VIRY.CZ

Ahoj.
Stávalo se mi nepravidelně, že byl chvíli CPU vytížen více, než jsem očekával. Začal jsem se zajímat čím to, upoutalo mě množství spuštěných svchost.
ESET online scan našel win32/trojan agent ve staženém, ale nerozbaleném zipu. MBAM nenašel nic, program Advanced system care něco opravil v registru, projel jsem to včera Combofixem (log mohu poskytnout), Svchost process analyzer hlásí 5 varování - 3 chybějící knihovny (appmgmts.dll, hidserv.dll, wuauserv.dll) a dva svchost.exe, které odmítly přístup a mají značku No Microsoft file.
Byl bych vděčný, kdyby se na to mrknul někdo, kdo tomu rozumí.
Díky

LOG RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Kletvíková at 2010-04-22 14:16:20
Microsoft Windows XP Home Edition Service Pack 2
System drive E: has 21 GB (14%) free of 153 GB
Total RAM: 895 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:16:35, on 22.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
E:\WINDOWS\ATK0100\HControl.exe
E:\WINDOWS\sm56hlpr.exe
E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\Program Files\Wireless Console 2\wcourier.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
E:\Program Files\ClocX\ClocX.exe
E:\Program Files\Activ Software\Activdriver\ActivControl2.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
E:\WINDOWS\system32\ASUSTPE.exe
E:\Documents and Settings\Kletvíková\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
E:\Documents and Settings\Kletvíková\Local Settings\Data aplikací\Google\Update\1.2.183.23\GoogleCrashHandler.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\ATK0100\ATKOSD.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\Program Files\CDBurnerXP\NMSAccessU.exe
E:\Program Files\CyberLink\Shared Files\RichVideo.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
E:\WINDOWS\system32\wbem\wmiapsrv.exe
E:\Documents and Settings\Kletvíková\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Kletvíková\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Kletvíková\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Kletvíková\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Kletvíková\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Kletvíková\Plocha\RSIT.exe
E:\Program Files\trend micro\Kletvíková.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - E:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - E:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [HControl] E:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] E:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless Console 2] E:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "E:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Ad-Watch] E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] E:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [MP10_EnsureFileVer] E:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [ClocX] E:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [ActivControl] E:\Program Files\Activ Software\Activdriver\ActivControl2.exe
O4 - HKCU\..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ASUSTPE] E:\WINDOWS\system32\ASUSTPE.exe
O4 - HKCU\..\Run: [Google Update] "E:\Documents and Settings\Kletvíková\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://E:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://E:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Append to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://E:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://E:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: E:\WINDOWS\system32\wbsys.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccess - Unknown owner - E:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 13349 bytes

======Scheduled tasks folder======

E:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
E:\WINDOWS\tasks\AppleSoftwareUpdate.job
E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
E:\WINDOWS\tasks\User_Feed_Synchronization-{DB72DF1D-4307-4AA3-9B79-F5B059979611}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - E:\Program Files\Orbitdownloader\orbitcth.dll [2008-10-31 130248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - E:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - E:\Program Files\Orbitdownloader\GrabPro.dll [2008-10-31 441464]

{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - E:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HControl"=E:\WINDOWS\ATK0100\HControl.exe [2006-10-14 110592]
"SkyTel"=E:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"SMSERIAL"=E:\WINDOWS\sm56hlpr.exe [2006-03-21 544768]
"SynTPEnh"=E:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-25 786521]
"Wireless Console 2"=E:\Program Files\Wireless Console 2\wcourier.exe [2005-10-17 987136]
"RTHDCPL"=E:\WINDOWS\RTHDCPL.EXE [2006-10-30 16269312]
"RemoteControl"=E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=E:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"NeroFilterCheck"=E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-26 161328]
"HP Component Manager"=E:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"HP Software Update"=E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HPDJ Taskbar Utility"=E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [2004-03-04 172032]
"Acrobat Assistant 8.0"=E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-10-14 623992]
"Ad-Watch"=E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-04-08 818256]
"Adobe Reader Speed Launcher"=E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"GrooveMonitor"=E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"QuickTime Task"=E:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]
"SunJavaUpdateSched"=E:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"avast5"=E:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]
"MP10_EnsureFileVer"=E:\WINDOWS\inf\unregmp2.exe [2006-03-02 208896]
"ClocX"=E:\Program Files\ClocX\ClocX.exe [2007-07-26 270336]
"ActivControl"=E:\Program Files\Activ Software\Activdriver\ActivControl2.exe [2008-07-18 1454080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"ASUSTPE"=E:\WINDOWS\system32\ASUSTPE.exe [2006-10-14 69632]
"Google Update"=E:\Documents and Settings\Kletvíková\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-04-18 133104]
"ctfmon.exe"=E:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]

E:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Bluetooth Manager.lnk - E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe

E:\Documents and Settings\Kletvíková\Nabídka Start\Programy\Po spuštění
CCC.lnk - E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="E:\WINDOWS\system32\wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
E:\WINDOWS\system32\Ati2evxx.dll [2007-02-02 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
E:\Program Files\Object Desktop\WindowBlinds\wbsrv.dll [2009-11-12 221488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Program Files\dc\Strong DC++\StrongDC.exe"="E:\Program Files\dc\Strong DC++\StrongDC.exe:*:Enabled:StrongDC++"
"E:\Program Files\Orbitdownloader\orbitdm.exe"="E:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"E:\Program Files\Orbitdownloader\orbitnet.exe"="E:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"E:\WINDOWS\system32\msiexec.exe"="E:\WINDOWS\system32\msiexec.exe:*:Enabled:Windows® installer"
"E:\Program Files\VLC\vlc.exe"="E:\Program Files\VLC\vlc.exe:*:Enabled:VLC media player"
"E:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="E:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"E:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="E:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"E:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="E:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"E:\Documents and Settings\Kletvíková\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe"="E:\Documents and Settings\Kletvíková\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe:*:Disabled:Google Chrome"
"E:\Program Files\ICQ6.5\ICQ.exe"="E:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"E:\Program Files\Skype\Plugin Manager\skypePM.exe"="E:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"E:\Program Files\Sony\Media Manager for WALKMAN\MediaManager.exe"="E:\Program Files\Sony\Media Manager for WALKMAN\MediaManager.exe:*:Enabled:Media Manager for WALKMAN 1.2"
"E:\Program Files\Skype\Phone\Skype.exe"="E:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-04-22 14:16:21 ----D---- E:\Program Files\trend micro
2010-04-22 14:16:20 ----D---- E:\rsit
2010-04-21 18:00:25 ----SHD---- E:\RECYCLER
2010-04-21 14:17:31 ----A---- E:\ComboFix.txt
2010-04-21 14:00:14 ----A---- E:\Boot.bak
2010-04-21 14:00:05 ----RASHD---- E:\cmdcons
2010-04-21 13:58:53 ----A---- E:\WINDOWS\zip.exe
2010-04-21 13:58:53 ----A---- E:\WINDOWS\SWXCACLS.exe
2010-04-21 13:58:53 ----A---- E:\WINDOWS\SWSC.exe
2010-04-21 13:58:53 ----A---- E:\WINDOWS\SWREG.exe
2010-04-21 13:58:53 ----A---- E:\WINDOWS\sed.exe
2010-04-21 13:58:53 ----A---- E:\WINDOWS\PEV.exe
2010-04-21 13:58:53 ----A---- E:\WINDOWS\NIRCMD.exe
2010-04-21 13:58:53 ----A---- E:\WINDOWS\MBR.exe
2010-04-21 13:58:53 ----A---- E:\WINDOWS\grep.exe
2010-04-21 13:55:16 ----D---- E:\WINDOWS\ERDNT
2010-04-20 11:32:26 ----D---- E:\Documents and Settings\Kletvíková\Data aplikací\Malwarebytes
2010-04-20 11:32:19 ----D---- E:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-04-20 11:19:41 ----D---- E:\Qoobox
2010-04-20 09:57:19 ----D---- E:\Documents and Settings\Kletvíková\Data aplikací\UDC Profiles
2010-04-20 09:45:29 ----D---- E:\Documents and Settings\Kletvíková\Data aplikací\Smart PDF Creator Pro
2010-04-20 08:55:09 ----D---- E:\Program Files\Advanced SystemCare 3
2010-04-20 08:55:09 ----D---- E:\Documents and Settings\Kletvíková\Data aplikací\IObit
2010-04-20 08:23:47 ----D---- E:\Documents and Settings\Kletvíková\Data aplikací\Uniblue
2010-04-14 22:48:37 ----HDC---- E:\WINDOWS\$NtUninstallKB979683$
2010-04-14 22:48:25 ----HDC---- E:\WINDOWS\$NtUninstallKB980232$
2010-04-14 22:45:40 ----HDC---- E:\WINDOWS\$NtUninstallKB978338$
2010-04-14 22:45:32 ----HDC---- E:\WINDOWS\$NtUninstallKB977816$
2010-04-14 22:45:23 ----HDC---- E:\WINDOWS\$NtUninstallKB978601$
2010-04-14 22:45:08 ----HDC---- E:\WINDOWS\$NtUninstallKB979309$
2010-04-14 22:43:54 ----A---- E:\WINDOWS\imsins.BAK
2010-04-14 22:43:48 ----HDC---- E:\WINDOWS\$NtUninstallKB979402_WM9L$
2010-04-07 21:43:55 ----D---- E:\Documents and Settings\Kletvíková\Data aplikací\Canneverbe Limited
2010-04-07 21:41:47 ----D---- E:\Program Files\CDBurnerXP
2010-04-07 21:41:47 ----D---- E:\Documents and Settings\All Users\Data aplikací\Canneverbe Limited
2010-04-07 10:42:51 ----D---- E:\Documents and Settings\All Users\Data aplikací\Sun
2010-04-07 10:41:56 ----A---- E:\WINDOWS\system32\javaws.exe
2010-04-07 10:41:56 ----A---- E:\WINDOWS\system32\javaw.exe
2010-04-07 10:41:56 ----A---- E:\WINDOWS\system32\java.exe
2010-03-30 15:04:02 ----D---- E:\Program Files\Common Files\Activ Software
2010-03-30 15:04:02 ----D---- E:\Documents and Settings\All Users\Data aplikací\Activ Software
2010-03-30 15:04:01 ----D---- E:\Program Files\Activ Software
2010-03-29 21:59:45 ----D---- E:\Program Files\DAEMON Tools Toolbar
2010-03-29 21:58:29 ----D---- E:\Program Files\DAEMON Tools Lite
2010-03-29 21:58:01 ----D---- E:\Documents and Settings\Kletvíková\Data aplikací\DAEMON Tools Lite
2010-03-29 21:57:57 ----D---- E:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-03-29 17:34:29 ----D---- E:\Program Files\Jazyky bez barier
2010-03-25 11:14:31 ----D---- E:\Program Files\ClocX
2010-03-25 09:42:00 ----D---- E:\Program Files\CamStudio
2010-03-23 00:55:33 ----HDC---- E:\WINDOWS\$NtUninstallKB929399$

