Prosim o kontrolu logu

Zpráva

zulo · #16 Příspěvek od **zulo** » 13 zář 2010 16:22

2 cast logu:

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 08:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2009.03.31 17:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2010.04.09 17:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.03.31 13:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Adobe
[2006.11.04 19:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\AdobeUM
[2007.12.04 17:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Ahead
[2006.11.09 17:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Apple Computer
[2007.11.20 16:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\AVG7
[2007.09.20 18:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\BearShare
[2010.04.29 18:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Canneverbe Limited
[2008.07.31 11:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\DAEMON Tools
[2009.01.31 13:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Deckadance
[2010.06.28 19:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\DivX
[2007.05.11 20:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\dvdcss
[2007.12.12 20:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\ESET
[2006.12.26 18:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\ESTSoft
[2009.10.26 18:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Faktury Plus
[2007.09.26 15:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\FreeCommander
[2007.11.01 20:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Google
[2008.04.05 13:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Hamachi
[2007.01.17 20:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Help
[2010.01.23 19:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\HLSW
[2010.09.05 13:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\ICQ
[2008.04.10 19:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\ICQ Toolbar
[2007.09.19 15:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\ICQLite
[2006.11.04 15:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Identities
[2009.12.24 20:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\InstallShield
[2009.12.21 15:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Juce VST Host
[2006.11.28 17:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Leadertech
[2007.10.03 00:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\LimeWire
[2006.12.12 15:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Macromedia
[2009.02.08 20:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Malwarebytes
[2010.09.10 12:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Media Player Classic
[2010.09.09 10:32:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\student\Data aplikací\Microsoft
[2007.11.09 20:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Microsoft Games
[2007.09.24 15:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Mozilla
[2008.02.27 23:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\MRP
[2008.04.16 14:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\MxBoost
[2010.03.31 15:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Nero
[2006.11.11 21:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\NeroVision
[2010.07.08 16:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\OpenOffice.org2
[2009.06.03 19:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Opera
[2007.01.11 21:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\REAPER
[2006.11.06 16:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\SecuROM
[2006.11.05 22:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Sierra
[2007.11.20 15:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Simple Star
[2010.09.05 13:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Skype
[2010.09.05 12:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\skypePM
[2010.01.23 14:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Sony
[2010.01.23 14:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Sony Setup
[2008.01.15 15:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Sun
[2008.01.16 15:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Tank Combat
[2009.06.10 18:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\teamspeak2
[2006.11.26 20:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\temp
[2008.03.26 16:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\TuneUp Software
[2007.08.08 17:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\TVSM
[2008.07.31 13:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Uniblue
[2010.03.27 16:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\URSoft
[2009.06.10 18:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Ventrilo
[2007.04.24 15:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\vlc
[2009.01.10 17:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Vso
[2009.05.19 16:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\WinRAR
[2009.07.16 11:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\wsInspector
[2010.09.05 13:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\Xfire
[2007.09.04 15:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\student\Data aplikací\ZOO Digital Publishing

< %APPDATA%\*.exe /s >
[2009.12.06 16:39:55 | 000,111,928 | ---- | M] () -- C:\Documents and Settings\student\Data aplikací\PnkBstrB.exe
[2008.02.29 21:19:16 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\student\Data aplikací\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
[2010.09.08 15:52:23 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Documents and Settings\student\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2009.12.11 14:23:07 | 000,010,752 | R--- | M] () -- C:\Documents and Settings\student\Data aplikací\Microsoft\Installer\{83F12F73-D52E-40C0-93B1-463C311C4E17}\Icon8255BBAC1.exe
[2009.12.11 14:23:07 | 000,006,144 | R--- | M] () -- C:\Documents and Settings\student\Data aplikací\Microsoft\Installer\{83F12F73-D52E-40C0-93B1-463C311C4E17}\Icon83F12F734.exe
[2009.12.11 14:23:07 | 000,015,360 | R--- | M] () -- C:\Documents and Settings\student\Data aplikací\Microsoft\Installer\{83F12F73-D52E-40C0-93B1-463C311C4E17}\Icon83F12F738.exe
[2010.04.09 17:29:48 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\student\Data aplikací\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe
[2007.08.06 19:36:42 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\student\Data aplikací\Microsoft\Installer\{B75EF7C9-E289-4EEF-8676-B46349F210C2}\ARPPRODUCTICON.exe
[2007.08.06 19:36:42 | 000,053,248 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\student\Data aplikací\Microsoft\Installer\{B75EF7C9-E289-4EEF-8676-B46349F210C2}\NewShortcut11_B75EF7C9E2894EEF8676B46349F210C2.exe
[2007.08.06 19:36:42 | 000,053,248 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\student\Data aplikací\Microsoft\Installer\{B75EF7C9-E289-4EEF-8676-B46349F210C2}\NewShortcut1_B75EF7C9E2894EEF8676B46349F210C2.exe
[2008.02.29 21:19:31 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\student\Data aplikací\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
[2009.12.11 15:12:49 | 000,015,360 | R--- | M] () -- C:\Documents and Settings\student\Data aplikací\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E910.exe
[2009.12.11 15:12:49 | 000,011,264 | R--- | M] () -- C:\Documents and Settings\student\Data aplikací\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E96.exe
[2008.02.29 21:19:09 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\student\Data aplikací\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
[2008.11.30 16:40:49 | 001,357,312 | ---- | M] (MRP Company, s.r.o.) -- C:\Documents and Settings\student\Data aplikací\MRP\NetAgent\SK\Upgrade.exe
[2010.01.23 14:52:17 | 032,494,896 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\student\Data aplikací\Sony Setup\9234765D-29DF-48d0-93FB-284B7B6009B9\QuickTimeInstaller.exe

< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: CDROM.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 15:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.14 00:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.14 00:01:30 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL

< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2008.04.14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\system32\dllcache\changer.sys
[2008.04.14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\system32\drivers\Changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATA.SYS >
[2005.08.18 11:52:06 | 000,093,568 | R--- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: SCECLI.DLL >
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006.11.04 18:02:10 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006.11.04 16:55:09 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2006.11.04 18:02:10 | 010,223,616 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006.11.04 18:02:10 | 002,359,296 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.09.13 14:45:46 | 000,272,431 | ---- | M] () -- C:\WINDOWS\system32\NvApps.xml
[2010.09.13 14:45:56 | 000,002,228 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl

========== Alternate Data Streams ==========

@Alternate Data Stream - 40 bytes -> C:\Documents and Settings\student\Data aplikací:NT
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:B3D74A13
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:1CE11B51
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:05EE1EEF
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:C4252FE0
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:202EF4B1
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8FB6501C
< End of report >

zulo · #17 Příspěvek od **zulo** » 13 zář 2010 16:23

Log z SysProt AntiRootkit:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 744
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 900
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 928
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 1000
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 1012
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\nvsvc32.exe
PID: 1172
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1220
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1296
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1392
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1428
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1608
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1808
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 1832
Hidden: No
Window Visible: No

Name: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PID: 312
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 684
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PID: 716
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\Alwil Software\Avast5\AvastUI.exe
PID: 1488
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\rundll32.exe
PID: 1564
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 1528
Hidden: No
Window Visible: No

Name: C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PID: 3004
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PID: 3064
Hidden: No
Window Visible: No

Name: C:\Program Files\CDBurnerXP\NMSAccessU.exe
PID: 3096
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\PnkBstrA.exe
PID: 3116
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\PnkBstrB.exe
PID: 3128
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PID: 3144
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\snmp.exe
PID: 3208
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 3260
Hidden: No
Window Visible: No

Name: C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PID: 3304
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\UAService7.exe
PID: 3368
Hidden: No
Window Visible: No

Name: C:\Program Files\Opera\opera.exe
PID: 1976
Hidden: No
Window Visible: No

Name: C:\Program Files\WinRAR\WinRAR.exe
PID: 1104
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\student\Plocha\SysProt.exe
PID: 3452
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\student\Plocha\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: F75B7000
Module End: F75C2000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806D0200
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806D1000
Module End: 806F1300
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F7987000
Module End: F7989000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F7897000
Module End: F789A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F7358000
Module End: F7386000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: F7989000
Module End: F798B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F7347000
Module End: F7358000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F7487000
Module End: F7491000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7A4F000
Module End: F7A50000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F7707000
Module End: F770E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F7497000
Module End: F74A2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F7328000
Module End: F7347000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmload.sys
Service Name: dmload
Module Base: F798B000
Module End: F798D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: F7302000
Module End: F7328000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F770F000
Module End: F7714000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sfsync02.sys
Service Name: sfsync02
Module Base: F74A7000
Module End: F74B0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F74B7000
Module End: F74C4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VClone.sys
Service Name: VClone
Module Base: F7717000
Module End: F771D000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Service Name: ScsiPort
Module Base: F72EA000
Module End: F7302000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F72D2000
Module End: F72EA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\nvata.sys
Service Name: nvata
Module Base: F72BB000
Module End: F72D2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F74C7000
Module End: F74D0000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F74D7000
Module End: F74E4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: F729B000
Module End: F72BB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F7289000
Module End: F729B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F74E7000
Module End: F74F1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F7272000
Module End: F7289000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\WudfPf.sys
Service Name: WudfPf
Module Base: F725F000
Module End: F7272000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F71D2000
Module End: F725F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F71A5000
Module End: F71D2000
Hidden: No

Module Name: C:\WINDOWS\system32\speedfan.sys
Service Name: speedfan
Module Base: F798D000
Module End: F798F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sfvfs02.sys
Service Name: sfvfs02
Module Base: F7192000
Module End: F71A5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sfhlp02.sys
Service Name: sfhlp02
Module Base: F771F000
Module End: F7727000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sfhlp01.sys
Service Name: sfhlp01
Module Base: F798F000
Module End: F7991000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sfdrv01.sys
Service Name: sfdrv01
Module Base: F7180000
Module End: F7192000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\prosync1.sys
Service Name: prosync1
Module Base: F7991000
Module End: F7993000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\prohlp02.sys
Service Name: prohlp02
Module Base: F716E000
Module End: F7180000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: F74F7000
Module End: F7507000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: F7507000
Module End: F7515000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F7154000
Module End: F716E000
Hidden: No

