninstaller 2010
2010-05-26 13:05:22 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-05-15 02:06:02 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
======List of files/folders modified in the last 1 months======
2010-06-08 22:23:11 ----D---- C:\Program Files\trend micro
2010-06-08 22:04:13 ----D---- C:\WINDOWS\temp
2010-06-08 22:01:34 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-08 21:57:56 ----D---- C:\WINDOWS
2010-06-08 21:50:01 ----AD---- C:\WINDOWS\system32
2010-06-08 21:44:51 ----D---- C:\Documents and Settings\SUN\Data aplikací\Skype
2010-06-08 17:58:44 ----D---- C:\Documents and Settings\SUN\Data aplikací\skypePM
2010-06-08 17:56:48 ----HD---- C:\WINDOWS\inf
2010-06-08 13:33:06 ----D---- C:\WINDOWS\system32\config
2010-06-08 13:33:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-08 13:19:47 ----D---- C:\Program Files\Mozilla Firefox
2010-06-07 00:24:07 ----SHD---- C:\WINDOWS\Installer
2010-06-07 00:23:28 ----D---- C:\WINDOWS\system32\drivers
2010-06-06 22:42:08 ----D---- C:\WINDOWS\WinSxS
2010-06-06 22:41:16 ----RD---- C:\Program Files
2010-06-06 22:24:43 ----D---- C:\Program Files\3GP Player 2009
2010-06-06 22:24:03 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-06-06 21:54:30 ----D---- C:\Program Files\Reganam
2010-06-06 21:48:48 ----D---- C:\WINDOWS\repair
2010-06-03 17:02:34 ----D---- C:\WINDOWS\Prefetch
2010-06-03 16:23:38 ----D---- C:\Program Files\Common Files
2010-06-03 15:21:07 ----RD---- C:\Program Files\Skype
2010-06-02 01:34:08 ----D---- C:\Documents and Settings\SUN\Data aplikací\ICQ
2010-05-15 02:06:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-15 02:06:04 ----D---- C:\Program Files\Outlook Express
2010-05-12 18:42:26 ----HD---- C:\WINDOWS\$hf_mig$
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SandBox;SandBox; \??\C:\WINDOWS\system32\drivers\SandBox.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2008-07-16 64000]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 tdudf;TOSHIBA UDF File System Driver; C:\WINDOWS\system32\DRIVERS\tdudf.sys [2007-03-26 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver; C:\WINDOWS\system32\DRIVERS\trudf.sys [2007-02-19 134016]
R3 afw;Agnitum firewall driver; C:\WINDOWS\system32\DRIVERS\afw.sys [2009-02-18 31128]
R3 afwcore;afwcore; C:\WINDOWS\system32\drivers\afwcore.sys [2009-11-02 257304]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2009-05-25 1503840]
R3 ASWFilt;ASWFilt; \??\C:\WINDOWS\system32\Filt\ASWFilt.dll []
R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2010-02-03 153448]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys []
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 FwLnk;FwLnk Driver; C:\WINDOWS\system32\DRIVERS\FwLnk.sys [2007-04-04 5888]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-08-12 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-09-11 4813312]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RTS5121.sys [2008-09-04 157696]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-08-13 106368]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-08-13 220032]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2008-03-25 41472]
R3 tosrfec;Bluetooth ACPI; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;Chicony USB 2.0 Camera; C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 UVCFTR;UVCFTR; C:\WINDOWS\System32\Drivers\UVCFTR_S.SYS [2008-07-15 17960]
R3 VBEngNT;VBEngNT; \??\C:\WINDOWS\system32\drivers\VBEngNT.sys []
R3 VBFilt;VBFilt; \??\C:\WINDOWS\system32\Filt\VBFilt.dll []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 acmawnr9;acmawnr9; C:\WINDOWS\system32\drivers\acmawnr9.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 Rts516xIR;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2008-07-18 131840]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2008-03-19 74112]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2008-08-04 54272]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2008-06-27 41728]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\Rts5161ccid.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2010-01-14 1356184]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2010-01-11 308552]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe [2008-08-29 33792]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-08-26 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\WINDOWS\system32\TODDSrv.exe [2007-11-21 129632]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2008-05-22 120168]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe [2010-04-26 1615688]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Logfile of random's system information tool 1.07 (written by random/random)