======List of files/folders modified in the last 1 months======

2010-04-22 14:16:27 ----D---- E:\WINDOWS\Prefetch
2010-04-22 14:16:21 ----D---- E:\Program Files
2010-04-22 14:02:15 ----D---- E:\Program Files\Mozilla Firefox
2010-04-22 13:58:46 ----D---- E:\WINDOWS\Temp
2010-04-22 13:47:03 ----SD---- E:\WINDOWS\Tasks
2010-04-22 13:43:42 ----HD---- E:\WINDOWS\inf
2010-04-22 11:35:10 ----A---- E:\WINDOWS\SchedLgU.Txt
2010-04-22 11:35:06 ----D---- E:\WINDOWS\system32\CatRoot2
2010-04-22 11:13:04 ----D---- E:\honza
2010-04-22 10:38:58 ----D---- E:\Documents and Settings\Kletvíková\Data aplikací\vlc
2010-04-22 08:03:35 ----D---- E:\WINDOWS
2010-04-22 08:02:02 ----D---- E:\Config.Msi
2010-04-21 15:54:36 ----D---- E:\WINDOWS\system32\drivers
2010-04-21 15:53:21 ----SHD---- E:\WINDOWS\Installer
2010-04-21 14:13:59 ----A---- E:\WINDOWS\system.ini
2010-04-21 14:10:14 ----D---- E:\WINDOWS\system32
2010-04-21 14:10:14 ----D---- E:\WINDOWS\AppPatch
2010-04-21 14:10:11 ----D---- E:\Program Files\Common Files
2010-04-21 14:00:15 ----RASH---- E:\boot.ini
2010-04-21 13:54:38 ----D---- E:\Program Files\ESET
2010-04-20 17:16:43 ----D---- E:\WINDOWS\system32\CatRoot
2010-04-20 17:16:37 ----D---- E:\WINDOWS\system32\CatRoot_bak
2010-04-20 09:54:29 ----D---- E:\Program Files\ALZip
2010-04-14 22:48:44 ----RSHDC---- E:\WINDOWS\system32\dllcache
2010-04-14 22:48:32 ----HD---- E:\WINDOWS\$hf_mig$
2010-04-14 22:46:01 ----D---- E:\WINDOWS\Debug
2010-04-14 22:45:15 ----D---- E:\WINDOWS\ie8updates
2010-04-14 20:33:20 ----D---- E:\Documents and Settings\Kletvíková\Data aplikací\Skype
2010-04-13 21:18:14 ----D---- E:\Documents and Settings\Kletvíková\Data aplikací\skypePM
2010-04-13 12:53:55 ----D---- E:\WINDOWS\Minidump
2010-04-12 13:39:05 ----AC---- E:\WINDOWS\NeroDigital.ini
2010-04-07 10:42:50 ----D---- E:\Program Files\Common Files\Java
2010-04-07 10:41:44 ----D---- E:\Program Files\Java
2010-04-07 10:40:27 ----A---- E:\WINDOWS\system32\PerfStringBackup.INI
2010-04-06 19:52:54 ----A---- E:\WINDOWS\system32\MRT.exe
2010-03-31 23:22:34 ----D---- E:\Program Files\Internet Explorer
2010-03-30 20:07:41 ----SD---- E:\Documents and Settings\Kletvíková\Data aplikací\Microsoft
2010-03-30 19:23:59 ----A---- E:\WINDOWS\CDPlayer.ini
2010-03-30 15:06:00 ----D---- E:\WINDOWS\WinSxS
2010-03-30 15:05:30 ----RSD---- E:\WINDOWS\Fonts
2010-03-30 15:04:15 ----DC---- E:\WINDOWS\system32\DRVSTORE
2010-03-28 20:44:57 ----D---- E:\Program Files\CDex_170b2
2010-03-25 18:17:02 ----D---- E:\Documents and Settings\Kletvíková\Data aplikací\dvdcss
2010-03-23 11:52:55 ----AC---- E:\WINDOWS\WirelessFTP.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; E:\WINDOWS\system32\drivers\Aavmker4.sys [2010-02-11 28880]
R1 Aspi32;Aspi32; E:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877]
R1 aswSP;aswSP; E:\WINDOWS\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; E:\WINDOWS\system32\drivers\aswTdi.sys [2010-02-11 46672]
R1 intelppm;Řadič procesoru Intel; E:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-02 39936]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; E:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; E:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-09-23 20747]
R2 aswFsBlk;aswFsBlk; E:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMon2;aswMon2; E:\WINDOWS\system32\drivers\aswMon2.sys [2010-02-11 100432]
R3 ActivHidSerMini;Promethean Serial Board Driver; E:\WINDOWS\system32\DRIVERS\activhidsermini.sys [2008-06-16 57088]
R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\E:\WINDOWS\ATK0100\ASNDIS5.SYS []
R3 aswRdr;aswRdr; E:\WINDOWS\system32\drivers\aswRdr.sys [2010-02-11 23376]
R3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Adapter; E:\WINDOWS\system32\DRIVERS\atl02_xp.sys [2006-08-14 27776]
R3 ati2mtag;ati2mtag; E:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-02-02 1975296]
R3 BCM43XX;Ovladač síťového adaptéru ASUS 802.11; E:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
R3 CmBatt;Microsoft AC Adapter Driver; E:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; E:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); E:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
R3 MODEMCSA;Unimodem Streaming Filter Device; E:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Ovladač myši standardu HID; E:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; E:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 prmvmouse;Promethean HID Mouse Service; E:\WINDOWS\system32\DRIVERS\activmouse.sys [2008-06-16 4480]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; E:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
R3 RTSTOR;USB Mass Stroage Device; E:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-10 27520]
R3 smserial;smserial; E:\WINDOWS\system32\DRIVERS\smserial.sys [2006-03-21 889472]
R3 SynMini;USB2.0 1.3M WebCam; E:\WINDOWS\System32\Drivers\SynMini.sys [2006-08-09 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image; E:\WINDOWS\System32\Drivers\SynScan.sys [2006-08-09 7808]
R3 SynTP;Synaptics TouchPad Driver; E:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-25 193088]
R3 tosporte;Bluetooth Port Driver from Toshiba; E:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-04-19 47488]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; E:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-02 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; E:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-02 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; E:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-03-02 17024]
R3 usbprint;Třída USB Printer; E:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S1 kbdhid;Ovladač klávesnice standardu HID; E:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 ate7uhdo;ate7uhdo; E:\WINDOWS\system32\drivers\ate7uhdo.sys []
S3 catchme;catchme; \??\E:\DOCUME~1\KLETVK~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; E:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; E:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; E:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; E:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; E:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 StarOpen;StarOpen; E:\WINDOWS\system32\drivers\StarOpen.sys []
S3 streamip;BDA IPSink; E:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; E:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; E:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-05-18 110976]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; E:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-03-16 37632]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; E:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-05-09 62848]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; E:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; E:\WINDOWS\system32\drivers\TosRfSnd.sys [2006-03-15 52864]
S3 Tosrfusb;Bluetooth USB Controller; E:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-05-09 40192]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-02 26496]
S3 WpdUsb;WpdUsb; E:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; E:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; E:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; E:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; E:\WINDOWS\system32\Ati2evxx.exe [2007-02-02 446464]
R2 avast! Antivirus;avast! Antivirus; E:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R2 JavaQuickStarterService;Java Quick Starter; E:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-04-08 1265264]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; E:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 NMSAccess;NMSAccess; E:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); E:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-09-29 266343]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; E:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; E:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; E:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-03-09 654848]
S2 gupdate;Služba Google Update (gupdate); E:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-15 135664]
S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; e:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-07 138168]
S3 IDriverT;InstallDriver Table Manager; E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; E:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-26 779824]
S3 NMIndexingService;NMIndexingService; E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-26 267824]
S3 odserv;Microsoft Office Diagnostics Service; E:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Hezký večer

Mohla bych vidět ten log z combofixu?

Pěkný večer.
Omlouvám se za svou reakční dobu. Bohužel budu u toho počítače až v neděli večer. Prosím o strpení.

Nicméně díky za povšimnutí.

Konečně logy z Combofixu:

ComboFix 10-04-19.05 - Kletvíková 21.04.2010 14:06:50.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.895.499 [GMT 2:00]
Spuštěný z: e:\honza\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\documents and settings\knihy\GOTTFRIED AUGUST BÜRGER - ...Barona Prášila....pdf
e:\documents and settings\knihy\Lara Croft - Tomb Rider .zip

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-21 do 2010-04-21 )))))))))))))))))))))))))))))))
.

2010-04-21 07:41 . 2010-04-21 07:41 -------- d-----w- e:\program files\FixMyRegistry
2010-04-20 09:32 . 2009-08-03 11:36 38160 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-04-20 09:32 . 2010-04-20 09:32 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-04-20 09:32 . 2009-08-03 11:36 19096 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-04-20 08:10 . 2010-04-20 08:10 -------- d-----w- e:\documents and settings\DC\Adobe.Acrobat.v.9.CZ.Crack
2010-04-20 08:09 . 2010-04-20 08:09 25778784 ----a-w- e:\documents and settings\DC\AdbeRdr90_cs_CZ.exe
2010-04-20 06:55 . 2010-04-20 08:20 -------- d-----w- e:\program files\Advanced SystemCare 3
2010-04-07 19:41 . 2010-04-07 19:41 -------- d-----w- e:\program files\CDBurnerXP
2010-03-30 13:04 . 2008-06-16 12:38 4480 ----a-w- e:\windows\system32\drivers\activmouse.sys
2010-03-30 13:04 . 2010-03-30 13:05 -------- d-----w- e:\program files\Common Files\Activ Software
2010-03-30 13:04 . 2010-03-30 13:04 -------- d-----w- e:\program files\Activ Software
2010-03-29 19:59 . 2010-03-29 20:00 -------- d-----w- e:\program files\DAEMON Tools Toolbar
2010-03-29 19:58 . 2010-03-30 06:17 -------- d-----w- e:\program files\DAEMON Tools Lite
2010-03-29 15:34 . 2010-03-29 15:38 -------- d-----w- e:\program files\Jazyky bez barier
2010-03-26 19:30 . 2010-03-30 09:43 -------- d-----w- e:\documents and settings\Filmy\My Sassy Girl - 2001 - (Comedy,Drama,Romance) - 8.2
2010-03-26 19:20 . 2010-03-26 19:23 -------- d-----w- e:\documents and settings\Filmy\Death at a Funeral - 2007 (comedy) 7,3
2010-03-25 09:14 . 2010-03-25 09:14 -------- d-----w- e:\program files\ClocX
2010-03-25 07:42 . 2010-03-25 16:18 -------- d-----w- e:\program files\CamStudio
2010-03-24 14:05 . 2010-03-24 14:06 -------- d-----w- e:\documents and settings\Filmy\1987_My_Best_Friends_Birthday