Module Name: C:\WINDOWS\system32\giveio.sys
Service Name: giveio
Module Base: F7A50000
Module End: F7A51000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\AmdK8.sys
Service Name: AmdK8
Module Base: F6D61000
Module End: F6D6F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: F77FF000
Module End: F7804000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F5AEC000
Module End: F5B10000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F7807000
Module End: F780F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Service Name: ALCXWDM
Module Base: F56FD000
Module End: F5AEC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: F56D9000
Module End: F56FD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F6D41000
Module End: F6D50000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ks.sys
Service Name: ---
Module Base: F56B6000
Module End: F56D9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F7627000
Module End: F7632000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\ElbyDelay.sys
Service Name: ElbyDelay
Module Base: F79F9000
Module End: F79FB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F7637000
Module End: F7647000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F7647000
Module End: F7656000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
Service Name: nvnetbus
Module Base: F70E0000
Module End: F70E4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\NVNRM.SYS
Service Name: ---
Module Base: F52E6000
Module End: F5326000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS
Service Name: ---
Module Base: F52B3000
Module End: F52E6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Service Name: nv
Module Base: F48F0000
Module End: F52B3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F48DC000
Module End: F48F0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serial.sys
Service Name: Serial
Module Base: F7657000
Module End: F7667000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serenum.sys
Service Name: serenum
Module Base: F70DC000
Module End: F70E0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\parport.sys
Service Name: Parport
Module Base: F48C8000
Module End: F48DC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: F5BA0000
Module End: F5BAD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F785F000
Module End: F7865000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F7867000
Module End: F786D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7B21000
Module End: F7B22000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F12F2000
Module End: F12FF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F7074000
Module End: F7077000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: ECF41000
Module End: ECF58000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F12E2000
Module End: F12ED000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F12D2000
Module End: F12DE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F3FF3000
Module End: F3FF8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: ECF30000
Module End: ECF41000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F12C2000
Module End: F12CB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F3FEB000
Module End: F3FF0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F3FE3000
Module End: F3FE8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: ECF00000
Module End: ECF30000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F12B2000
Module End: F12BC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F79A5000
Module End: F79A7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: ECEA2000
Module End: ECF00000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F6BE4000
Module End: F6BE8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\WmBEnum.sys
Service Name: WmBEnum
Module Base: F6BE0000
Module End: F6BE4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\WmXlCore.sys
Service Name: WmXlCore
Module Base: F12A2000
Module End: F12AD000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F1292000
Module End: F129C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F1282000
Module End: F1291000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F79A9000
Module End: F79AB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
Service Name: NVENETFD
Module Base: F0F28000
Module End: F0F31000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Service Name: Flpydisk
Module Base: F0FE7000
Module End: F0FEC000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Service Name: i2omgmt
Module Base: F0DAC000
Module End: F0DAF000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F7A27000
Module End: F7A29000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: ED05F000
Module End: ED060000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F7A29000
Module End: F7A2B000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F0FDF000
Module End: F0FE5000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F7A2B000
Module End: F7A2D000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F7A2D000
Module End: F7A2F000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F0925000
Module End: F092A000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F091D000
Module End: F0925000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F0DA8000
Module End: F0DAB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: EB857000
Module End: EB86A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: EB7FE000
Module End: EB857000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswTdi.SYS
Service Name: aswTdi
Module Base: F0826000
Module End: F0830000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: EB7D6000
Module End: EB7FE000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Service Name: WS2IFSL
Module Base: F0692000
Module End: F0695000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: EB7B4000
Module End: EB7D6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F0816000
Module End: F081F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: EB789000
Module End: EB7B4000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\prodrv06.sys
Service Name: prodrv06
Module Base: EB775000
Module End: EB789000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: EB705000
Module End: EB775000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F0806000
Module End: F0811000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F07F6000
Module End: F07FF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Service Name: usbprint
Module Base: F0915000
Module End: F091C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: F090D000
Module End: F0915000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
Service Name: aswSP
Module Base: EB189000
Module End: EB1B0000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Aavmker4.SYS
Service Name: Aavmker4
Module Base: F08FD000
Module End: F0903000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
Service Name: LVMVDrv
Module Base: EB527000
Module End: EB705000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\LVUSBSta.sys
Service Name: LVUSBSta
Module Base: F07C6000
Module End: F07CF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
Service Name: PID_PEPI
Module Base: EB0A5000
Module End: EB189000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\lv302af.sys
Service Name: pepifilter
Module Base: F7A37000
Module End: F7A39000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\usbaudio.sys
Service Name: usbaudio
Module Base: F07B6000
Module End: F07C5000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F07A6000
Module End: F07B6000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_nvata.sys
Service Name: ---
Module Base: EB08E000
Module End: EB0A5000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F79A1000
Module End: F79A3000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: F0085000
Module End: F0088000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F08ED000
Module End: F08F2000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: ED2EA000
Module End: ED2EB000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\mbam.sys
Service Name: MBAMProtector
Module Base: EB8AE000
Module End: EB8B2000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswFsBlk.SYS
Service Name: aswFsBlk
Module Base: EB8AA000
Module End: EB8AD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: F1878000
Module End: F187C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswMon2.SYS
Service Name: aswMon2
Module Base: B86F9000
Module End: B8710000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: B85CC000
Module End: B85E1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: EDF91000
Module End: EDFA0000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: B85A8000
Module End: B85CC000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\ANGELNT.SYS
Service Name: Angelnt
Module Base: EDF61000
Module End: EDF6E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Service Name: ParVdm
Module Base: ED054000
Module End: ED056000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\atksgt.sys
Service Name: atksgt
Module Base: B8515000
Module End: B8558000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\cpuz133_x32.sys
Service Name: cpuz133
Module Base: F0F88000
Module End: F0F91000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
Service Name: ElbyCDIO
Module Base: ED04E000
Module End: ED050000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\lirsgt.sys
Service Name: lirsgt
Module Base: EE0A6000
Module End: EE0AB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: B8496000
Module End: B84ED000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Service Name: Secdrv
Module Base: EDFDC000
Module End: EDFE6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
Service Name: LVPr2Mon
Module Base: F773F000
Module End: F7744000
Hidden: No