Run by SUN at 2010-06-08 22:12:19
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 137 GB (90%) free of 153 GB
Total RAM: 1014 MB (44% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:23:11, on 8. 6. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\RSIT.exe
C:\Program Files\trend micro\SUN.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.maxiwe.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.maxiwe.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.maxiwe.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbReg1.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbReg1.dll
O3 - Toolbar: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbReg1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [OutpostMonitor] "C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Security Suite Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Security Suite Pro\ie_bar.dll
O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?CZ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com/ig/redirectdomain ... &bmod=TSED
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6863963146
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
--
End of file - 9218 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Připomenutí registrace 1.job
C:\WINDOWS\tasks\Připomenutí registrace 2.job
C:\WINDOWS\tasks\Připomenutí registrace 3.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]
Reganam Toolbar - C:\Program Files\Reganam\tbReg1.dll [2010-04-22 2349080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{db9d7a78-a76c-4bf2-97c6-258925ee1542} - Reganam Toolbar - C:\Program Files\Reganam\tbReg1.dll [2010-04-22 2349080]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll [2009-10-20 128832]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-08-12 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-08-12 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-08-12 131072]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-09-11 16851456]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-13 1024000]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"NDSTray.exe"=NDSTray.exe []
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2008-09-05 393216]
"DDWMon"=C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [2007-04-26 495616]
"CFSServ.exe"=CFSServ.exe -NoClient []
"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2010-01-14 2446984]
"OutpostFeedBack"=C:\Program Files\Agnitum\Outpost Security Suite Pro\feedback.exe [2010-01-13 439288]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe [2009-10-19 71152]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe [2010-03-18 1123360]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-09-02 25623336]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-12-16 2002160]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2008-08-19 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
C:\Program Files\Google\Google EULA\\GoogleEULALauncher.exe [2008-08-29 20480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2008-09-10 143360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Online Product Information]
C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2008-09-08 5567800]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\progra~1\agnitum\outpos~1\wl_hook.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-08-12 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"="C:\Program Files\Toshiba\ConfigFree\NDSTray.exe:*:Enabled:ConfigFree(TM) Tray"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-06-08 21:41:21 ----D---- C:\WINDOWS\Minidump
2010-06-07 00:22:03 ----D---- C:\Documents and Settings\SUN\Data aplikací\BitDefender
2010-06-06 22:41:16 ----D---- C:\WINDOWS\system32\Filt
2010-06-06 22:41:16 ----D---- C:\Program Files\Agnitum
2010-06-06 22:41:16 ----D---- C:\Documents and Settings\SUN\Data aplikací\Agnitum
2010-06-06 22:40:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Agnitum
2010-06-03 17:02:25 ----A---- C:\bdlog.txt
2010-06-03 16:38:56 ----A---- C:\pcversion.txt
2010-06-03 16:24:44 ----D---- C:\Program Files\BitDefender
2010-06-03 16:24:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\BitDefender
2010-06-03 16:23:38 ----D---- C:\Program Files\Common Files\BitDefender
2010-06-03 15:21:06 ----SHD---- C:\Config.Msi
2010-06-03 15:14:31 ----D---- C:\Documents and Settings\SUN\Data aplikací\URSoft
2010-06-03 15:14:29 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-06-03 15:14:23 ----D---- C:\Program Files\Your Uninstaller 2010
2010-05-26 13:05:22 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-05-15 02:06:02 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
