VIRY.CZ

Dobrý den, prosím o kontrolu logu z RSIT v souvislosti s krátkodobým vytěžováním CPU na 100% (obvykle při hře, filmu..):

Logfile of random's system information tool 1.07 (written by random/random)
Run by Pavel at 2010-07-05 14:15:17
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 27 GB (29%) free of 95 GB
Total RAM: 1023 MB (54% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ff080d-12a3-439a-a2ef-4ba95a3148e8}]
GetRight IE Download Helper - C:\Programy\GetRight\xx2gr.dll [2007-06-21 246848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\Programy\Avast\ashDisp.exe [2009-11-25 81000]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-09-23 7286784]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2005-08-29 102400]
"nwiz"=nwiz.exe /install []
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-07-22 81920]
"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2005-10-12 987136]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-08-19 737369]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ad-watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Programy\Adobe Reader\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Programy\icq\ICQ7.2\ICQ.exe [2010-06-25 133368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones]
C:\Programy\sonyericssonG900\Application Launcher\Application Launcher.exe [2007-12-25 548864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task]
C:\Programy\QuickTime\qttask.exe [2006-09-01 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Programy\antivsechno\SAS\SUPERAntiSpyware.exe [2010-06-07 2403568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^nabídka start^programy^po spuštění^lumix simple viewer.lnk]
C:\PROGRA~1\PANASO~1\LUMIXS~1\PHLEAU~1.EXE [2006-09-29 57344]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Programy\antivsechno\SAS\SASWINLO.DLL [2009-09-04 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Programy\antivsechno\SAS\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programy\icq\ICQLite\ICQLite.exe"="C:\Programy\icq\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\HRY\Flatout2\Flatout2\FlatOut2.exe"="C:\HRY\Flatout2\Flatout2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe"="C:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"C:\HRY\C.S.1.6\hl.exe"="C:\HRY\C.S.1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\HRY\FIFA 07\fifa07.exe"="C:\HRY\FIFA 07\fifa07.exe:*:Enabled:fifa07"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\14exmodul32f.l.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\14exmodul32f.l.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\99exinjs.v.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\99exinjs.v.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\31exmodul32f.l.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\31exmodul32f.l.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\27exinjs.v.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\27exinjs.v.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\12exmodul32f.l.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\12exmodul32f.l.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\78exinjs.v.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\78exinjs.v.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\9exmodul32f.l.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\9exmodul32f.l.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\56exinjs.v.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\56exinjs.v.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\73exmodul32f.l.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\73exmodul32f.l.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\30exinjs.v.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\30exinjs.v.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\32exmodul32f.m.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\32exmodul32f.m.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\24exinjs.v.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\24exinjs.v.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\79exmodul32f.m.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\79exmodul32f.m.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\64exinjs.v.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\64exinjs.v.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\76exmodul32f.m.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\76exmodul32f.m.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\98exinjs.v.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\98exinjs.v.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\92exmodul32f.m.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\92exmodul32f.m.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\3exmodul32f.m.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\3exmodul32f.m.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\2exinjs.v.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\2exinjs.v.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\78exinjs.w.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\78exinjs.w.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\13exinjs.w.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\13exinjs.w.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\38exinjs.w.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\38exinjs.w.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\21exinjs.w.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\21exinjs.w.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\35exinjs.w.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\35exinjs.w.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\17exinjs.w.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\17exinjs.w.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\66exinjs.y.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\66exinjs.y.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\51exinjs.y.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\51exinjs.y.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\67exinjs.y.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\67exinjs.y.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\70exinjs.y.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\70exinjs.y.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\76exinjs.a1.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\76exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\20exinjs.a6.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\20exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\97exinjs.a6.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\97exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\39exinjs.a7.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\39exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\77exinjs.a7.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\77exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\95exinjs.a7.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\95exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\43exinjs.a9.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\43exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Pavel\LOCALS~1\Temp\54exinjs.a9.exe"="C:\DOCUME~1\Pavel\LOCALS~1\Temp\54exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Programy\icq\ICQ6\ICQ.exe"="C:\Programy\icq\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\HRY\Steam\Steam.exe"="C:\HRY\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe"="C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe:*:Enabled:mRouterRuntime Module"
"C:\Programy\sonyericssonG900\update\Update Service\Update Service.exe"="C:\Programy\sonyericssonG900\update\Update Service\Update Service.exe:*:Enabled:Update Service"
"C:\Programy\sonyericssonG900\Sync Manager\DXP SyncML.exe"="C:\Programy\sonyericssonG900\Sync Manager\DXP SyncML.exe:*:Enabled:DXP SyncML Module"
"C:\Programy\icq\ICQ6.5\ICQ.exe"="C:\Programy\icq\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Programy\icq\ICQ7.2\ICQ.exe"="C:\Programy\icq\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Programy\icq\ICQ7.2\aolload.exe"="C:\Programy\icq\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Programy\BearShare\BearShare.exe"="C:\Programy\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\HRY\Steam\SteamApps\bonedaddy7\counter-strike\hl.exe"="C:\HRY\Steam\SteamApps\bonedaddy7\counter-strike\hl.exe:*:Enabled:Counter-Strike"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programy\icq\ICQ7.2\ICQ.exe"="C:\Programy\icq\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Programy\icq\ICQ7.2\aolload.exe"="C:\Programy\icq\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5694ef6-796d-11db-aba1-0017319739ca}]
shell\AutoRun\command - F:\Autorun.exe