Module Name: \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
Service Name: TuneUpUtilitiesDrv
Module Base: ECF82000
Module End: ECF83000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswRdr.SYS
Service Name: aswRdr
Module Base: F77A7000
Module End: F77AC000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: B801D000
Module End: B805E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\fdc.sys
Service Name: Fdc
Module Base: F7857000
Module End: F785E000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwClose
Address: EB191CF0
Driver Base: EB189000
Driver End: EB1B0000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwCreateKey
Address: EB191BAC
Driver Base: EB189000
Driver End: EB1B0000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwDeleteKey
Address: EB192160
Driver Base: EB189000
Driver End: EB1B0000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwDeleteValueKey
Address: EB19208A
Driver Base: EB189000
Driver End: EB1B0000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwDuplicateObject
Address: EB191782
Driver Base: EB189000
Driver End: EB1B0000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwOpenKey
Address: EB191C86
Driver Base: EB189000
Driver End: EB1B0000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwOpenProcess
Address: EB1916C2
Driver Base: EB189000
Driver End: EB1B0000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwOpenThread
Address: EB191726
Driver Base: EB189000
Driver End: EB1B0000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwQueryValueKey
Address: EB191DA6
Driver Base: EB189000
Driver End: EB1B0000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwRenameKey
Address: EB19222E
Driver Base: EB189000
Driver End: EB1B0000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwRestoreKey
Address: EB191D66
Driver Base: EB189000
Driver End: EB1B0000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwSetValueKey
Address: EB191EE6
Driver Base: EB189000
Driver End: EB1B0000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwLoadDriver
At Address: 805795FA
Jump To: EB19EB10
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ZwCreateSection
At Address: 805A075C
Jump To: EB19E9D6
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ZwCreateProcessEx
At Address: 805C73EA
Jump To: EB19EBB2
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ZwClose
At Address: 805B1CE0
Jump To: EB19A5D4
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: PsCreateSystemThread
At Address: 805C73EA
Jump To: EB19EBB2
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ObMakeTemporaryObject
At Address: 805B1CE0
Jump To: EB19A5D4
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ObInsertObject
At Address: 805B8B58
Jump To: EB19BFFA
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ObCloseHandle
At Address: 805B1CE0
Jump To: EB19A5D4
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: F79916C1
Hooking Module: C:\WINDOWS\system32\drivers\prosync1.sys

Hooked Module: C:\WINDOWS\System32\drivers\prodrv06.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: E1C4B5F0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\drivers\prodrv06.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: E1C4B5F0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\drivers\prodrv06.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: E1C4B5F0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\prohlp02.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: E1035B60
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\prohlp02.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: E1035B60
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\prohlp02.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: E1035B60
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\VClone.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: F74A88B4
Hooking Module: C:\WINDOWS\system32\drivers\sfsync02.sys

******************************************************************************************
******************************************************************************************
Ports:
Local Address: STUDENT-A178F61:12995
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: LISTENING

Local Address: STUDENT-A178F61:12993
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: LISTENING

Local Address: STUDENT-A178F61:12563
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: LISTENING

Local Address: STUDENT-A178F61:12465
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: LISTENING

Local Address: STUDENT-A178F61:12143
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: LISTENING

Local Address: STUDENT-A178F61:12119
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: LISTENING

Local Address: STUDENT-A178F61:12110
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: LISTENING

Local Address: STUDENT-A178F61:12080
Remote Address: LOCALHOST:4764
Type: TCP
Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: ESTABLISHED

Local Address: STUDENT-A178F61:12080
Remote Address: LOCALHOST:4763
Type: TCP
Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: ESTABLISHED

Local Address: STUDENT-A178F61:12080
Remote Address: LOCALHOST:4759
Type: TCP
Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: ESTABLISHED

Local Address: STUDENT-A178F61:12080
Remote Address: LOCALHOST:3282
Type: TCP
Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: ESTABLISHED