======List of files/folders modified in the last 1 months======
2010-06-08 22:23:11 ----D---- C:\Program Files\trend micro
2010-06-08 22:04:13 ----D---- C:\WINDOWS\temp
2010-06-08 22:01:34 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-08 21:57:56 ----D---- C:\WINDOWS
2010-06-08 21:50:01 ----AD---- C:\WINDOWS\system32
2010-06-08 21:44:51 ----D---- C:\Documents and Settings\SUN\Data aplikací\Skype
2010-06-08 17:58:44 ----D---- C:\Documents and Settings\SUN\Data aplikací\skypePM
2010-06-08 17:56:48 ----HD---- C:\WINDOWS\inf
2010-06-08 13:33:06 ----D---- C:\WINDOWS\system32\config
2010-06-08 13:33:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-08 13:19:47 ----D---- C:\Program Files\Mozilla Firefox
2010-06-07 00:24:07 ----SHD---- C:\WINDOWS\Installer
2010-06-07 00:23:28 ----D---- C:\WINDOWS\system32\drivers
2010-06-06 22:42:08 ----D---- C:\WINDOWS\WinSxS
2010-06-06 22:41:16 ----RD---- C:\Program Files
2010-06-06 22:24:43 ----D---- C:\Program Files\3GP Player 2009
2010-06-06 22:24:03 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-06-06 21:54:30 ----D---- C:\Program Files\Reganam
2010-06-06 21:48:48 ----D---- C:\WINDOWS\repair
2010-06-03 17:02:34 ----D---- C:\WINDOWS\Prefetch
2010-06-03 16:23:38 ----D---- C:\Program Files\Common Files
2010-06-03 15:21:07 ----RD---- C:\Program Files\Skype
2010-06-02 01:34:08 ----D---- C:\Documents and Settings\SUN\Data aplikací\ICQ
2010-05-15 02:06:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-15 02:06:04 ----D---- C:\Program Files\Outlook Express
2010-05-12 18:42:26 ----HD---- C:\WINDOWS\$hf_mig$
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SandBox;SandBox; \??\C:\WINDOWS\system32\drivers\SandBox.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2008-07-16 64000]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 tdudf;TOSHIBA UDF File System Driver; C:\WINDOWS\system32\DRIVERS\tdudf.sys [2007-03-26 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver; C:\WINDOWS\system32\DRIVERS\trudf.sys [2007-02-19 134016]
R3 afw;Agnitum firewall driver; C:\WINDOWS\system32\DRIVERS\afw.sys [2009-02-18 31128]
R3 afwcore;afwcore; C:\WINDOWS\system32\drivers\afwcore.sys [2009-11-02 257304]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2009-05-25 1503840]
R3 ASWFilt;ASWFilt; \??\C:\WINDOWS\system32\Filt\ASWFilt.dll []
R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2010-02-03 153448]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys []
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 FwLnk;FwLnk Driver; C:\WINDOWS\system32\DRIVERS\FwLnk.sys [2007-04-04 5888]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-08-12 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-09-11 4813312]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RTS5121.sys [2008-09-04 157696]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-08-13 106368]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-08-13 220032]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2008-03-25 41472]
R3 tosrfec;Bluetooth ACPI; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;Chicony USB 2.0 Camera; C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 UVCFTR;UVCFTR; C:\WINDOWS\System32\Drivers\UVCFTR_S.SYS [2008-07-15 17960]
R3 VBEngNT;VBEngNT; \??\C:\WINDOWS\system32\drivers\VBEngNT.sys []
R3 VBFilt;VBFilt; \??\C:\WINDOWS\system32\Filt\VBFilt.dll []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 acmawnr9;acmawnr9; C:\WINDOWS\system32\drivers\acmawnr9.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 Rts516xIR;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2008-07-18 131840]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2008-03-19 74112]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2008-08-04 54272]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2008-06-27 41728]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\Rts5161ccid.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2010-01-14 1356184]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2010-01-11 308552]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe [2008-08-29 33792]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-08-26 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\WINDOWS\system32\TODDSrv.exe [2007-11-21 129632]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2008-05-22 120168]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe [2010-04-26 1615688]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
-
1danab
- Nováček
- Příspěvky: 1412
- Registrován: 21 říj 2007 13:04
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Zas*atý mini NB
v jakém stavu je noťas teď?