======List of files/folders created in the last 1 months======

2010-07-05 14:15:18 ----D---- C:\Program Files\trend micro
2010-07-05 14:15:17 ----D---- C:\rsit
2010-07-04 23:30:40 ----D---- C:\Avenger
2010-07-04 23:30:40 ----A---- C:\avenger.txt
2010-07-04 23:28:51 ----A---- C:\avexport.bat
2010-06-29 18:56:22 ----D---- C:\Documents and Settings\Pavel\Data aplikací\VitySoft
2010-06-29 15:45:06 ----D---- C:\WINDOWS\system32\%USERPROFILE%
2010-06-26 16:32:46 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Malwarebytes
2010-06-26 16:32:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-06-24 20:58:50 ----D---- C:\Documents and Settings\Pavel\Data aplikací\SUPERAntiSpyware.com
2010-06-24 20:58:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-06-23 18:37:53 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{D5ABFFAD-D592-4F98-B02B-587125B4801F}

======List of files/folders modified in the last 1 months======

2010-07-05 14:15:25 ----D---- C:\WINDOWS\Prefetch
2010-07-05 14:15:18 ----AD---- C:\Program Files
2010-07-05 14:05:42 ----D---- C:\Program Files\Mozilla Firefox
2010-07-05 11:50:18 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-04 23:44:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-04 23:30:40 ----D---- C:\WINDOWS\system32\drivers
2010-07-04 23:30:40 ----D---- C:\WINDOWS
2010-07-03 19:21:17 ----SD---- C:\WINDOWS\Tasks
2010-07-03 19:08:22 ----D---- C:\My Downloads
2010-07-03 19:07:09 ----D---- C:\HRY
2010-07-01 16:24:09 ----D---- C:\WINDOWS\Temp
2010-06-30 22:57:34 ----A---- C:\WINDOWS\NeroDigital.ini
2010-06-29 18:57:11 ----D---- C:\Programy
2010-06-29 15:45:06 ----D---- C:\WINDOWS\system32
2010-06-26 18:04:40 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-06-25 22:09:05 ----D---- C:\Documents and Settings\Pavel\Data aplikací\ICQ
2010-06-24 21:08:50 ----D---- C:\WINDOWS\Debug
2010-06-23 18:36:24 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2010-06-23 18:36:22 ----SHD---- C:\WINDOWS\Installer
2010-06-23 18:36:21 ----D---- C:\Config.Msi
2010-06-22 20:04:57 ----D---- C:\Program Files\ICQ6Toolbar
2010-06-22 20:04:14 ----D---- C:\WINDOWS\system32\config
2010-06-22 20:03:37 ----D---- C:\WINDOWS\system32\wbem
2010-06-22 20:03:37 ----D---- C:\WINDOWS\Registration
2010-06-22 20:02:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-06-20 12:48:37 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-16 16:06:33 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-06-16 16:02:41 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Uniblue
2010-06-14 14:54:22 ----D---- C:\Downloads
2010-06-06 12:14:47 ----HD---- C:\WINDOWS\inf
2010-06-06 12:14:43 ----DC---- C:\WINDOWS\system32\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-09-21 25096]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-09-21 28680]
R1 SASDIFSV;SASDIFSV; \??\C:\Programy\antivsechno\SAS\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Programy\antivsechno\SAS\SASKUTIL.SYS []
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2004-10-04 62799]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-09-21 33288]
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-04 87424]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2006-11-01 15781]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-10-15 14568]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-07-26 3644032]
R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 BCM43XX;ASUS 802.11 ovladač síťového adaptéru; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2005-02-11 371712]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-17 14080]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [2005-06-22 1034752]
R3 HSFHWSIS;HSFHWSIS; C:\WINDOWS\System32\DRIVERS\HSFHWSIS.sys [2005-06-22 216320]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2005-09-23 3522304]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 SynMini;USB2.0 1.3M Web Cam; C:\WINDOWS\System32\Drivers\SynMini.sys [2005-10-03 720470]