Local Address: STUDENT-A178F61:12080
Remote Address: LOCALHOST:1248
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: STUDENT-A178F61:12080
Remote Address: LOCALHOST:1244
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: STUDENT-A178F61:12080
Remote Address: LOCALHOST:1242
Type: TCP
Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: ESTABLISHED

Local Address: STUDENT-A178F61:12080
Remote Address: LOCALHOST:1239
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: STUDENT-A178F61:12080
Remote Address: LOCALHOST:1238
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: STUDENT-A178F61:12080
Remote Address: LOCALHOST:1236
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: STUDENT-A178F61:12080
Remote Address: LOCALHOST:1234
Type: TCP
Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: ESTABLISHED

Local Address: STUDENT-A178F61:12080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: LISTENING

Local Address: STUDENT-A178F61:12025
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: LISTENING

Local Address: STUDENT-A178F61:4764
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Opera\opera.exe
State: ESTABLISHED

Local Address: STUDENT-A178F61:4763
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Opera\opera.exe
State: ESTABLISHED

Local Address: STUDENT-A178F61:4759
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Opera\opera.exe
State: ESTABLISHED

Local Address: STUDENT-A178F61:3282
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Opera\opera.exe
State: ESTABLISHED

Local Address: STUDENT-A178F61:1242
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Opera\opera.exe
State: ESTABLISHED

Local Address: STUDENT-A178F61:1234
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Opera\opera.exe
State: ESTABLISHED

Local Address: STUDENT-A178F61:4760
Remote Address: UN225.S.ETECH.SK:HTTP
Type: TCP
Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: ESTABLISHED

Local Address: STUDENT-A178F61:3767
Remote Address: S15344003.ONLINEHOME-SERVER.INFO:10021
Type: TCP
Process: C:\Program Files\Opera\opera.exe
State: ESTABLISHED

Local Address: STUDENT-A178F61:3291
Remote Address: CHANNEL6-02-07-SNC1.FACEBOOK.COM:HTTP
Type: TCP
Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: ESTABLISHED

Local Address: STUDENT-A178F61:1247
Remote Address: MAM.NAMESERVER.SK:HTTP
Type: TCP
Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: CLOSE_WAIT

Local Address: STUDENT-A178F61:1246
Remote Address: MAM.NAMESERVER.SK:HTTP
Type: TCP
Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: CLOSE_WAIT

Local Address: STUDENT-A178F61:1243
Remote Address: DELL134.S.ETECH.SK:HTTP
Type: TCP
Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: ESTABLISHED

Local Address: STUDENT-A178F61:1235
Remote Address: UN226.S.ETECH.SK:HTTP
Type: TCP
Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: ESTABLISHED

Local Address: STUDENT-A178F61:1227
Remote Address: DELL126.S.ETECH.SK:HTTP
Type: TCP
Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: LAST_ACK

Local Address: STUDENT-A178F61:1224
Remote Address: WWW-12-04-ASH2.FACEBOOK.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: STUDENT-A178F61:1222
Remote Address: 93.188.130.43:HTTP
Type: TCP
Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: LAST_ACK

Local Address: STUDENT-A178F61:1216
Remote Address: UN236.S.ETECH.SK:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: STUDENT-A178F61:1215
Remote Address: UN236.S.ETECH.SK:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: STUDENT-A178F61:1214
Remote Address: UN236.S.ETECH.SK:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: STUDENT-A178F61:1210
Remote Address: DELL134.S.ETECH.SK:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: STUDENT-A178F61:1208
Remote Address: UN226.S.ETECH.SK:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: STUDENT-A178F61:1186
Remote Address: WWW-12-04-ASH2.FACEBOOK.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: STUDENT-A178F61:1184
Remote Address: 78.128.147.42:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: STUDENT-A178F61:1183
Remote Address: 78.128.147.42:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: STUDENT-A178F61:1180
Remote Address: 78.128.147.42:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: STUDENT-A178F61:1179
Remote Address: 78.128.147.42:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: STUDENT-A178F61:1178
Remote Address: 78.128.147.42:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: STUDENT-A178F61:1172
Remote Address: DELL126.S.ETECH.SK:HTTP
Type: TCP
Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: LAST_ACK

Local Address: STUDENT-A178F61:1035
Remote Address: CDS141.AMS9.MSECN.NET:HTTP
Type: TCP
Process: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
State: CLOSE_WAIT

Local Address: STUDENT-A178F61:1033
Remote Address: 75.125.231.171:HTTP
Type: TCP
Process: C:\PROGRA~1\Alwil Software\Avast5\AvastUI.exe
State: CLOSE_WAIT

Local Address: STUDENT-A178F61:1032
Remote Address: 75.125.231.171:HTTP
Type: TCP
Process: C:\PROGRA~1\Alwil Software\Avast5\AvastUI.exe
State: CLOSE_WAIT

Local Address: STUDENT-A178F61:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: STUDENT-A178F61:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: STUDENT-A178F61:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: STUDENT-A178F61:45301
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\PnkBstrB.exe
State: NA

Local Address: STUDENT-A178F61:44301
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\PnkBstrA.exe
State: NA

Local Address: STUDENT-A178F61:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: STUDENT-A178F61:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: STUDENT-A178F61:2878
Remote Address: NA
Type: UDP
Process: C:\Program Files\Opera\opera.exe
State: NA