-
Kengurinka
- Návštěvník
- Příspěvky: 9
- Registrován: 31 pro 2006 00:39
- Bydliště: SK-
Re: Zas*atý mini NB
tak je strašne pomaly, mozilla nereaguje vobec, IE sa snaží nabehnut ale mu to nejde, kým stihnem dat vobec niečo vyhladat sekne sa to ..inak doma mame wifi, takže net na tom je vpoho,kedže po štarte nabehne skype aj outpost do onlinu...keď dam napr. zavrieť explorer-už samozrejme neodpovida...a zavrie sa možno za 5min
..inak doma mame wifi, takže net na tom je vpoho,kedže po štarte nabehne skype aj outpost do onlinu...keď dam napr. zavrieť explorer-už samozrejme neodpovida...a zavrie sa možno za 5min-
1danab
- Nováček
- Příspěvky: 1412
- Registrován: 21 říj 2007 13:04
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Zas*atý mini NB
zazálohujte si všechna důležitá data (až je pak budete kopírovat zpět, je třeba je nechat zkontrolovat antivirem) stáhněte GMER , rozbalte a spusťteproběhne sken, po jehož ukončení se zobrazí výsledky
poté klikněte na Save a uložíte tak log, jeho obsah sem vložte
pak dle tohoto návodu absolvujte druhý sken a opět obsah logu sem
(pokud se aplikace nepovede, zkuste to v nouzovém režimu; pokud ani v nouzovém režimu nepůjde, odškrtněte volbu Devices)aplikací Gmeru se pokoušíme zjistit, zda je v systému přítomno svinstvo či ne
(v logu z RSITu není nic škodlivého vidět)-
Kengurinka
- Návštěvník
- Příspěvky: 9
- Registrován: 31 pro 2006 00:39
- Bydliště: SK-
Re: Zas*atý mini NB
nebola som doma tak to trvalo ..ale predsa ...robene v nudzaku...v nudzaku užasne ide net aj všetko inac nie
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-09 01:12:51
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\SUN\LOCALS~1\Temp\awwyqpod.sys
---- System - GMER 1.0.15 ----
SSDT speg.sys ZwEnumerateKey [0xF753ACA4]
SSDT speg.sys ZwEnumerateValueKey [0xF753B032]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 863D71F8
Device \FileSystem\Fastfat \Fat 84A8F1F8
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-09 17:27:21
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\SUN\LOCALS~1\Temp\awwyqpod.sys
---- System - GMER 1.0.15 ----
SSDT spyw.sys ZwCreateKey [0xF751C0E0]
SSDT spyw.sys ZwEnumerateKey [0xF753ACA4]
SSDT spyw.sys ZwEnumerateValueKey [0xF753B032]
SSDT spyw.sys ZwOpenKey [0xF751C0C0]
SSDT spyw.sys ZwQueryKey [0xF753B10A]
SSDT spyw.sys ZwQueryValueKey [0xF753AF8A]
SSDT spyw.sys ZwSetValueKey [0xF753B19C]
INT 0x62 ? 86369BF8
INT 0x63 ? 863D8BF8
INT 0x74 ? 8592EBF8
INT 0x84 ? 8592EBF8
---- Kernel code sections - GMER 1.0.15 ----
? spyw.sys Systém nemůže nalézt uvedený soubor. !
.text C:\WINDOWS\system32\drivers\tos_sps32.sys section is writeable [0xF7228480, 0x3C939, 0xE8000020]
.dsrt C:\WINDOWS\system32\drivers\tos_sps32.sys unknown last section [0xF7269900, 0x3CA, 0x48000040]
.text USBPORT.SYS!DllUnload F6F5E8AC 5 Bytes JMP 8592E1D8
.text azrbbvy2.SYS F6ED8386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text azrbbvy2.SYS F6ED83AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text azrbbvy2.SYS F6ED83C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text azrbbvy2.SYS F6ED83C9 1 Byte [30]
.text azrbbvy2.SYS F6ED83C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[396] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100A45D8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[396] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100A4554 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[396] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100A4580 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[396] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100A4604 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\WinRAR\WinRAR.exe[604] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100A45D8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\WinRAR\WinRAR.exe[604] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100A4554 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\WinRAR\WinRAR.exe[604] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100A4580 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\WinRAR\WinRAR.exe[604] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100A4604 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\DOCUME~1\SUN\LOCALS~1\Temp\Rar$EX00.234\gmer.exe[644] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100A45D8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\DOCUME~1\SUN\LOCALS~1\Temp\Rar$EX00.234\gmer.exe[644] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100A4554 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\DOCUME~1\SUN\LOCALS~1\Temp\Rar$EX00.234\gmer.exe[644] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100A4580 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\DOCUME~1\SUN\LOCALS~1\Temp\Rar$EX00.234\gmer.exe[644] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100A4604 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1000] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100A45D8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1000] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100A4554 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1000] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100A4580 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1000] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100A4604 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1044] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100A45D8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1044] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100A4554 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1044] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100A4580 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1044] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100A4604 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8636B2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F754DC4C] spyw.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F754DCA0] spyw.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F751D042] spyw.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F751D13E] spyw.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F751D0C0] spyw.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F751D800] spyw.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F751D6D6] spyw.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8592E2D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F752CE9C] spyw.sys