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 11:54 . 2007-11-12 14:03 -------- d-----w- e:\program files\ESET
2010-04-20 07:54 . 2008-09-29 08:29 -------- d-----w- e:\program files\ALZip
2010-04-07 08:42 . 2007-10-06 19:28 -------- d-----w- e:\program files\Common Files\Java
2010-04-07 08:41 . 2007-10-06 19:28 -------- d-----w- e:\program files\Java
2010-04-07 08:40 . 2006-03-02 12:00 79440 ----a-w- e:\windows\system32\perfc005.dat
2010-04-07 08:40 . 2006-03-02 12:00 432516 ----a-w- e:\windows\system32\perfh005.dat
2010-03-29 19:58 . 2009-04-11 19:43 691696 ----a-w- e:\windows\system32\drivers\sptd.sys
2010-03-28 18:44 . 2009-03-08 12:50 -------- d-----w- e:\program files\CDex_170b2
2010-03-22 09:11 . 2010-03-22 09:11 -------- d-----w- e:\program files\Common Files\Sony Shared
2010-03-22 09:10 . 2010-03-22 09:10 -------- d-----w- e:\program files\Sony
2010-03-22 08:57 . 2010-03-22 08:57 -------- d-----w- e:\program files\Sony Setup
2010-03-22 08:42 . 2010-03-22 08:23 -------- d-----w- e:\program files\FairStars CD Ripper
2010-03-11 10:13 . 2008-12-01 12:34 -------- d-----w- e:\program files\CCleaner
2010-03-11 10:00 . 2009-11-12 15:23 95024 ----a-w- e:\windows\system32\drivers\SBREDrv.sys
2010-03-11 10:00 . 2009-02-04 15:50 15880 ----a-w- e:\windows\system32\lsdelete.exe
2010-03-11 09:58 . 2009-01-28 15:19 -------- d-----w- e:\program files\Lavasoft
2010-03-10 06:17 . 2006-03-02 12:00 420352 ----a-w- e:\windows\system32\vbscript.dll
2010-03-09 02:28 . 2009-01-28 08:22 411368 ----a-w- e:\windows\system32\deploytk.dll
2010-03-08 22:49 . 2009-04-07 16:52 -------- d-----w- e:\program files\VLC
2010-03-02 08:44 . 2010-03-02 08:44 -------- d-----w- e:\program files\Alwil Software
2010-02-25 06:18 . 2006-03-02 12:00 916480 ----a-w- e:\windows\system32\wininet.dll
2010-02-24 12:31 . 2006-03-02 12:00 454016 ----a-w- e:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:26 . 2006-03-02 12:00 2145792 ----a-w- e:\windows\system32\ntoskrnl.exe
2010-02-16 19:26 . 2004-08-17 15:45 2023936 ----a-w- e:\windows\system32\ntkrnlpa.exe
2010-02-15 20:53 . 2010-02-15 20:53 28464884 ----a-w- e:\documents and settings\knihy\Zpěvníky.exe
2010-02-15 20:53 . 2010-02-15 20:53 140502 ----a-w- e:\documents and settings\knihy\Strugacti-Piknik_u_cesty.zip
2010-02-15 20:53 . 2010-02-15 20:53 214310 ----a-w- e:\documents and settings\knihy\Serial Numbers.exe
2010-02-15 20:53 . 2010-02-15 20:53 1869868 ----a-w- e:\documents and settings\knihy\Humor.exe
2010-02-15 20:53 . 2010-02-15 20:53 38805883 ----a-w- e:\documents and settings\knihy\Digitalni fotaky.exe
2010-02-15 20:53 . 2010-02-15 20:53 1780488 ----a-w- e:\documents and settings\knihy\Dalekohledy.exe
2010-02-12 04:47 . 2006-03-02 12:00 100864 ----a-w- e:\windows\system32\6to4svc.dll
2010-02-11 18:53 . 2010-03-02 08:45 38848 ----a-w- e:\windows\system32\avastSS.scr
2010-02-11 18:53 . 2010-03-02 08:45 153184 ----a-w- e:\windows\system32\aswBoot.exe
2010-02-11 18:42 . 2010-03-02 08:45 46672 ----a-w- e:\windows\system32\drivers\aswTdi.sys
2010-02-11 18:42 . 2010-03-02 08:45 162512 ----a-w- e:\windows\system32\drivers\aswSP.sys
2010-02-11 18:39 . 2010-03-02 08:45 23376 ----a-w- e:\windows\system32\drivers\aswRdr.sys
2010-02-11 18:38 . 2010-03-02 08:45 100432 ----a-w- e:\windows\system32\drivers\aswmon2.sys
2010-02-11 18:38 . 2010-03-02 08:45 94800 ----a-w- e:\windows\system32\drivers\aswmon.sys
2010-02-11 18:38 . 2010-03-02 08:45 19024 ----a-w- e:\windows\system32\drivers\aswFsBlk.sys
2010-02-11 18:38 . 2010-03-02 08:45 28880 ----a-w- e:\windows\system32\drivers\aavmker4.sys
2010-02-11 12:01 . 2006-03-02 12:00 226880 ----a-w- e:\windows\system32\drivers\tcpip6.sys
2010-02-04 15:53 . 2009-01-28 15:23 64288 ----a-w- e:\windows\system32\drivers\Lbd.sys
2009-03-04 09:35 . 2009-03-04 09:33 24 -csh--w- e:\windows\SDE57145A.tmp
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ASUSTPE"="e:\windows\system32\ASUSTPE.exe" [2006-10-14 69632]
"Google Update"="e:\documents and settings\Kletvíková\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-04-18 133104]
"FixMyRegistry"="e:\program files\FixMyRegistry\FixMyRegistry.exe" [2010-04-13 3698688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="e:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SMSERIAL"="e:\windows\sm56hlpr.exe" [2006-03-21 544768]
"SynTPEnh"="e:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"Wireless Console 2"="e:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"RemoteControl"="e:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="e:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="e:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328]
"HP Component Manager"="e:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="e:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HPDJ Taskbar Utility"="e:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"Acrobat Assistant 8.0"="e:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"Ad-Watch"="e:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-04-08 818256]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast5"="e:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
"MP10_EnsureFileVer"="e:\windows\inf\unregmp2.exe" [2006-03-02 208896]
"ClocX"="e:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"ActivControl"="e:\program files\Activ Software\Activdriver\ActivControl2.exe" [2008-07-18 1454080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

e:\documents and settings\Kletvˇkov \Nabˇdka Start\Programy\Po spuçtŘnˇ\
CCC.lnk - e:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - e:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

e:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - e:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-8 113664]
Bluetooth Manager.lnk - e:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-5-24 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-11-12 10:35 221488 ----a-w- e:\program files\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=e:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\dc\\Strong DC++\\StrongDC.exe"=
"e:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"e:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"e:\\WINDOWS\\system32\\msiexec.exe"=
"e:\\Program Files\\VLC\\vlc.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Documents and Settings\\Kletvíková\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"e:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [28.1.2009 17:23 64288]
R1 aswSP;aswSP;e:\windows\system32\drivers\aswSP.sys [2.3.2010 10:45 162512]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [2.3.2010 10:45 19024]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\Lavasoft\Ad-Aware\AAWService.exe [4.2.2010 17:52 1265264]
R3 ActivHidSerMini;Promethean Serial Board Driver;e:\windows\system32\drivers\activhidsermini.sys [16.6.2008 14:38 57088]
R3 prmvmouse;Promethean HID Mouse Service;e:\windows\system32\drivers\activmouse.sys [30.3.2010 15:04 4480]
R3 SynMini;USB2.0 1.3M WebCam;e:\windows\system32\drivers\SynMini.sys [23.9.2007 17:56 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;e:\windows\system32\drivers\SynScan.sys [23.9.2007 17:56 7808]
S0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [11.4.2009 21:43 691696]
S2 gupdate;Služba Google Update (gupdate);e:\program files\Google\Update\GoogleUpdate.exe [15.11.2009 19:44 135664]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-21 e:\windows\Tasks\Ad-Aware Update (Weekly).job
- e:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 14:24]

2010-03-26 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-04-21 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 17:44]

2010-04-21 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 17:44]

2010-04-21 e:\windows\Tasks\User_Feed_Synchronization-{DB72DF1D-4307-4AA3-9B79-F5B059979611}.job
- e:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Append to existing PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - e:\documents and settings\Kletvíková\Data aplikací\Mozilla\Firefox\Profiles\qs0eocpx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: e:\documents and settings\Kletvíková\Data aplikací\Mozilla\Firefox\Profiles\qs0eocpx.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: e:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: e:\program files\Picasa2\npPicasa2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
e:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{e47d6d44-6479-461d-bfa3-dbd0dc5a9011} - (no file)
BHO-{e47d6d44-6479-461d-bfa3-dbd0dc5a9011} - (no file)
Toolbar-{e47d6d44-6479-461d-bfa3-dbd0dc5a9011} - (no file)
WebBrowser-{E47D6D44-6479-461D-BFA3-DBD0DC5A9011} - (no file)
ActiveSetup-ccc-core-static - msiexec

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-21 14:13
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(852)
e:\windows\system32\Ati2evxx.dll
e:\program files\Object Desktop\WindowBlinds\wbsrv.dll
.
Celkový čas: 2010-04-21 14:17:30
ComboFix-quarantined-files.txt 2010-04-21 12:17

Před spuštěním: Volných bajtů: 21 647 007 744
Po spuštění: Volných bajtů: 22 229 520 384

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
e:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 8DEDC695B1E314F9E7F750C4F572D59A

Tyto soubory asi znáte,že?
e:\documents and settings\knihy\GOTTFRIED AUGUST BÜRGER - ...Barona Prášila....pdf
e:\documents and settings\knihy\Lara Croft - Tomb Rider .zip

Combofix je smazal

, pokud je používáte a víte že jsou čisté, vytáhněte si je ze složky qoobox na disku C.
Umažte jim koncovku vir

.

Jak to ted vypadá s počítačem?

Počítač je možná trochu rychlejší, ale situace s svchost je stále stejná - 5 podezřelých procesů z 9, podle svchost process analyzer. Tedy prvotní příčina mého zájmu přetrvává.

V příloze PrintScreen zprávy svchost analyzeru.

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

Fungují Vám aktualizace?

Nějak se mi OTL zasekl na zlib.dll (ale nejdříve vytvořil soubor cmd na ploše), ve správci úloh je stav neodpovídá. CPU nyní stabilně na 50% výkonu. Mám čekat, jestli se vzpamatuje, nebo ho ukončit a zkusit to znovu?

Automatické aktualizace jsem zkoušel vypnout kvůli svchost (na tomto webu jsem vyčetl, že by to mohlo pomoct, ale nepomohlo), opět jsem je spustil, ale zatím nevykazují žádné pokusy aktualizovat. A také jsem odmítl servis pack 3 - možná se jim to nelíbilo.
Mimochodem jaký máte názor na SP3? Četl jsem leccos. Instalovat nebo ne?

I podruhé se program zasekl na zlib.dll...

Nevadí

Stáhněte SysProt AntiRootkit
http://sites.google.com/site/sysprotantirootkit/
-rozbalte a spusťte
-provedte všechny záložky a vložte logy

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT

-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Co se týče sp3, skutečně někomu může dělat problémy, zvlášt na noteboocích. Nejlepší je instalovat sp3 na čerstvě nainstalovaný systém.

MBAM musí počkat do zítřka
jestli v následujícím logu něco chybí, pak je to tím, že se program "kousnul" při scanu skrytých souborů...
Log SysProt Antirootkit:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: E:\WINDOWS\system32\smss.exe
PID: 784
Hidden: No
Window Visible: No

Name: E:\WINDOWS\system32\csrss.exe
PID: 840
Hidden: No
Window Visible: No

Name: E:\WINDOWS\system32\winlogon.exe
PID: 868
Hidden: No
Window Visible: No

Name: E:\WINDOWS\system32\services.exe
PID: 912
Hidden: No
Window Visible: No

Name: E:\WINDOWS\system32\lsass.exe
PID: 924
Hidden: No
Window Visible: No

Name: E:\WINDOWS\system32\ati2evxx.exe
PID: 1092
Hidden: No
Window Visible: No

Name: E:\WINDOWS\system32\svchost.exe
PID: 1108
Hidden: No
Window Visible: No

Name: E:\WINDOWS\system32\svchost.exe
PID: 1200
Hidden: No
Window Visible: No

Name: E:\WINDOWS\system32\svchost.exe
PID: 1344
Hidden: No
Window Visible: No

Name: E:\WINDOWS\system32\svchost.exe
PID: 1384
Hidden: No
Window Visible: No

Name: E:\WINDOWS\system32\svchost.exe
PID: 1496
Hidden: No
Window Visible: No

Name: E:\WINDOWS\system32\ati2evxx.exe
PID: 1636
Hidden: No
Window Visible: No

Name: E:\WINDOWS\system32\svchost.exe
PID: 1664
Hidden: No
Window Visible: No

Name: E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PID: 1968
Hidden: No
Window Visible: No

Name: E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PID: 2028
Hidden: No
Window Visible: No

Name: E:\WINDOWS\explorer.exe
PID: 300
Hidden: No
Window Visible: Yes

Name: E:\WINDOWS\ATK0100\HControl.exe
PID: 436
Hidden: No
Window Visible: No

Name: E:\WINDOWS\sm56hlpr.exe
PID: 472
Hidden: No
Window Visible: No

Name: E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PID: 484
Hidden: No
Window Visible: No

Name: E:\Program Files\Wireless Console 2\wcourier.exe
PID: 492
Hidden: No
Window Visible: No

Name: E:\WINDOWS\RTHDCPL.exe
PID: 500
Hidden: No
Window Visible: No

Name: E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PID: 512
Hidden: No
Window Visible: No