Local Address: STUDENT-A178F61:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: STUDENT-A178F61:1900
Remote Address: NA
Type: UDP
Process: C:\Program Files\Opera\opera.exe
State: NA

Local Address: STUDENT-A178F61:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: STUDENT-A178F61:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: STUDENT-A178F61:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: STUDENT-A178F61:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: STUDENT-A178F61:161
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\snmp.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\student\Data aplikací\OpenOffice.org2\user\gallery\sound-L'amour reve(AndréGagnon).wav
Status: Hidden

Object: C:\Documents and Settings\student\Dokumenty\ICQ\418852334\ReceivedFiles\Delete\ZZZZZZZZZZZZZ\492670404 • — 'L!ttl3j0hNy' —
Status: Hidden

#18 Příspěvek od **motji** » 13 zář 2010 21:21

Tak byl to planý poplach, to už je jen pozůstatek viru

.

Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
@Alternate Data Stream - 40 bytes -> C:\Documents and Settings\student\Data aplikací:NT
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:B3D74A13
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:1CE11B51
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:05EE1EEF
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:C4252FE0
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:202EF4B1
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8FB6501C

:commands
[emptytemp]
[EMPTYFLASH]
[Reboot]

-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde

zulo · #19 Příspěvek od **zulo** » 14 zář 2010 12:46

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder C:\WINDOWS\*.tmp not found.
ADS C:\Documents and Settings\student\Data aplikací:NT deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:B3D74A13 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:1CE11B51 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:05EE1EEF deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:C4252FE0 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:202EF4B1 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:8FB6501C deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Opera cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: student
->Temp folder emptied: 3438 bytes
->Temporary Internet Files folder emptied: 2828702 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 4351 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82403 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: student
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.12.0 log created on 09142010_133442

Files\Folders moved on Reboot...
C:\WINDOWS\temp\_avast5_\Webshlock.txt moved successfully.

Registry entries deleted on Reboot...

#20 Příspěvek od **motji** » 14 zář 2010 18:14

Ještě jeden skript

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Netsvc::
tqoibon

driver::
tqoibon

Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

zulo · #21 Příspěvek od **zulo** » 14 zář 2010 19:24

ComboFix 10-09-11.03 - student 14.09.2010 20:03:56.10.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.578 [GMT 2:00]
Spuštěný z: c:\documents and settings\student\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\student\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-08-14 do 2010-09-14 )))))))))))))))))))))))))))))))
.

2010-09-14 11:34 . 2010-09-14 11:34 -------- d-----w- C:\_OTL
2010-09-07 15:59 . 2008-04-13 22:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-09-07 15:59 . 2008-04-13 22:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-09-07 15:59 . 2008-04-13 22:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-09-07 15:59 . 2008-04-13 22:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-09-07 15:59 . 2008-04-13 22:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-09-07 15:59 . 2008-04-13 22:11 8192 ----a-w- c:\windows\system32\drivers\Changer.sys
2010-08-25 19:40 . 2010-08-10 00:58 -------- d-----w- c:\program files\pawno

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-14 17:21 . 2008-11-06 13:08 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-14 12:01 . 2008-03-20 12:33 -------- d-----w- c:\program files\Xfire
2010-09-10 09:47 . 2009-02-10 09:33 -------- d-----w- c:\program files\SpeedFan
2010-09-08 17:31 . 2007-09-30 13:51 -------- d-----w- c:\program files\CCleaner
2010-09-08 14:09 . 2009-02-07 14:59 -------- d-----w- c:\program files\Trend Micro
2010-09-07 15:12 . 2010-07-08 13:31 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2008-05-31 09:59 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2008-05-31 09:59 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2008-05-31 09:59 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2008-05-31 09:59 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2008-05-31 09:59 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2008-05-31 09:59 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2008-05-31 09:59 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2008-05-31 09:59 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-26 15:06 . 2010-01-21 13:39 -------- d-----w- c:\program files\ICQ7.0
2010-08-13 14:53 . 2009-12-03 16:50 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-13 10:10 . 2007-09-24 14:09 -------- d-----w- c:\program files\Opera
2010-08-04 12:00 . 2010-03-27 15:57 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-07-24 14:53 . 2010-07-24 13:55 -------- d-----w- c:\program files\Google
2010-07-09 19:04 . 2010-07-09 19:04 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-06-30 20:44 . 2001-10-25 14:00 83306 ----a-w- c:\windows\system32\perfc005.dat
2010-06-30 20:44 . 2001-10-25 14:00 439966 ----a-w- c:\windows\system32\perfh005.dat
2010-06-25 20:17 . 2009-12-03 19:05 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-09-12_14.04.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-14 11:36 . 2010-09-14 11:36 16384 c:\windows\Temp\Perflib_Perfdata_9e8.dat
+ 2010-09-14 12:26 . 2010-09-14 12:26 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
- 2010-05-26 11:15 . 2010-05-26 11:15 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
+ 2010-09-14 12:26 . 2010-09-14 12:26 1575936 c:\windows\Installer\2e3c53.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SW20"="c:\windows\system32\sw20.exe" [2006-01-03 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-01-03 69632]
"avast5"="c:\progra~1\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PLFlash DeviceIoControl Service"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"gusvc"=3 (0x3)
"TuneUp.ProgramStatisticsSvc"=2 (0x2)
"cmdAgent"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [31.5.2008 11:59 165584]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [1.12.2007 23:23 51072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31.5.2008 11:59 17744]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [6.4.2010 16:15 20968]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29.5.2010 18:26 304464]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25.2.2010 11:59 1047880]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29.5.2010 18:26 20952]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 11:18 10064]
S0 xmasscsi;xmasscsi;c:\windows\system32\Drivers\xmasscsi.sys --> c:\windows\system32\Drivers\xmasscsi.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24.7.2010 15:55 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [17.8.2004 15:49 14336]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.11.2006 18:51 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-24 13:55]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-24 13:55]