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!swprintf] 001CB286
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8186
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C83
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8E868801
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CAA86
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!MmUnmapIoSpace] 80968B00
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IofCompleteRequest] 001C9C96
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IofCallDriver] 001CB986
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] BA86880C
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB86
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C90
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!ObfDereferenceObject] 2266E852
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!ZwClose] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00002254
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoCreateDevice] 00001C98
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 2242E850
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!ZwOpenKey] 1CB4968D
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoStartTimer] 00002230
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoInitializeTimer] 001CBB8E
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CBD8688
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CBB86
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C90
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2202E851
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CAC868D
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!MmUnlockPages] 000021F0
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CBB8E
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CBD8688
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CBB96
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CBD
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CBD
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CBE8E
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC086
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoAllocateIrp] 81E85000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000021
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB88E
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!MmLockPagableDataSection] BC968B00
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CC48E
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!ExFreePoolWithTag] C8968900
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!InitSafeBootMode] CCC68150
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!PoCallDriver] 002157E8
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 863D71F8
Device \FileSystem\Fastfat \FatCdrom 848F41F8
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\NetBT \Device\NetBT_Tcpip_{DEA433D4-B227-49E3-BBB4-60D694A45FD5} 84BE91F8
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\usbuhci \Device\USBPDO-0 8592C1F8
Device \Driver\usbuhci \Device\USBPDO-1 8592C1F8
Device \Driver\usbuhci \Device\USBPDO-2 8592C1F8
Device \Driver\usbehci \Device\USBPDO-3 858FF1F8
Device \Driver\usbuhci \Device\USBPDO-4 8592C1F8
Device \Driver\PCI_PNP0160 \Device\00000056 spyw.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 863D91F8
Device \Driver\Cdrom \Device\CdRom0 85838500
Device \Driver\iaStor \Device\Ide\iaStor0 [F73FCA60] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7496B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [F73FCA60] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\usbstor \Device\00000080 84B741F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 84BE91F8
Device \Driver\NetBT \Device\NetbiosSmb 84BE91F8
Device \Driver\usbuhci \Device\USBFDO-0 8592C1F8
Device \Driver\usbuhci \Device\USBFDO-1 8592C1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 84BEA500
Device \Driver\usbuhci \Device\USBFDO-2 8592C1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 84BEA500
Device \Driver\usbuhci \Device\USBFDO-3 8592C1F8
Device \Driver\usbehci \Device\USBFDO-4 858FF1F8
Device \Driver\Ftdisk \Device\FtControl 863D91F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1C712611-5CF1-4C76-805A-47183BCCC578} 84BE91F8
Device \Driver\sptd \Device\2851365160 spyw.sys
Device \Driver\usbstor \Device\0000007f 84B741F8
Device \Driver\azrbbvy2 \Device\Scsi\azrbbvy21 858F3500
Device \Driver\azrbbvy2 \Device\Scsi\azrbbvy21Port2Path0Target0Lun0 858F3500
Device \FileSystem\Fastfat \Fat 848F41F8
Device \FileSystem\Cdfs \Cdfs 84BC01F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0D 0xEE 0xEB 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x66 0xD4 0xEF 0x60 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB7 0x96 0x3F 0x38 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0D 0xEE 0xEB 0xCC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x66 0xD4 0xEF 0x60 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB7 0x96 0x3F 0x38 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
-\OpenWithProgids@\n\x2584\30_auto_file
---- EOF - GMER 1.0.15 ----
...robene v nudzaku...v nudzaku užasne ide net aj všetko inac nie GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-09 01:12:51
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\SUN\LOCALS~1\Temp\awwyqpod.sys
---- System - GMER 1.0.15 ----
SSDT speg.sys ZwEnumerateKey [0xF753ACA4]
SSDT speg.sys ZwEnumerateValueKey [0xF753B032]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 863D71F8
Device \FileSystem\Fastfat \Fat 84A8F1F8
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-09 17:27:21
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\SUN\LOCALS~1\Temp\awwyqpod.sys
---- System - GMER 1.0.15 ----
SSDT spyw.sys ZwCreateKey [0xF751C0E0]
SSDT spyw.sys ZwEnumerateKey [0xF753ACA4]
SSDT spyw.sys ZwEnumerateValueKey [0xF753B032]
SSDT spyw.sys ZwOpenKey [0xF751C0C0]
SSDT spyw.sys ZwQueryKey [0xF753B10A]
SSDT spyw.sys ZwQueryValueKey [0xF753AF8A]
SSDT spyw.sys ZwSetValueKey [0xF753B19C]
INT 0x62 ? 86369BF8
INT 0x63 ? 863D8BF8
INT 0x74 ? 8592EBF8
INT 0x84 ? 8592EBF8
---- Kernel code sections - GMER 1.0.15 ----
? spyw.sys Systém nemůže nalézt uvedený soubor. !