Name: E:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
PID: 564
Hidden: No
Window Visible: No

Name: E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PID: 604
Hidden: No
Window Visible: No

Name: E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PID: 612
Hidden: No
Window Visible: No

Name: E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PID: 624
Hidden: No
Window Visible: No

Name: E:\Program Files\Common Files\Java\Java Update\jusched.exe
PID: 712
Hidden: No
Window Visible: No

Name: E:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
PID: 724
Hidden: No
Window Visible: No

Name: E:\Program Files\ClocX\ClocX.exe
PID: 836
Hidden: No
Window Visible: Yes

Name: E:\Program Files\Activ Software\Activdriver\ActivControl2.exe
PID: 996
Hidden: No
Window Visible: No

Name: E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PID: 1260
Hidden: No
Window Visible: No

Name: E:\WINDOWS\system32\ASUSTPE.exe
PID: 1268
Hidden: No
Window Visible: No

Name: E:\Documents and Settings\Kletvíková\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
PID: 1280
Hidden: No
Window Visible: No

Name: E:\WINDOWS\system32\ctfmon.exe
PID: 1292
Hidden: No
Window Visible: No

Name: E:\Documents and Settings\Kletvíková\Local Settings\Data aplikací\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PID: 1316
Hidden: No
Window Visible: No

Name: E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PID: 1752
Hidden: No
Window Visible: No

Name: E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PID: 1764
Hidden: No
Window Visible: Yes

Name: E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PID: 1780
Hidden: No
Window Visible: No

Name: E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PID: 1828
Hidden: No
Window Visible: No

Name: E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PID: 1880
Hidden: No
Window Visible: No

Name: E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PID: 1904
Hidden: No
Window Visible: No

Name: E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PID: 1920
Hidden: No
Window Visible: No

Name: E:\WINDOWS\system32\spoolsv.exe
PID: 772
Hidden: No
Window Visible: No

Name: E:\WINDOWS\ATK0100\ATKOSD.exe
PID: 2072
Hidden: No
Window Visible: No

Name: E:\WINDOWS\system32\svchost.exe
PID: 2192
Hidden: No
Window Visible: No

Name: E:\Program Files\Java\jre6\bin\jqs.exe
PID: 2280
Hidden: No
Window Visible: No

Name: E:\Program Files\Common Files\LightScribe\LSSrvc.exe
PID: 2360
Hidden: No
Window Visible: No

Name: E:\Program Files\CDBurnerXP\NMSAccessU.exe
PID: 2404
Hidden: No
Window Visible: No

Name: E:\Program Files\CyberLink\Shared Files\RichVideo.exe
PID: 2480
Hidden: No
Window Visible: No

Name: E:\WINDOWS\system32\svchost.exe
PID: 2556
Hidden: No
Window Visible: No

Name: E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PID: 2872
Hidden: No
Window Visible: No

Name: E:\WINDOWS\system32\wbem\unsecapp.exe
PID: 3468
Hidden: No
Window Visible: No

Name: E:\WINDOWS\system32\alg.exe
PID: 3648
Hidden: No
Window Visible: No

Name: E:\WINDOWS\system32\wbem\wmiapsrv.exe
PID: 3836
Hidden: No
Window Visible: No

Name: E:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 172
Hidden: No
Window Visible: No

Name: E:\Documents and Settings\Kletvíková\Plocha\SysProt.exe
PID: 3932
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\E:\Documents and Settings\Kletvíková\Plocha\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: B743A000
Module End: B7445000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E3000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E3000
Module End: 80703C80
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F799C000
Module End: F799E000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F78AC000
Module End: F78AF000
Hidden: No

Module Name: splj.sys
Service Name: ---
Module Base: F72A8000
Module End: F739B000
Hidden: Yes

Module Name: \WINDOWS\System32\Drivers\WMILIB.SYS
Service Name: ---
Module Base: F799E000
Module End: F79A0000
Hidden: No

Module Name: \WINDOWS\System32\Drivers\SCSIPORT.SYS
Service Name: ---
Module Base: F7290000
Module End: F72A8000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F7262000
Module End: F7290000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F7251000
Module End: F7262000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F749C000
Module End: F74A5000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\compbatt.sys
Service Name: Compbatt
Module Base: F78B0000
Module End: F78B3000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: F78B4000
Module End: F78B8000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7A64000
Module End: F7A65000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F771C000
Module End: F7723000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F74AC000
Module End: F74B7000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F7232000
Module End: F7251000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\ACPIEC.sys
Service Name: ACPIEC
Module Base: F78B8000
Module End: F78BB000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Service Name: ---
Module Base: F7A65000
Module End: F7A66000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F7724000
Module End: F7729000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F74BC000
Module End: F74C9000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F721A000
Module End: F7232000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F74CC000
Module End: F74D5000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F74DC000
Module End: F74E9000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\fltMgr.sys
Service Name: FltMgr
Module Base: F71FA000
Module End: F721A000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F71E8000
Module End: F71FA000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\Lbd.sys
Service Name: Lbd
Module Base: F74EC000
Module End: F74FB000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F74FC000
Module End: F7506000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F71D1000
Module End: F71E8000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\WudfPf.sys
Service Name: WudfPf
Module Base: F71BE000
Module End: F71D1000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F7131000
Module End: F71BE000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F7104000
Module End: F7131000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F70E9000
Module End: F7104000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\ATKACPI.sys
Service Name: MTsensor
Module Base: F79E2000
Module End: F79E4000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F4864000
Module End: F486E000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Service Name: ati2mtag
Module Base: F4610000
Module End: F4824000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F45FC000
Module End: F4610000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\bcmwl5.sys
Service Name: BCM43XX
Module Base: F4568000
Module End: F45FC000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\atl02_xp.sys
Service Name: AtcL002
Module Base: F784C000
Module End: F7853000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: F7854000
Module End: F7859000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F4545000
Module End: F4568000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F785C000
Module End: F7863000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F4854000
Module End: F485F000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F4844000
Module End: F4851000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F4834000
Module End: F4843000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F4522000
Module End: F4545000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: F44FD000
Module End: F4522000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: F4824000
Module End: F4831000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F7864000
Module End: F786A000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\SynTP.sys
Service Name: SynTP
Module Base: F44CD000
Module End: F44FD000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F79EA000
Module End: F79EC000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F786C000
Module End: F7872000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\aex6j1yf.SYS
Service Name: ---
Module Base: F4494000
Module End: F44CD000
Hidden: Yes

Module Name: E:\WINDOWS\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: F70AD000
Module End: F70B1000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\tosrfcom.sys
Service Name: Tosrfcom
Module Base: F753C000
Module End: F754C000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\activhidsermini.sys
Service Name: ActivHidSerMini
Module Base: F754C000
Module End: F755A000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: F755C000
Module End: F7565000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: F778C000
Module End: F7793000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7BD5000
Module End: F7BD6000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\RootMdm.sys
Service Name: ROOTMODEM
Module Base: F79F0000
Module End: F79F2000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: F7794000
Module End: F779C000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F756C000
Module End: F7579000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F4D8D000
Module End: F4D90000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F447D000
Module End: F4494000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F757C000
Module End: F7587000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F758C000
Module End: F7598000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F779C000
Module End: F77A1000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F446C000
Module End: F447D000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F759C000
Module End: F75A5000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F77A4000
Module End: F77A9000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F77AC000
Module End: F77B1000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F75AC000
Module End: F75B6000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F79F2000
Module End: F79F4000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F4413000
Module End: F446C000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F4D81000
Module End: F4D85000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\tosporte.sys
Service Name: tosporte
Module Base: F75BC000
Module End: F75C8000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: F4D7D000
Module End: F4D80000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\activmouse.sys
Service Name: prmvmouse
Module Base: F79F4000
Module End: F79F6000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F75CC000
Module End: F75D6000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F760C000
Module End: F761B000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\RtkHDAud.sys
Service Name: IntcAzAudAddService
Module Base: EBEE5000
Module End: EC33D000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: EBEC3000
Module End: EBEE5000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F762C000
Module End: F763B000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\smserial.sys
Service Name: smserial
Module Base: EBDE9000
Module End: EBEC3000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\MODEMCSA.sys
Service Name: MODEMCSA
Module Base: F7984000
Module End: F7988000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F79F8000
Module End: F79FA000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7BAC000
Module End: F7BAD000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F79FA000
Module End: F79FC000
Hidden: No

Module Name: E:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F77D4000
Module End: F77DA000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F79FE000
Module End: F7A00000
Hidden: No

Module Name: E:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F7A00000
Module End: F7A02000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F77DC000
Module End: F77E1000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F77E4000
Module End: F77EC000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F7994000
Module End: F7997000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: EBD66000
Module End: EBD79000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: EBD0E000
Module End: EBD66000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\aswTdi.SYS
Service Name: aswTdi
Module Base: F763C000
Module End: F7646000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: EBCED000
Module End: EBD0E000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: EBCC5000
Module End: EBCED000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F764C000
Module End: F7655000
Hidden: No

Module Name: E:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: EBCA3000
Module End: EBCC5000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F765C000
Module End: F7665000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: EBC78000
Module End: EBCA3000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: EBC09000
Module End: EBC78000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F766C000
Module End: F7675000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\aswSP.SYS
Service Name: aswSP
Module Base: EBB7A000
Module End: EBBA1000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: F43BB000
Module End: F43BE000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\Aspi32.SYS
Service Name: Aspi32
Module Base: F43B7000
Module End: F43BB000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\Aavmker4.SYS
Service Name: Aavmker4
Module Base: F7804000
Module End: F780A000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\usbprint.sys
Service Name: usbprint
Module Base: F780C000
Module End: F7813000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\RTSTOR.SYS
Service Name: RTSTOR
Module Base: F7824000
Module End: F782B000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\STREAM.SYS
Service Name: ---
Module Base: F768C000
Module End: F7698000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\SYNSAM.SYS
Service Name: ---
Module Base: F43A3000
Module End: F43A7000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\SynCamd.sys
Service Name: ---
Module Base: F782C000
Module End: F7834000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\SynPin.sys
Service Name: ---
Module Base: EB9C7000
Module End: EBA41000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\SynPipe.sys
Service Name: ---
Module Base: BA43A000
Module End: BB000000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\SynScan.sys
Service Name: SynScan
Module Base: F7A06000
Module End: F7A08000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F769C000
Module End: F76AC000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: BA422000
Module End: BA43A000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7A16000
Module End: F7A18000
Hidden: Yes

Module Name: E:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: EBDB1000
Module End: EBDB4000
Hidden: No

Module Name: E:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F7874000
Module End: F7879000
Hidden: No

Module Name: E:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7A79000
Module End: F7A7A000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\aswFsBlk.SYS
Service Name: aswFsBlk
Module Base: EBDA9000
Module End: EBDAC000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\AegisP.sys
Service Name: AegisP
Module Base: F777C000
Module End: F7781000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: B7FD6000
Module End: B7FDA000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\aswMon2.SYS
Service Name: aswMon2
Module Base: B7D9B000
Module End: B7DB2000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: B76CE000
Module End: B76E3000
Hidden: No

Module Name: E:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: B78F3000
Module End: B7902000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: B7472000
Module End: B749E000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: B732B000
Module End: B7382000
Hidden: No

Module Name: \??\E:\WINDOWS\ATK0100\ASNDIS5.SYS
Service Name: ASNDIS5
Module Base: B71DB000
Module End: B71DF000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\aswRdr.SYS
Service Name: aswRdr
Module Base: F789C000
Module End: F78A1000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: B7042000
Module End: B7083000
Hidden: No

Module Name: E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Service Name: usbstor
Module Base: F77C4000
Module End: F77CB000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: B6B9A000
Module End: B6BBD000
Hidden: No

Module Name: E:\WINDOWS\System32\Drivers\SynMini.sys
Service Name: SynMini
Module Base: EBA41000
Module End: EBB52000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwClose
Address: EBB82C5A
Driver Base: EBB7A000
Driver End: EBBA1000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwCreateKey
Address: EBB82B16
Driver Base: EBB7A000
Driver End: EBBA1000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwDeleteKey
Address: EBB830CA
Driver Base: EBB7A000
Driver End: EBBA1000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwDeleteValueKey
Address: EBB82FF4
Driver Base: EBB7A000
Driver End: EBBA1000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwDuplicateObject
Address: EBB826EC
Driver Base: EBB7A000
Driver End: EBBA1000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwEnumerateKey
Address: F72C1DA4
Driver Base: F72A8000
Driver End: F739B000
Driver Name: splj.sys

Function Name: ZwEnumerateValueKey
Address: F72C2132
Driver Base: F72A8000
Driver End: F739B000
Driver Name: splj.sys

Function Name: ZwOpenKey
Address: EBB82BF0
Driver Base: EBB7A000
Driver End: EBBA1000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwOpenProcess
Address: EBB8262C
Driver Base: EBB7A000
Driver End: EBBA1000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwOpenThread
Address: EBB82690
Driver Base: EBB7A000
Driver End: EBBA1000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwQueryKey
Address: F72C220A
Driver Base: F72A8000
Driver End: F739B000
Driver Name: splj.sys

Function Name: ZwQueryValueKey
Address: EBB82D10
Driver Base: EBB7A000
Driver End: EBBA1000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwRenameKey
Address: EBB83198
Driver Base: EBB7A000
Driver End: EBBA1000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwRestoreKey
Address: EBB82CD0
Driver Base: EBB7A000
Driver End: EBBA1000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwSetValueKey
Address: EBB82E50
Driver Base: EBB7A000
Driver End: EBBA1000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwLoadDriver
At Address: 80582FD6
Jump To: EBB8F460
Module Name: E:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ZwCreateSection
At Address: 805AA25E
Jump To: EBB8F326
Module Name: E:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ZwCreateProcessEx
At Address: 805CFE96
Jump To: EBB8F502
Module Name: E:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ZwClose
At Address: 805BB35A
Jump To: EBB8B4BA
Module Name: E:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: PsCreateSystemThread
At Address: 805CFE96
Jump To: EBB8F502
Module Name: E:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ObMakeTemporaryObject
At Address: 805BB35A
Jump To: EBB8B4BA
Module Name: E:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ObInsertObject
At Address: 805C1C90
Jump To: EBB8C972
Module Name: E:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ObCloseHandle
At Address: 805BB35A
Jump To: EBB8B4BA
Module Name: E:\WINDOWS\System32\Drivers\aswSP.SYS