R3 SynScan;USB2.0 1.3M Web Cam Still Image; C:\WINDOWS\System32\Drivers\SynScan.sys [2005-10-03 8278]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-08-19 190912]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\System32\DRIVERS\tosporte.sys [2005-03-30 47230]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2005-06-22 716416]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM); C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2008-01-15 63360]
S1 cbc0308;cbc0308; C:\WINDOWS\System32\drivers\cbc0308.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-17 60800]
S3 Bridge;Most MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552]
S3 BridgeMP;Miniport mostu MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 f-secure standalone minifilter;F-Secure Standalone Minifilter; \??\C:\DOCUME~1\Pavel\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-17 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-17 61824]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2002-10-16 2851]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2005-07-04 98176]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2004-07-08 36531]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [2005-06-27 53504]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\System32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2005-04-06 50048]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2004-12-21 34816]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 zebrbus;Sony Ericsson Composite Device driver; C:\WINDOWS\system32\DRIVERS\zebrbus.sys [2008-01-15 83200]
S3 zebrmdfl;Sony Ericsson Modem Filter; C:\WINDOWS\system32\DRIVERS\zebrmdfl.sys [2008-01-15 14848]
S3 zebrmdm;Sony Ericsson Port (WDM); C:\WINDOWS\system32\DRIVERS\zebrmdm.sys [2008-01-15 109568]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM); C:\WINDOWS\system32\DRIVERS\zebrmdmc.sys [2008-01-15 109568]
S3 zebrsce;Sony Ericsson PC-Connect Port; C:\WINDOWS\system32\DRIVERS\zebrsce.sys [2008-01-15 91264]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 s24trans;WLAN Transport; C:\WINDOWS\system32\drivers\s24trans.sys []
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Programy\Avast\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Programy\Avast\ashServ.exe [2009-11-25 138680]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-04-24 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-09-23 143428]
R2 SmcService;Sygate Personal Firewall; C:\Programy\Sygate\smc.exe [2004-10-15 2577632]
R3 avast! Web Scanner;avast! Web Scanner; C:\Programy\Avast\ashWebSv.exe [2009-11-25 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Programy\Avast\ashMaiSv.exe [2009-11-25 254040]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-30 69632]
S3 fontcache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 lavasoft ad-aware service;Lavasoft Ad-Aware Service; C:\Programy\adaware\Ad-Aware\AAWService.exe [2010-07-03 1352832]
S4 Autodata Limited License Service;Autodata Limited License Service; C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [2007-07-10 72704]

-----------------EOF-----------------

Děkuji za rady a kontrolu.

Zdravím


Doporučuji odinstalovat Ad-Aware.


Na co jste používal Avenger Vložte mi sem skript C:\avenger.txt


Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
• Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
• Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
• Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
• Během skenování může být počítač restartován.

Ad-aware odinstalováno.

Avenger- již nevím - skript níže:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\odbconf32" not found!
Deletion of driver "odbconf32" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\odbconf32.exe" not found!
Deletion of file "C:\WINDOWS\odbconf32.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

A log z Combofix hned vložím jakmile jej budu mít.

Děkuji.

Combofix log:

ComboFix 10-07-04.04 - Pavel 05.07.2010 15:05:57.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.599 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100704-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\206.exe
c:\windows\206.scr

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-05 do 2010-07-05 )))))))))))))))))))))))))))))))
.