2010-09-14 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-05 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-14 20:12
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1202660629-776561741-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1202660629-776561741-725345543-1003\Software\SecuRom\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"????????????????????????"=hex:05,fa,c8,4c,2b,b9,3b,24,4b,a5,dc,57,b7,93,ba,00,
25,28,70,25,63,63,70,f7,25,25,63,9d,70,f4,90,90,00,00,00,00,00,00,00,00,00,\
"??"=hex:f8,13,54,80,7b,99,8d,00,b5,23,3b,87,b2,4d,9b,b2,bf,7d,54,89,c4,cf,55,
63,8e,08,13,f1,12,f2,77,0e,26,94,b3,b5,a3,59,5a,49,a3,ce,51,7a,02,be,70,b3,\
"??"=hex:c3,e6,8d,95,f7,15,df,41,47,63,75,40,49,a4,21,29

[HKEY_USERS\S-1-5-21-1202660629-776561741-725345543-1003\Software\SecuRom\License information*]
"datasecu"=hex:99,c5,7a,74,14,4e,e5,26,1d,7b,8b,29,1d,45,e5,45,5e,17,2c,69,d7,
ed,9c,10,ce,a8,dd,41,df,63,1d,74,22,89,ed,7d,45,2e,66,ec,88,b5,d5,d8,9a,89,\
"rkeysecu"=hex:a9,99,9e,c5,a1,49,0b,49,f2,f9,50,b9,23,28,c2,a8
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3564)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-09-14 20:17:44
ComboFix-quarantined-files.txt 2010-09-14 18:17
ComboFix2.txt 2010-09-12 14:10

Před spuštěním: Volných bajtů: 10 697 981 952
Po spuštění: Volných bajtů: 10 696 138 752

- - End Of File - - 2546DDE58BDC1003D2B1A5AA0310F23E

#22 Příspěvek od **motji** » 14 zář 2010 20:50

Fajn, jak je na tom počítač?

Odinstalujte G-Mer
přes start-spustit-do okénka vložte příkaz
C:\WINDOWS\gmer_uninstall.cmd
- Enter

***********

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

***********

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

***********

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázek

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázek

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy

ok

zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

***********

Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech

***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

zulo · #23 Příspěvek od **zulo** » 15 zář 2010 10:00

No vsetko mam spravene co ste pisali pc je uz celkom lepsie na tom ale pri starte to neni ono pri nacitany vidim len avast , lista nereaguje , neni vidiet repracik ,ono sa to vrati do normalu az po 10 minutach.Nejde cez usb kabel pripojit telefon. Kuknite na tento obrazok spravci pocitace : http://uloz.to/5839561/kernel.jpg

Posilam novy log z RSITU :

Logfile of random's system information tool 1.08 (written by random/random)
Run by student at 2010-09-15 10:58:12
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (7%) free of 153 GB
Total RAM: 1023 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:58:29, on 15.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\student\Plocha\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\student.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\Alwil Software\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.co ... 1.71.0.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 7017 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-27 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-27 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SW20"=C:\WINDOWS\system32\sw20.exe [2006-01-03 208896]
"SW24"=C:\WINDOWS\system32\sw24.exe [2006-01-03 69632]
"avast5"=C:\PROGRA~1\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-04-03 110696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PLFlash DeviceIoControl Service"=2
"Nero BackItUp Scheduler 3"=2
"gusvc"=3
"TuneUp.ProgramStatisticsSvc"=2
"cmdAgent"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSMBalloonTip"=1
"NoDriveTypeAutoRun"=323
"MemCheckBoxInRunDlg"=0
"NoAutoTrayNotify"=0
"NoResolveTrack"=0
"NoResolveSearch"=1
"NoWelcomeScreen"=1
"NoRecentDocsNetHood"=1
"NoDesktopCleanupWizard"=1
"NoSharedDocuments"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoStrCmpLogical"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-09-15 10:58:12 ----D---- C:\rsit
2010-09-14 22:11:12 ----SHD---- C:\RECYCLER
2010-09-07 17:59:48 ----A---- C:\WINDOWS\system32\drivers\lbrtfdc.sys
2010-09-07 17:59:44 ----A---- C:\WINDOWS\system32\drivers\i2omgmt.sys
2010-09-07 17:59:42 ----A---- C:\WINDOWS\system32\drivers\Changer.sys
2010-08-25 21:40:22 ----D---- C:\Program Files\pawno