******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_CREATE
Jump To: F72E6ABC
Hooking Module: splj.sys

Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: F72E6ABC
Hooking Module: splj.sys

Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_CLOSE
Jump To: F72E6ABC
Hooking Module: splj.sys

Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_READ
Jump To: F72E6ABC
Hooking Module: splj.sys

Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_WRITE
Jump To: F72E6ABC
Hooking Module: splj.sys

Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: F72E6ABC
Hooking Module: splj.sys

Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: F72E6ABC
Hooking Module: splj.sys

Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: F72E6ABC
Hooking Module: splj.sys

Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_SET_EA
Jump To: F72E6ABC
Hooking Module: splj.sys

Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: F72E6ABC
Hooking Module: splj.sys

Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: F72E6ABC
Hooking Module: splj.sys

Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: F72E6ABC
Hooking Module: splj.sys

Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: F72E6ABC
Hooking Module: splj.sys

Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: F72E6ABC
Hooking Module: splj.sys

Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: F72E6ABC
Hooking Module: splj.sys

Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: F72E6ABC
Hooking Module: splj.sys

Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: F72E6ABC
Hooking Module: splj.sys

Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: F72E6ABC
Hooking Module: splj.sys

Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_CLEANUP
Jump To: F72E6ABC
Hooking Module: splj.sys

Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: F72E6ABC
Hooking Module: splj.sys

Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: F72E6ABC
Hooking Module: splj.sys

Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: F72E6ABC
Hooking Module: splj.sys

Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_POWER
Jump To: F72B0E30
Hooking Module: splj.sys

Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: F72BF518
Hooking Module: splj.sys

Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: F72E6ABC
Hooking Module: splj.sys

Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: F72E6ABC
Hooking Module: splj.sys

Hooked Module: \Driver\PCI_PNP3870
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: F72E6ABC
Hooking Module: splj.sys

Hooked Module: E:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 84B691F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 84B691F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 84B691F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 84B691F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 84B691F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 84B691F8
Hooking Module: _unknown_

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLOSE
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_READ
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_WRITE
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_EA
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLEANUP
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_POWER
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: F72A9000
Hooking Module: splj.sys

Hooked Module: E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_CREATE
Jump To: 849EC470
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_CLOSE
Jump To: 849EC470
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_READ
Jump To: 849EC470
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_WRITE
Jump To: 849EC470
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 849EC470
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 849EC470
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_POWER
Jump To: 849EC470
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 849EC470
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 849811F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 849811F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 849811F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 849811F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 849811F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 849811F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 84BDA1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_READ
Jump To: 84BDA1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 84BDA1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 84BDA1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 84BDA1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 84BDA1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 84BDA1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 84BDA1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 84BDA1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 84BDA1F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\aex6j1yf.SYS
Hooked IRP: IRP_MJ_CREATE
Jump To: 849471F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\aex6j1yf.SYS
Hooked IRP: IRP_MJ_CLOSE
Jump To: 849471F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\aex6j1yf.SYS
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 849471F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\aex6j1yf.SYS
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 849471F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\aex6j1yf.SYS
Hooked IRP: IRP_MJ_POWER
Jump To: 849471F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\aex6j1yf.SYS
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 849471F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 840301F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 840301F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 840301F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 840301F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 840301F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8489C1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8489C1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8489C1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8489C1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8489C1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8489C1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8489C1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8489C1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8489C1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8489C1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 849671F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 849671F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 849671F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 849671F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 849671F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 849671F8
Hooking Module: _unknown_

******************************************************************************************
******************************************************************************************
Ports:
Local Address: F5R:12995
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: LISTENING

Local Address: F5R:12993
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: LISTENING

Local Address: F5R:12563
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: LISTENING

Local Address: F5R:12465
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: LISTENING

Local Address: F5R:12143
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: LISTENING

Local Address: F5R:12119
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: LISTENING

Local Address: F5R:12110
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: LISTENING

Local Address: F5R:12080
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: LISTENING

Local Address: F5R:12025
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
State: LISTENING

Local Address: F5R:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: F5R:1037
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: F5R:1029
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
State: LISTENING

Local Address: F5R:1027
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
State: LISTENING

Local Address: F5R:1025
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
State: LISTENING

Local Address: F5R.KOLEJE.CUNI.CZ:1222
Remote Address: 82.99.19.52:HTTP
Type: TCP
Process: E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
State: CLOSE_WAIT

Local Address: F5R.KOLEJE.CUNI.CZ:1221
Remote Address: 82.99.19.52:HTTP
Type: TCP
Process: E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
State: CLOSE_WAIT

Local Address: F5R.KOLEJE.CUNI.CZ:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: F5R:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: F5R:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: F5R:1900
Remote Address: NA
Type: UDP
Process: E:\WINDOWS\system32\svchost.exe
State: NA

Local Address: F5R:1431
Remote Address: NA
Type: UDP
Process: E:\WINDOWS\system32\svchost.exe
State: NA

Local Address: F5R:123
Remote Address: NA
Type: UDP
Process: E:\WINDOWS\system32\svchost.exe
State: NA

Local Address: F5R.KOLEJE.CUNI.CZ:1900
Remote Address: NA
Type: UDP
Process: E:\WINDOWS\system32\svchost.exe
State: NA

Local Address: F5R.KOLEJE.CUNI.CZ:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: F5R.KOLEJE.CUNI.CZ:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: F5R.KOLEJE.CUNI.CZ:123
Remote Address: NA
Type: UDP
Process: E:\WINDOWS\system32\svchost.exe
State: NA

Local Address: F5R:4500
Remote Address: NA
Type: UDP
Process: E:\WINDOWS\system32\lsass.exe
State: NA

Local Address: F5R:500
Remote Address: NA
Type: UDP
Process: E:\WINDOWS\system32\lsass.exe
State: NA

Local Address: F5R:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
No hidden files/folders found

Potřebovala bych si něco ověřit

odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu

start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde

Zatím jsem to projel MBAM, a to i virtuální mechaniku daemon (F:); jistě jste si všimla, že harddisk je na tomto počítači ze záhadných důvodů pojmenován E:.
Výsledek scanu MBAM:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3930

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

26.4.2010 22:23:27
mbam-log-2010-04-26 (22-23-27).txt

Typ skenu: Úplný sken (E:\|F:\|)
Skenované objekty: 255489
Uplynulý čas: 2 hodina(y), 11 minuta(y), 37 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

VIRY.CZ

Kontrola logu - svchost

Kontrola logu - svchost

Re: Kontrola logu - svchost

Re: Kontrola logu - svchost

Re: Kontrola logu - svchost

Re: Kontrola logu - svchost

Re: Kontrola logu - svchost

Re: Kontrola logu - svchost

Re: Kontrola logu - svchost

Re: Kontrola logu - svchost

Re: Kontrola logu - svchost

Re: Kontrola logu - svchost

Re: Kontrola logu - svchost

Re: Kontrola logu - svchost

Re: Kontrola logu - svchost

Re: Kontrola logu - svchost