.text C:\WINDOWS\system32\drivers\tos_sps32.sys section is writeable [0xF7228480, 0x3C939, 0xE8000020]
.dsrt C:\WINDOWS\system32\drivers\tos_sps32.sys unknown last section [0xF7269900, 0x3CA, 0x48000040]
.text USBPORT.SYS!DllUnload F6F5E8AC 5 Bytes JMP 8592E1D8
.text azrbbvy2.SYS F6ED8386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text azrbbvy2.SYS F6ED83AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text azrbbvy2.SYS F6ED83C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text azrbbvy2.SYS F6ED83C9 1 Byte [30]
.text azrbbvy2.SYS F6ED83C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[396] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100A45D8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[396] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100A4554 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[396] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100A4580 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[396] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100A4604 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\WinRAR\WinRAR.exe[604] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100A45D8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\WinRAR\WinRAR.exe[604] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100A4554 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\WinRAR\WinRAR.exe[604] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100A4580 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\WinRAR\WinRAR.exe[604] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100A4604 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\DOCUME~1\SUN\LOCALS~1\Temp\Rar$EX00.234\gmer.exe[644] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100A45D8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\DOCUME~1\SUN\LOCALS~1\Temp\Rar$EX00.234\gmer.exe[644] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100A4554 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\DOCUME~1\SUN\LOCALS~1\Temp\Rar$EX00.234\gmer.exe[644] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100A4580 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\DOCUME~1\SUN\LOCALS~1\Temp\Rar$EX00.234\gmer.exe[644] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100A4604 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1000] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100A45D8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1000] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100A4554 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1000] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100A4580 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1000] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100A4604 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1044] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100A45D8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1044] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100A4554 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1044] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100A4580 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1044] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100A4604 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8636B2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F754DC4C] spyw.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F754DCA0] spyw.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F751D042] spyw.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F751D13E] spyw.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F751D0C0] spyw.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F751D800] spyw.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F751D6D6] spyw.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8592E2D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F752CE9C] spyw.sys
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!swprintf] 001CB286
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8186
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C83
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8E868801
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CAA86
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!MmUnmapIoSpace] 80968B00
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IofCompleteRequest] 001C9C96
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IofCallDriver] 001CB986
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] BA86880C
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB86
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C90
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!ObfDereferenceObject] 2266E852
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!ZwClose] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00002254
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoCreateDevice] 00001C98
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 2242E850
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!ZwOpenKey] 1CB4968D
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoStartTimer] 00002230
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoInitializeTimer] 001CBB8E
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CBD8688
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CBB86
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C90
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2202E851
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CAC868D
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!MmUnlockPages] 000021F0
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CBB8E
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CBD8688
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CBB96
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CBD
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CBD
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CBE8E
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC086
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoAllocateIrp] 81E85000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000021
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB88E
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!MmLockPagableDataSection] BC968B00
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CC48E
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!ExFreePoolWithTag] C8968900
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!InitSafeBootMode] CCC68150
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!PoCallDriver] 002157E8
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\azrbbvy2.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 863D71F8
Device \FileSystem\Fastfat \FatCdrom 848F41F8
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\NetBT \Device\NetBT_Tcpip_{DEA433D4-B227-49E3-BBB4-60D694A45FD5} 84BE91F8
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\usbuhci \Device\USBPDO-0 8592C1F8
Device \Driver\usbuhci \Device\USBPDO-1 8592C1F8
Device \Driver\usbuhci \Device\USBPDO-2 8592C1F8
Device \Driver\usbehci \Device\USBPDO-3 858FF1F8
Device \Driver\usbuhci \Device\USBPDO-4 8592C1F8
Device \Driver\PCI_PNP0160 \Device\00000056 spyw.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 863D91F8
Device \Driver\Cdrom \Device\CdRom0 85838500
Device \Driver\iaStor \Device\Ide\iaStor0 [F73FCA60] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7496B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [F73FCA60] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\usbstor \Device\00000080 84B741F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 84BE91F8
Device \Driver\NetBT \Device\NetbiosSmb 84BE91F8
Device \Driver\usbuhci \Device\USBFDO-0 8592C1F8
Device \Driver\usbuhci \Device\USBFDO-1 8592C1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 84BEA500
Device \Driver\usbuhci \Device\USBFDO-2 8592C1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 84BEA500
Device \Driver\usbuhci \Device\USBFDO-3 8592C1F8
Device \Driver\usbehci \Device\USBFDO-4 858FF1F8
Device \Driver\Ftdisk \Device\FtControl 863D91F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1C712611-5CF1-4C76-805A-47183BCCC578} 84BE91F8
Device \Driver\sptd \Device\2851365160 spyw.sys
Device \Driver\usbstor \Device\0000007f 84B741F8
Device \Driver\azrbbvy2 \Device\Scsi\azrbbvy21 858F3500
Device \Driver\azrbbvy2 \Device\Scsi\azrbbvy21Port2Path0Target0Lun0 858F3500
Device \FileSystem\Fastfat \Fat 848F41F8
Device \FileSystem\Cdfs \Cdfs 84BC01F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0D 0xEE 0xEB 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x66 0xD4 0xEF 0x60 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB7 0x96 0x3F 0x38 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0D 0xEE 0xEB 0xCC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x66 0xD4 0xEF 0x60 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB7 0x96 0x3F 0x38 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
-\OpenWithProgids@\n\x2584\30_auto_file
---- EOF - GMER 1.0.15 ----
-
1danab
- Nováček
- Příspěvky: 1412
- Registrován: 21 říj 2007 13:04
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Zas*atý mini NB
SystemRoot\System32\Drivers\azrbbvy2.SYS otestujte na VIRUSTOTALu
jednoduchý návod: po načtení stránky, kliknout na Procházet, najít cestu k výše zmíněnému souboru a kliknout na tlačítko Odeslat soubor; pokud vyskočí hláška, že soubor byl už testován, ignorujte to a proveďte sken znova; po ukončení skenu sem vložte výsledky buď zkopírováním textu nebo vložením odkazu
zkuste odinstalovat Outpost firewall
jednoduchý návod: po načtení stránky, kliknout na Procházet, najít cestu k výše zmíněnému souboru a kliknout na tlačítko Odeslat soubor; pokud vyskočí hláška, že soubor byl už testován, ignorujte to a proveďte sken znova; po ukončení skenu sem vložte výsledky buď zkopírováním textu nebo vložením odkazu
zkuste odinstalovat Outpost firewall-
Kengurinka
- Návštěvník
- Příspěvky: 9
- Registrován: 31 pro 2006 00:39
- Bydliště: SK-
Re: Zas*atý mini NB
ale ja nwm kde mam hladat systemRoot na C: zrejme ale kde presne?
-
1danab
- Nováček
- Příspěvky: 1412
- Registrován: 21 říj 2007 13:04
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Zas*atý mini NB
C:\Windows\System32\Drivers\azrbbvy2.SYS
-
Kengurinka
- Návštěvník
- Příspěvky: 9
- Registrován: 31 pro 2006 00:39
- Bydliště: SK-
Re: Zas*atý mini NB
azrbbvy2.SYS položka sa tam ale nenachadza :-O...pozerala som,hladala som dookola.....outpost odinštalovaný...idem skusit normal režim
Přispějete na provoz fóra?