2010-07-05 12:15 . 2010-07-05 12:15 -------- d-----w- c:\program files\trend micro
2010-07-05 12:15 . 2010-07-05 12:15 -------- d-----w- C:\rsit
2010-07-04 21:28 . 2010-07-04 21:28 260 ----a-w- C:\avexport.bat
2010-06-29 13:45 . 2010-06-29 13:45 -------- d-----w- c:\windows\system32\%USERPROFILE%
2010-06-26 14:32 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-26 14:32 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-22 18:03 . 2010-06-22 18:03 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-13 07:59 . 2010-06-13 08:00 5076072 ----a-w- c:\documents and settings\Pavel\speedupmypc.exe
2010-06-13 07:59 . 2010-06-13 07:59 -------- d-----w- c:\documents and settings\Pavel\ErrorLogs

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-22 18:04 . 2009-03-13 16:54 -------- d-----w- c:\program files\ICQ6Toolbar
2010-06-20 10:48 . 2007-12-12 16:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-18 06:41 . 2009-11-01 13:34 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
.

------- Sigcheck -------

[-] 2006-09-20 . EE9C6B301DE7E2B13870D2AEBF5CCB5B . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\programy\Avast\ashDisp.exe" [2009-11-24 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-23 7286784]
"HControl"="c:\windows\ATK0100\HControl.exe" [2005-08-29 102400]
"nwiz"="nwiz.exe" [2005-09-23 1519616]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 81920]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-12 987136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-19 737369]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"="md" [X]
"nlpo_02"="advpack.dll" [2004-08-17 100352]
"nlpo_03"="advpack.dll" [2004-08-17 100352]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programy\antivsechno\SAS\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\programy\antivsechno\SAS\SASWINLO.DLL

[HKLM\~\startupfolder\c:^documents and settings^all users^nabídka start^programy^po spuštění^lumix simple viewer.lnk]
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\programy\Adobe Reader\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-06-25 20:07 133368 ----a-w- c:\programy\icq\ICQ7.2\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones]
2007-12-25 14:53 548864 ----a-r- c:\programy\sonyericssonG900\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task]
2006-09-01 14:57 282624 ----a-w- c:\programy\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-06-07 17:13 2403568 ----a-w- c:\programy\antivsechno\SAS\SUPERAntiSpyware.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\HRY\\C.S.1.6\\hl.exe"=
"c:\\HRY\\Steam\\Steam.exe"=
"c:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"c:\\Programy\\sonyericssonG900\\update\\Update Service\\Update Service.exe"=
"c:\\Programy\\sonyericssonG900\\Sync Manager\\DXP SyncML.exe"=
"c:\\Programy\\icq\\ICQ7.2\\ICQ.exe"=
"c:\\Programy\\icq\\ICQ7.2\\aolload.exe"=
"c:\\Programy\\BearShare\\BearShare.exe"=
"c:\\HRY\\Steam\\SteamApps\\bonedaddy7\\counter-strike\\hl.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.4.2008 18:32 114768]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.9.2007 10:17 28680]
R1 SASDIFSV;SASDIFSV;c:\programy\antivsechno\SAS\sasdifsv.sys [17.2.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\programy\antivsechno\SAS\SASKUTIL.SYS [10.5.2010 20:41 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.4.2008 18:32 20560]
R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [1.11.2006 9:03 216320]
R3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [1.11.2006 9:00 720470]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [1.11.2006 9:00 8278]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 cbc0308;cbc0308;c:\windows\system32\drivers\cbc0308.sys --> c:\windows\system32\drivers\cbc0308.sys [?]
S2 FAH-01;Folding Service #01; [x]
S3 f-secure standalone minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\Pavel\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\Pavel\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchAssistant =
IE: download with getright - c:\programy\GetRight\GRdownload.htm
IE: open with getright browser - c:\programy\GetRight\GRbrowse.htm
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\programy\icq\ICQ7.2\ICQ.exe
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\djnp7d57.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - http://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programy\Adobe Reader\Reader\browser\nppdf32.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin7.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-ad-watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-05 15:10
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\programy\antivsechno\SAS\SASWINLO.DLL
.
Celkový čas: 2010-07-05 15:12:17
ComboFix-quarantined-files.txt 2010-07-05 13:12

Před spuštěním: Volných bajtů: 29 239 869 440
Po spuštění: Volných bajtů: 30 968 840 192

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 2D066A851BBC8473DB1E6492E3D016E5

Následující soubor/y otestujte na http://www.virustotal.com/cs/
c:\windows\system32\sfcfiles.dll
(Soubor/y nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

http://www.virustotal.com/cs/analisis/8 ... 1278354479

Děkuji.

Mám ještě něco pro kontrolu otestovat?

Doporučuji odinstalovat:
C:\Program Files\uTorrent\uTorrent.exe

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.


Pokud nemáte, přesuňte Combofix na plochu

• Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

• Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
• Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
  
  
• Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Tak nový log:

ComboFix 10-07-04.04 - Pavel 06.07.2010 19:34:36.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.572 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavel\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100706-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

FILE ::
"c:\docume~1\Pavel\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys"
"c:\windows\system32\drivers\cbc0308.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Pavel\Local Settings\Temp
c:\windows\system32\%USERPROFILE%

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_f-secure_standalone_minifilter
-------\Legacy_FAH-01
-------\Service_cbc0308
-------\Service_f-secure standalone minifilter
-------\Service_FAH-01


((((((((((((((((((((((((( Soubory vytvořené od 2010-06-06 do 2010-07-06 )))))))))))))))))))))))))))))))
.

2010-07-05 12:15 . 2010-07-05 12:15 -------- d-----w- c:\program files\trend micro
2010-07-05 12:15 . 2010-07-05 12:15 -------- d-----w- C:\rsit
2010-07-04 21:28 . 2010-07-04 21:28 260 ----a-w- C:\avexport.bat
2010-06-26 14:32 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-26 14:32 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-22 18:03 . 2010-06-22 18:03 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-13 07:59 . 2010-06-13 08:00 5076072 ----a-w- c:\documents and settings\Pavel\speedupmypc.exe
2010-06-13 07:59 . 2010-06-13 07:59 -------- d-----w- c:\documents and settings\Pavel\ErrorLogs

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-22 18:04 . 2009-03-13 16:54 -------- d-----w- c:\program files\ICQ6Toolbar
2010-06-20 10:48 . 2007-12-12 16:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-18 06:41 . 2009-11-01 13:34 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
.

------- Sigcheck -------

[-] 2006-09-20 . EE9C6B301DE7E2B13870D2AEBF5CCB5B . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-07-05_13.10.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-05 15:45 . 2010-07-05 15:45 16384 c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_134.dat
+ 2010-07-06 17:42 . 2010-07-06 17:42 16384 c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_124.dat
+ 2010-07-06 17:42 . 2010-07-06 17:42 53248 c:\windows\system32\config\systemprofile\Local Settings\Temp\catchme.dll
- 2010-07-05 13:10 . 2010-07-05 13:10 53248 c:\windows\system32\config\systemprofile\Local Settings\Temp\catchme.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\programy\Avast\ashDisp.exe" [2009-11-24 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-23 7286784]
"HControl"="c:\windows\ATK0100\HControl.exe" [2005-08-29 102400]
"nwiz"="nwiz.exe" [2005-09-23 1519616]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 81920]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-12 987136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-19 737369]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"="md" [X]
"nlpo_02"="advpack.dll" [2004-08-17 100352]
"nlpo_03"="advpack.dll" [2004-08-17 100352]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programy\antivsechno\SAS\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\programy\antivsechno\SAS\SASWINLO.DLL

[HKLM\~\startupfolder\c:^documents and settings^all users^nabídka start^programy^po spuštění^lumix simple viewer.lnk]
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\programy\Adobe Reader\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-06-25 20:07 133368 ----a-w- c:\programy\icq\ICQ7.2\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones]
2007-12-25 14:53 548864 ----a-r- c:\programy\sonyericssonG900\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task]
2006-09-01 14:57 282624 ----a-w- c:\programy\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-06-07 17:13 2403568 ----a-w- c:\programy\antivsechno\SAS\SUPERAntiSpyware.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\HRY\\C.S.1.6\\hl.exe"=
"c:\\HRY\\Steam\\Steam.exe"=
"c:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"c:\\Programy\\sonyericssonG900\\update\\Update Service\\Update Service.exe"=
"c:\\Programy\\sonyericssonG900\\Sync Manager\\DXP SyncML.exe"=
"c:\\Programy\\icq\\ICQ7.2\\ICQ.exe"=
"c:\\Programy\\icq\\ICQ7.2\\aolload.exe"=
"c:\\Programy\\BearShare\\BearShare.exe"=
"c:\\HRY\\Steam\\SteamApps\\bonedaddy7\\counter-strike\\hl.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.4.2008 18:32 114768]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.9.2007 10:17 28680]
R1 SASDIFSV;SASDIFSV;c:\programy\antivsechno\SAS\sasdifsv.sys [17.2.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\programy\antivsechno\SAS\SASKUTIL.SYS [10.5.2010 20:41 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.4.2008 18:32 20560]
R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [1.11.2006 9:03 216320]
R3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [1.11.2006 9:00 720470]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [1.11.2006 9:00 8278]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchAssistant =
IE: download with getright - c:\programy\GetRight\GRdownload.htm
IE: open with getright browser - c:\programy\GetRight\GRbrowse.htm
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\programy\icq\ICQ7.2\ICQ.exe
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\djnp7d57.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - http://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programy\Adobe Reader\Reader\browser\nppdf32.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin7.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-06 19:42
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1068)
c:\programy\antivsechno\SAS\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(532)
c:\windows\system32\msi.dll
c:\windows\system32\SSSensor.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\programy\Sygate\smc.exe
c:\programy\Avast\aswUpdSv.exe
c:\programy\Avast\ashServ.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\programy\Avast\ashWebSv.exe
c:\windows\ATK0100\ATKOSD.exe
.
**************************************************************************
.
Celkový čas: 2010-07-06 19:45:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-06 17:45
ComboFix2.txt 2010-07-05 13:12

Před spuštěním: Volných bajtů: 31 368 306 688
Po spuštění: Volných bajtů: 31 276 253 184

- - End Of File - - 101CEFE67C41E1EDED45145F3FE3E9F4


A program uTorrent jsem smazal asi před rokem. Když dám hledání, nic nenajdu. Ani ve složkách kam jsem jej kdysi nainstaloval.

uTorrent byl jen zbytkový záznam v logu.


Odinstalujte všechny emulátory virtuálních mechanik.

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

• Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
• zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

• Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

Log z mbr:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK



První log z gmer:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-07-06 21:14:42
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\uxtdrpog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/Eset )
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----



Druhý log z gmer:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-06 22:48:33
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\uxtdrpog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwAllocateVirtualMemory [0xF6168B30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF3E146B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF3E14574]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwCreateThread [0xF61686F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF3E14A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF3E1414C]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xF6168470]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF3E1464E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF3E1408C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF3E140F0]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwProtectVirtualMemory [0xF6168C50]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF3E1476E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF3E1472E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF3E148AE]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xF6168990]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwTerminateProcess [0xF61688D0]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwWriteVirtualMemory [0xF6168D60]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF68A6360, 0x20328D, 0xE8000020]
.text tcpip.sys!IPTransmit + 10B7 F3FF8CFA 6 Bytes CALL F730AE50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPTransmit + 24D9 F3FFA11C 6 Bytes CALL F730AE50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPTransmit + 4662 F3FFC2A5 6 Bytes CALL F730AE50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text wanarp.sys F617B3FD 7 Bytes CALL F730AFA0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
pnidata C:\WINDOWS\System32\DRIVERS\secdrv.sys unknown last section [0xF12BBF00, 0x24000, 0x48000000]
? C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F730BC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F730BBD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F730BB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F730B8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F730B8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F730BBD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F730BC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F730BB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F730BB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F730B8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F730BBD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F730BC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F730B8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F730BC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F730BBD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F730BB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F730BC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F730B8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F730BBD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F730BB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F730B8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F730BBD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F730BC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [F730BBD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol] [F730B8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter] [F730BC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol] [F730BB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F730B8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F730BB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F730BC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F730BBD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1108] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003C0002
IAT C:\WINDOWS\system32\services.exe[1108] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003C0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/Eset )
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\aswTdi \Device\AswUdpFilter wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

Device \Driver\aswTdi \Device\ASWTDI wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\aswTdi \Device\AswTcpFilter wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

---- EOF - GMER 1.0.15 ----



Měl bych ještě prosbu: jaký software nejlépe použít na ochranu před malware, spyware apod., případně na jeho detekci a následné smazání a stačí avast jako antivir pro notebook s normálním, domácím použitím? Případně jaký software nainstalovat pro všelijakou ochranu?

Děkuji.

http://www.viry.cz/forum/viewtopic.php?f=29&t=6152

Tento článek vám určitě poradí.

Jak se chová PC

Paráda, zajímavé téma.

Notebook se chová stále stejně. Stále občasné zatížení CPU na 100%..

Který proces nejvíce vytěžuje PC

svchost.exe, smc.exe, taskmgr.exe....