======List of files/folders modified in the last 1 months======

2010-09-15 10:58:23 ----D---- C:\WINDOWS\Prefetch
2010-09-15 10:40:07 ----D---- C:\WINDOWS\Temp
2010-09-15 10:35:54 ----D---- C:\WINDOWS
2010-09-15 10:35:47 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-15 10:25:21 ----D---- C:\WINDOWS\system32\LogFiles
2010-09-14 23:24:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-14 23:15:09 ----D---- C:\Program Files\SpeedFan
2010-09-14 22:17:04 ----D---- C:\programy
2010-09-14 22:03:58 ----D---- C:\WINDOWS\system32\Restore
2010-09-14 20:12:36 ----A---- C:\WINDOWS\system.ini
2010-09-14 20:09:53 ----D---- C:\WINDOWS\system32\drivers
2010-09-14 20:09:53 ----D---- C:\WINDOWS\AppPatch
2010-09-14 20:09:53 ----AD---- C:\WINDOWS\system32
2010-09-14 20:09:52 ----D---- C:\Program Files\Common Files
2010-09-14 14:38:59 ----D---- C:\Documents and Settings\student\Data aplikací\Skype
2010-09-14 14:26:29 ----SHD---- C:\WINDOWS\Installer
2010-09-14 14:21:18 ----D---- C:\Documents and Settings\student\Data aplikací\ICQ
2010-09-14 14:08:22 ----D---- C:\Documents and Settings\student\Data aplikací\Xfire
2010-09-14 14:01:48 ----D---- C:\Documents and Settings\student\Data aplikací\skypePM
2010-09-14 14:01:16 ----D---- C:\Program Files\Xfire
2010-09-12 16:04:17 ----D---- C:\WINDOWS\system32\drivers\etc
2010-09-12 15:51:52 ----D---- C:\WINDOWS\system32\NtmsData
2010-09-10 12:26:25 ----D---- C:\Documents and Settings\student\Data aplikací\Media Player Classic
2010-09-10 12:26:12 ----D---- C:\WINDOWS\Debug
2010-09-09 10:32:51 ----SD---- C:\Documents and Settings\student\Data aplikací\Microsoft
2010-09-08 19:31:59 ----D---- C:\Program Files\CCleaner
2010-09-08 16:10:14 ----SHD---- C:\System Volume Information
2010-09-08 16:09:54 ----D---- C:\Program Files\Trend Micro
2010-09-08 15:10:03 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-09-07 18:00:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-07 17:11:54 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-08-28 18:02:33 ----A---- C:\WINDOWS\wincmd.ini
2010-08-28 18:02:30 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-08-26 17:06:04 ----D---- C:\Program Files\ICQ7.0
2010-08-25 21:41:14 ----D---- C:\Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2005-08-18 93568]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI NEC FireWarden; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-07-06 72896]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2010-04-27 45648]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2005-08-10 19968]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2006-04-22 24320]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-07-06 79232]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2009-10-19 51072]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2006-11-06 271360]
R2 cpuz133;cpuz133; \??\C:\WINDOWS\system32\drivers\cpuz133_x32.sys []
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-04-22 8064]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2006-11-06 18048]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-04 10232128]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-02-03 14240]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-02-03 938272]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2008-01-25 19336]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2008-01-25 48904]
S0 xmasscsi;xmasscsi; C:\WINDOWS\System32\Drivers\xmasscsi.sys []
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 sony_ssm.sys;sony_ssm.sys; \??\C:\DOCUME~1\student\LOCALS~1\Temp\sony_ssm.sys []
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WUDFRd;WUDFRd; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [2006-09-28 82944]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-07-31 717296]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 LVPrcSrv;Process Monitor; c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-12-03 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-08-13 214520]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 32768]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-25 1047880]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2006-11-06 122880]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-24 136176]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;Tiskový server TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2001-10-25 19456]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-03-27 435016]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#24 Příspěvek od **motji** » 15 zář 2010 11:47

To je práce toho viru, co jste měl. Ty ovladače přeinstalujte, tím by mělo zmizet i to mrznutí po restartu.

zulo · #25 Příspěvek od **zulo** » 15 zář 2010 16:58

jj pomohlo to start pc je uz normalny som rad

ale mam jeden problem s usbeckom ked pripojim mobil k usb tak ono 2x pipne ale tomto pocitaci sa neobjavy opravoval som aj driver ale nepomohlo to

Mate niejaky napad ako to sprovoznit ?

#26 Příspěvek od **motji** » 15 zář 2010 17:26

v jiném pc funguje?

zulo · #27 Příspěvek od **zulo** » 15 zář 2010 18:51

na druhom pc to bez problemu funguje...

#28 Příspěvek od **motji** » 15 zář 2010 21:23

Zkoušel jste jiný USB?

zulo · #29 Příspěvek od **zulo** » 15 zář 2010 21:47

ano , skusal som opakuje sa to stale ...

#30 Příspěvek od **motji** » 15 zář 2010 21:49

Ve správci zařízení je ten USB v pořádku?

VIRY.CZ

Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu