samovolne spusteny prehliadac (na pozadi?)

[pecko77]

toto je z toho UsbFixu:

############################## | UsbFix V6.100 |

User : evka (Administrators) # EVKA1-PC
Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 11:37:13 | 7. 4. 2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Celeron(R) CPU 540 @ 1.86GHz
Microsoft® Windows Vista™ Home Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 7.0.6002.18005
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1368 [VPS 100224-1] 4.8.1368 [ Enabled | Updated ]

C:\ -> Local Fixed Disk # 67,69 Go (39 Go free) [Vista] # NTFS
D:\ -> Removable Disk # 7,46 Go (1,11 Go free) [USB2] # FAT32
E:\ -> CD-ROM Disc
F:\ -> Removable Disk
G:\ -> Local Fixed Disk # 298,09 Go (257,41 Go free) [Iomega HDD] # NTFS
S:\ -> Local Fixed Disk # 1,46 Go (1,42 Go free) [System] # NTFS

################## | Files # Infected Folders |

Deleted ! C:\$Recycle.Bin\S-1-5-21-1730723268-729224220-3052934918-1000
Deleted ! D:\log.txt
Deleted ! G:\$Recycle.Bin\S-1-5-21-1730723268-729224220-3052934918-1000
Deleted ! G:\$Recycle.Bin\S-1-5-21-2692271737-3509085979-1473657064-1000
Deleted ! G:\Recycler\S-1-5-21-1177238915-1965331169-1801674531-1003
Deleted ! G:\Recycler\S-1-5-21-1177238915-1965331169-1801674531-1005
Deleted ! G:\Recycler\S-1-5-21-1715567821-884357618-839522115-1004
Deleted ! G:\Recycler\S-1-5-21-436374069-796845957-682003330-1003
Deleted ! S:\$Recycle.Bin\S-1-5-21-1730723268-729224220-3052934918-1000
Deleted ! S:\$Recycle.Bin\S-1-5-21-1730723268-729224220-3052934918-1001
Deleted ! S:\$Recycle.Bin\S-1-5-21-1730723268-729224220-3052934918-1002

################## | Registry |

Deleted ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
Deleted ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Mountpoints2 |


################## | Listing of the present files |

[18. 09. 2006 23:43|--a------|24] C:\autoexec.bat
[02. 11. 2006 11:53|-rahs----|438840] C:\bootmgr
[13. 11. 2006 11:26|-ra-s----|8192] C:\BOOTSECT.BAK
[11. 12. 2007 09:47|--a------|193] C:\CardRdr.log
[07. 04. 2010 00:21|--a------|11054] C:\ComboFix.txt
[18. 09. 2006 23:43|--a------|10] C:\config.sys
[11. 12. 2007 09:42|--a------|86] C:\lan.log
[?|?|?] C:\pagefile.sys
[11. 12. 2007 09:38|--a------|426] C:\RHDSetup.log
[07. 04. 2010 11:41|--a------|2425] C:\UsbFix.txt
[11. 12. 2007 09:47|--a------|173] C:\wlan.log
[06. 04. 2010 17:03|--a------|42281152] D:\avira_antivir_personal_en.exe
[06. 04. 2010 17:31|--a------|781909] D:\RSIT.exe
[06. 04. 2010 17:52|--a------|5187730] D:\sgl206a.zip
[06. 04. 2010 18:03|--a------|16409960] D:\spybotsd162.exe
[06. 04. 2010 20:14|--a------|3908251] D:\ComboFix.exe
[07. 04. 2010 00:21|--a------|11054] D:\ComboFix.txt
[07. 02. 2009 16:46|--a------|1551706112] G:\96 hodin (2008).avi
[15. 06. 2006 05:19|--a------|731510784] G:\Cesta do praveku.avi
[23. 11. 2005 17:51|--a------|734019584] G:\Jak dostat tatinka do polepsovny.avi
[30. 04. 2007 00:08|--a------|733562880] G:\Jak vytrhnut.avi
[12. 11. 2009 21:52|--a------|1680510976] G:\Monstra vs. Vetrelci 2009 CZ BRRip .avi
[27. 07. 2009 02:03|--a------|847972352] G:\stvrte proroctvo.avi
[01. 01. 2010 17:41|--ahs----|10752] G:\Thumbs.db
[12. 07. 2009 12:54|--a------|2173828324] G:\Valkyria.avi
[16. 11. 2009 18:05|--a------|1513478144] G:\Year.One.UNRATED.DVDRip.XviD.AC3.CZ-DEViSE.avi
[11. 04. 2009 08:36|-rahs----|333257] S:\bootmgr

################## | Vaccination |

# C:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# D:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# G:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# S:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).

################## | Upload |

Please send the file : C:\UsbFix_Upload_Me_evka1-PC.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution .

[pecko77]

Rádkině, mam este prosbicku ohladom tych googlov v STARTUPe.. zo slovenskeho pc fora mi odpisali ze mam odtial vsetko vymazat okrem antiv, driverov na grafiku a zvukovku, nechat este ctfmon.exe

co si o tom myslite,hm?

[motji]

Ano, pošlete jim to .
Klidně USBfix spustte na svém pc, pokud tedy nemáte 64 b systém.. Usbfix vytváří ochranou složku autorun.inf, je to takové očkování

My jsme spolu ještě neskončili .
Můžete a nemusíte. Pokud má pc pomalý náběh, můžete vypnout spouštění zbytečností po startu, aby pc nabíhalo rychleji.

Jak to vypadá s počítačem? Ten problém s prohlížečem stále přetrvává?

[pecko77]

to ma tesi ze sme spolu este neskoncili... sam by som to daleko nedotiahol uprimne dik za cas a pomahanie

ci ma pomaly nabeh neviem posudit,nemam s cim porovnat,tu je vista ja mam na svojom xp...celkovo je to strasny lenoch, ale co ma trapi ze sa automaticky spusti prohlizec, aspon tak to ukaze taskmng,pricom ja ho spusteny nemam a ked ho dam ukoncit proces z taskmng tak tam zacnu naskakovat postupne po jednom google.exe (5x) aked ich je uz 5 tak zmiznu a naskoci zase prohlizec...bez mojho zasahu...a stale ukazuje okolo 70-80% (kolise v tom rozmedzi) a celkove zatazenie procesoru ukazuje rovnych konstantnych (bez nejakeho zakolisania) 100%.. idem to skusit teraz restartovat a dam vam vediet... odpajam aj tie ext. uloz.

som zvedavy ci tam zas skoci ten prohlizec

[pecko77]

nic...ziadna zmena... prave tam skusam aviru...

[motji]

Netestujte zbytečně dalším antivirem. Když už, tak nějakým online skenerem. Zbytečně si do počítače taháte další drivery. A jestli Vás můžu poprosit, po dobu naší léčby neinstalujte bez mého vědomí žádné programy, pak mám v logu další soubory a a jsou v tom zmatky . Já tu budu zase večer, kolem půl 9..nejsem tu sice pořád, ale určitě to dáme spolu dohromady


Stáhněte SysProt AntiRootkit
http://sites.google.com/site/sysprotantirootkit/
-rozbalte a spusťte
-provedte všechny záložky a vložte logy


Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Ještě poprosím, můžete mi dát screen správce uloh po startu systému, kdy Vy žádný prohlížeč nezapnete? A log z SysProt AntiRootkit bych také ráda měla z této doby

[pecko77]

ok.. nainstaloval som len tu aviru poza vas chrbat
nieco sa jej podarilo detekovat tak vam sem suchnem aj jej report


Avira AntiVir Personal
Report file date: 07 April 2010 15:29

Scanning for 1966212 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : EVKA1-PC

Version information:
BUILD.DAT : 10.0.0.561 32098 Bytes 18/03/2010 15:46:00
AVSCAN.EXE : 10.0.2.3 433832 Bytes 07/03/2010 15:57:10
AVSCAN.DLL : 10.0.2.2 45928 Bytes 02/03/2010 10:48:47
LUKE.DLL : 10.0.2.3 104296 Bytes 07/03/2010 16:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 21:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 07:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 17:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 15:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 14:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 09:29:03
VBASE005.VDF : 7.10.4.204 2048 Bytes 05/03/2010 09:29:03
VBASE006.VDF : 7.10.4.205 2048 Bytes 05/03/2010 09:29:03
VBASE007.VDF : 7.10.4.206 2048 Bytes 05/03/2010 09:29:03
VBASE008.VDF : 7.10.4.207 2048 Bytes 05/03/2010 09:29:03
VBASE009.VDF : 7.10.4.208 2048 Bytes 05/03/2010 09:29:03
VBASE010.VDF : 7.10.4.209 2048 Bytes 05/03/2010 09:29:03
VBASE011.VDF : 7.10.4.210 2048 Bytes 05/03/2010 09:29:03
VBASE012.VDF : 7.10.4.211 2048 Bytes 05/03/2010 09:29:03
VBASE013.VDF : 7.10.4.242 153088 Bytes 08/03/2010 13:43:21
VBASE014.VDF : 7.10.5.17 99328 Bytes 10/03/2010 13:24:21
VBASE015.VDF : 7.10.5.44 107008 Bytes 11/03/2010 15:41:40
VBASE016.VDF : 7.10.5.69 92672 Bytes 12/03/2010 07:25:53
VBASE017.VDF : 7.10.5.91 119808 Bytes 15/03/2010 07:39:58
VBASE018.VDF : 7.10.5.121 112640 Bytes 18/03/2010 11:01:24
VBASE019.VDF : 7.10.5.138 139776 Bytes 18/03/2010 13:15:36
VBASE020.VDF : 7.10.5.164 113152 Bytes 22/03/2010 13:15:36
VBASE021.VDF : 7.10.5.182 108032 Bytes 23/03/2010 13:15:36
VBASE022.VDF : 7.10.5.199 123904 Bytes 24/03/2010 13:15:36
VBASE023.VDF : 7.10.5.217 279552 Bytes 25/03/2010 13:15:36
VBASE024.VDF : 7.10.5.234 202240 Bytes 26/03/2010 13:15:36
VBASE025.VDF : 7.10.5.254 187904 Bytes 30/03/2010 13:15:36
VBASE026.VDF : 7.10.6.18 130560 Bytes 01/04/2010 13:15:36
VBASE027.VDF : 7.10.6.34 136192 Bytes 06/04/2010 13:15:36
VBASE028.VDF : 7.10.6.35 2048 Bytes 06/04/2010 13:15:36
VBASE029.VDF : 7.10.6.36 2048 Bytes 06/04/2010 13:15:36
VBASE030.VDF : 7.10.6.37 2048 Bytes 06/04/2010 13:15:36
VBASE031.VDF : 7.10.6.40 33792 Bytes 07/04/2010 13:15:36
Engineversion : 8.2.1.210
AEVDF.DLL : 8.1.1.3 106868 Bytes 13/02/2010 10:16:21
AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 07/04/2010 13:16:14
AESCN.DLL : 8.1.5.0 127347 Bytes 25/02/2010 16:38:41
AESBX.DLL : 8.1.2.1 254323 Bytes 17/03/2010 09:09:47
AERDL.DLL : 8.1.4.3 541043 Bytes 17/03/2010 09:09:47
AEPACK.DLL : 8.2.1.1 426358 Bytes 07/04/2010 13:16:06
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 17/03/2010 09:09:46
AEHEUR.DLL : 8.1.1.16 2503031 Bytes 07/04/2010 13:15:59
AEHELP.DLL : 8.1.11.3 242039 Bytes 07/04/2010 13:15:53
AEGEN.DLL : 8.1.3.6 373108 Bytes 07/04/2010 13:15:53
AEEMU.DLL : 8.1.1.0 393587 Bytes 10/11/2009 07:04:22
AECORE.DLL : 8.1.13.1 188790 Bytes 07/04/2010 13:15:52
AEBB.DLL : 8.1.0.3 53618 Bytes 10/09/2009 10:15:06
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/01/2010 10:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 14/01/2010 10:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 18/02/2010 14:47:40
AVREG.DLL : 10.0.1.2 52072 Bytes 29/01/2010 09:47:41
AVSCPLR.DLL : 10.0.2.3 83304 Bytes 07/03/2010 16:02:30
AVARKT.DLL : 10.0.0.13 227176 Bytes 07/03/2010 15:48:41
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/01/2010 07:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/01/2010 10:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/03/2010 13:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 19/02/2010 12:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 11:10:20
RCTEXT.DLL : 10.0.46.0 97128 Bytes 05/03/2010 08:09:41

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, S:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 07 April 2010 15:29

Starting search for hidden objects.
An ARK library instance is already running.

The scan of running processes will be started
Scan process 'avscan.exe' - '72' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '76' Module(s) have been scanned
Scan process 'avcenter.exe' - '77' Module(s) have been scanned
Scan process 'avgnt.exe' - '53' Module(s) have been scanned
Scan process 'sched.exe' - '57' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'avguard.exe' - '64' Module(s) have been scanned
Scan process 'iexplore.exe' - '147' Module(s) have been scanned
Scan process 'Dwm.exe' - '19' Module(s) have been scanned
Scan process 'taskeng.exe' - '48' Module(s) have been scanned
Scan process 'taskmgr.exe' - '34' Module(s) have been scanned
Scan process 'sidebar.exe' - '74' Module(s) have been scanned
Scan process 'ehmsas.exe' - '18' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '33' Module(s) have been scanned
Scan process 'unsecapp.exe' - '27' Module(s) have been scanned
Scan process 'ehtray.exe' - '25' Module(s) have been scanned
Scan process 'btdna.exe' - '58' Module(s) have been scanned
Scan process 'sidebar.exe' - '105' Module(s) have been scanned
Scan process 'ashDisp.exe' - '47' Module(s) have been scanned
Scan process 'osd.exe' - '35' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '46' Module(s) have been scanned
Scan process 'iexplore.exe' - '70' Module(s) have been scanned
Scan process 'alg.exe' - '34' Module(s) have been scanned
Scan process 'ashWebSv.exe' - '38' Module(s) have been scanned
Scan process 'ashMaiSv.exe' - '53' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '35' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '60' Module(s) have been scanned
Scan process 'svchost.exe' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '48' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'NBService.exe' - '38' Module(s) have been scanned
Scan process 'taskeng.exe' - '80' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'spoolsv.exe' - '79' Module(s) have been scanned
Scan process 'Explorer.EXE' - '145' Module(s) have been scanned
Scan process 'ashServ.exe' - '71' Module(s) have been scanned
Scan process 'aswUpdSv.exe' - '20' Module(s) have been scanned
Scan process 'aawservice.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '91' Module(s) have been scanned
Scan process 'svchost.exe' - '86' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '151' Module(s) have been scanned
Scan process 'svchost.exe' - '113' Module(s) have been scanned
Scan process 'svchost.exe' - '64' Module(s) have been scanned
Scan process 'svchost.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '62' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'winlogon.exe' - '30' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'S:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '477' files ).


Starting the file scan:

Begin scan in 'C:\' <Vista>
C:\Users\evka\Downloads\OFFICE 2007 enterprise keygen.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Bifrose.Gen back-door program
C:\Users\Public\Downloads\WinZumaSetup.exe
[DETECTION] Is the TR/Agent.6061846.A Trojan
Begin scan in 'S:\' <System>

Beginning disinfection:
C:\Users\Public\Downloads\WinZumaSetup.exe
[DETECTION] Is the TR/Agent.6061846.A Trojan
[WARNING] The file was ignored!
C:\Users\evka\Downloads\OFFICE 2007 enterprise keygen.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Bifrose.Gen back-door program
[WARNING] The file was ignored!


End of the scan: 07 April 2010 16:28
Used time: 58:10 Minute(s)

The scan has been done completely.

19950 Scanned directories
217585 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
217583 Files not concerned
1358 Archives were scanned
2 Warnings
0 Notes

idem poskusat tie vase navody...a budem to sem postupne ladovat

[pecko77]

ahoj rádkině, ospravedlnujem sa, nedalo sa mi skor...aj za to instalovanie bez vasho vedomia...

toto je po spusteni bez pristupu na net
SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\Windows\System32\smss.exe
PID: 412
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 496
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 540
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wininit.exe
PID: 548
Hidden: No
Window Visible: No

Name: C:\Windows\System32\winlogon.exe
PID: 576
Hidden: No
Window Visible: No

Name: C:\Windows\System32\services.exe
PID: 624
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsass.exe
PID: 644
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsm.exe
PID: 652
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 804
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 892
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 928
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1044
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1088
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1100
Hidden: No
Window Visible: No

Name: C:\Windows\System32\audiodg.exe
PID: 1172
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SLsvc.exe
PID: 1200
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1248
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1364
Hidden: No
Window Visible: No

Name: C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PID: 1500
Hidden: No
Window Visible: No

Name: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PID: 1512
Hidden: No
Window Visible: No

Name: C:\Program Files\Alwil Software\Avast4\ashServ.exe
PID: 1532
Hidden: No
Window Visible: No

Name: C:\Windows\System32\dwm.exe
PID: 1688
Hidden: No
Window Visible: No

Name: C:\Windows\explorer.exe
PID: 1740
Hidden: No
Window Visible: No

Name: C:\Windows\System32\spoolsv.exe
PID: 1964
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\sched.exe
PID: 2004
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 2028
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 272
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PID: 1656
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PID: 1732
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1580
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2076
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2148
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchIndexer.exe
PID: 2232
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PID: 2276
Hidden: No
Window Visible: No

Name: C:\Windows\System32\WUDFHost.exe
PID: 2456
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 2636
Hidden: No
Window Visible: No

Name: C:\Windows\RtHDVCpl.exe
PID: 2668
Hidden: No
Window Visible: No

Name: C:\Program Files\C&E\OSD\osd.exe
PID: 2684
Hidden: No
Window Visible: No

Name: C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PID: 2692
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PID: 2720
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Sidebar\sidebar.exe
PID: 2744
Hidden: No
Window Visible: Yes

Name: C:\Program Files\DNA\btdna.exe
PID: 2760
Hidden: No
Window Visible: No

Name: C:\Windows\ehome\ehtray.exe
PID: 2776
Hidden: No
Window Visible: No

Name: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PID: 4036
Hidden: No
Window Visible: No

Name: C:\Windows\System32\mobsync.exe
PID: 2060
Hidden: No
Window Visible: No

Name: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PID: 4156
Hidden: No
Window Visible: No

Name: C:\Windows\System32\alg.exe
PID: 4412
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wbem\unsecapp.exe
PID: 4508
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wbem\WmiPrvSE.exe
PID: 4940
Hidden: No
Window Visible: No

Name: C:\Windows\ehome\ehmsas.exe
PID: 5156
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Sidebar\sidebar.exe
PID: 5620
Hidden: No
Window Visible: No

Name: C:\Users\evka\Desktop\SysProt\SysProt\SysProt.exe
PID: 4080
Hidden: No
Window Visible: Yes

Name: C:\Windows\System32\taskeng.exe
PID: 5436
Hidden: No
Window Visible: No

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Users\evka\Desktop\SysProt\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: B3A40000
Module End: B3A4B000
Hidden: No

Module Name: C:\Windows\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 81E36000
Module End: 821EF000
Hidden: No

Module Name: C:\Windows\system32\hal.dll
Service Name: ---
Module Base: 81E03000
Module End: 81E36000
Hidden: No

Module Name: C:\Windows\system32\kdcom.dll
Service Name: ---
Module Base: 80409000
Module End: 80410000
Hidden: No

Module Name: C:\Windows\system32\mcupdate_GenuineIntel.dll
Service Name: ---
Module Base: 80410000
Module End: 80480000
Hidden: No

Module Name: C:\Windows\system32\PSHED.dll
Service Name: ---
Module Base: 80480000
Module End: 80491000
Hidden: No

Module Name: C:\Windows\system32\BOOTVID.dll
Service Name: ---
Module Base: 80491000
Module End: 80499000
Hidden: No

Module Name: C:\Windows\system32\CLFS.SYS
Service Name: CLFS
Module Base: 80499000
Module End: 804DA000
Hidden: No

Module Name: C:\Windows\system32\CI.dll
Service Name: ---
Module Base: 804DA000
Module End: 805BA000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wdf01000.sys
Service Name: Wdf01000
Module Base: 80604000
Module End: 80680000
Hidden: No

Module Name: C:\Windows\system32\drivers\WDFLDR.SYS
Service Name: ---
Module Base: 80680000
Module End: 8068D000
Hidden: No

Module Name: C:\Windows\system32\drivers\acpi.sys
Service Name: ACPI
Module Base: 8068D000
Module End: 806D3000
Hidden: No

Module Name: C:\Windows\system32\drivers\WMILIB.SYS
Service Name: ---
Module Base: 806D3000
Module End: 806DC000
Hidden: No

Module Name: C:\Windows\system32\drivers\msisadrv.sys
Service Name: msisadrv
Module Base: 806DC000
Module End: 806E4000
Hidden: No

Module Name: C:\Windows\system32\drivers\pci.sys
Service Name: pci
Module Base: 806E4000
Module End: 8070B000
Hidden: No

Module Name: C:\Windows\System32\drivers\partmgr.sys
Service Name: partmgr
Module Base: 8070B000
Module End: 8071A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\compbatt.sys
Service Name: Compbatt
Module Base: 8071A000
Module End: 8071D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: 8071D000
Module End: 80727000
Hidden: No

Module Name: C:\Windows\system32\drivers\volmgr.sys
Service Name: volmgr
Module Base: 80727000
Module End: 80736000
Hidden: No

Module Name: C:\Windows\System32\drivers\volmgrx.sys
Service Name: volmgrx
Module Base: 80736000
Module End: 80780000
Hidden: No

Module Name: C:\Windows\system32\drivers\pciide.sys
Service Name: pciide
Module Base: 80780000
Module End: 80787000
Hidden: No

Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS
Service Name: ---
Module Base: 80787000
Module End: 80795000
Hidden: No

Module Name: C:\Windows\System32\drivers\mountmgr.sys
Service Name: MountMgr
Module Base: 80795000
Module End: 807A5000
Hidden: No

Module Name: C:\Windows\system32\drivers\atapi.sys
Service Name: atapi
Module Base: 807A5000
Module End: 807AD000
Hidden: No

Module Name: C:\Windows\system32\drivers\ataport.SYS
Service Name: ---
Module Base: 807AD000
Module End: 807CB000
Hidden: No

Module Name: C:\Windows\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: 807CB000
Module End: 807FD000
Hidden: No

Module Name: C:\Windows\system32\drivers\fileinfo.sys
Service Name: FileInfo
Module Base: 805BA000
Module End: 805CA000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecdd.sys
Service Name: KSecDD
Module Base: 85E0B000
Module End: 85E7C000
Hidden: No

Module Name: C:\Windows\system32\drivers\ndis.sys
Service Name: NDIS
Module Base: 85E7C000
Module End: 85F87000
Hidden: No

Module Name: C:\Windows\system32\drivers\NETIO.SYS
Service Name: ---
Module Base: 85FB2000
Module End: 85FED000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpip.sys
Service Name: Tcpip
Module Base: 86002000
Module End: 860EC000
Hidden: No

Module Name: C:\Windows\System32\drivers\fwpkclnt.sys
Service Name: ---
Module Base: 860EC000
Module End: 86107000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Ntfs.sys
Service Name: Ntfs
Module Base: 86206000
Module End: 86316000
Hidden: No

Module Name: C:\Windows\system32\drivers\volsnap.sys
Service Name: volsnap
Module Base: 86316000
Module End: 8634F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\uagp35.sys
Service Name: uagp35
Module Base: 8634F000
Module End: 86360000
Hidden: No

Module Name: C:\Windows\System32\Drivers\spldr.sys
Service Name: spldr
Module Base: 86360000
Module End: 86368000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\SISAGPX.sys
Service Name: SISAGP
Module Base: 86368000
Module End: 86379000
Hidden: No

Module Name: C:\Windows\System32\Drivers\mup.sys
Service Name: Mup
Module Base: 86379000
Module End: 86388000
Hidden: No

Module Name: C:\Windows\System32\drivers\ecache.sys
Service Name: Ecache
Module Base: 86388000
Module End: 863AF000
Hidden: No

Module Name: C:\Windows\system32\drivers\disk.sys
Service Name: disk
Module Base: 863AF000
Module End: 863C0000
Hidden: No

Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS
Service Name: ---
Module Base: 863C0000
Module End: 863E1000
Hidden: No

Module Name: C:\Windows\system32\drivers\crcdisk.sys
Service Name: crcdisk
Module Base: 863E1000
Module End: 863EA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunnel.sys
Service Name: tunnel
Module Base: 86112000
Module End: 8611D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: 8611D000
Module End: 86126000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: 86126000
Module End: 86135000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: 86200000
Module End: 86204000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\SISGRKMD.sys
Service Name: SiS6350
Module Base: 86135000
Module End: 861AA000
Hidden: No

Module Name: C:\Windows\System32\drivers\dxgkrnl.sys
Service Name: DXGKrnl
Module Base: 8980B000
Module End: 898AA000
Hidden: No

Module Name: C:\Windows\System32\drivers\watchdog.sys
Service Name: ---
Module Base: 898AA000
Module End: 898B6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: 898B6000
Module End: 898C9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys
Service Name: kbdclass
Module Base: 898C9000
Module End: 898D4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouclass.sys
Service Name: mouclass
Module Base: 898D4000
Module End: 898DF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdrom.sys
Service Name: cdrom
Module Base: 898DF000
Module End: 898F7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: 898F7000
Module End: 89901000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: 89901000
Module End: 8993F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: 8993F000
Module End: 8994E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\SiSGB6.sys
Service Name: SiSGbeLH
Module Base: 8994E000
Module End: 8995E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: 8995E000
Module End: 899EB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys
Service Name: iScsiPrt
Module Base: 861AA000
Module End: 861D9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\storport.sys
Service Name: ---
Module Base: 89C07000
Module End: 89C48000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: 89C48000
Module End: 89C53000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: 89C53000
Module End: 89C6A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: 89C6A000
Module End: 89C75000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: 89C75000
Module End: 89C98000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: 89C98000
Module End: 89CA7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: 89CA7000
Module End: 89CBB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rassstp.sys
Service Name: RasSstp
Module Base: 89CBB000
Module End: 89CD0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: 89CD0000
Module End: 89CE0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: 89CE0000
Module End: 89CE2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: 89CE2000
Module End: 89D0C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: 89D0C000
Module End: 89D16000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\umbus.sys
Service Name: umbus
Module Base: 89D16000
Module End: 89D23000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: 89D23000
Module End: 89D58000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: 89D58000
Module End: 89D69000
Hidden: No

Module Name: C:\Windows\system32\drivers\RTKVHDA.sys
Service Name: IntcAzAudAddService
Module Base: 89E0B000
Module End: 89FE4000
Hidden: No

Module Name: C:\Windows\system32\drivers\portcls.sys
Service Name: ---
Module Base: 89D69000
Module End: 89D96000
Hidden: No

Module Name: C:\Windows\system32\drivers\drmk.sys
Service Name: ---
Module Base: 89D96000
Module End: 89DBB000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: 89FF4000
Module End: 89FFB000
Hidden: No

Module Name: C:\Windows\System32\drivers\vga.sys
Service Name: vga
Module Base: 89DBB000
Module End: 89DC7000
Hidden: No

Module Name: C:\Windows\System32\drivers\VIDEOPRT.SYS
Service Name: ---
Module Base: 89DC7000
Module End: 89DE8000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: 89E00000
Module End: 89E08000
Hidden: No

Module Name: C:\Windows\system32\drivers\rdpencdd.sys
Service Name: RDPENCDD
Module Base: 89DE8000
Module End: 89DF0000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: 899EB000
Module End: 899F9000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: 89800000
Module End: 89809000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tdx.sys
Service Name: tdx
Module Base: 861D9000
Module End: 861EF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\smb.sys
Service Name: Smb
Module Base: 805CA000
Module End: 805DE000
Hidden: No

Module Name: C:\Windows\System32\Drivers\aswTdi.SYS
Service Name: aswTdi
Module Base: 861EF000
Module End: 861F9000
Hidden: No

Module Name: C:\Windows\system32\drivers\afd.sys
Service Name: AFD
Module Base: 8A403000
Module End: 8A44B000
Hidden: No

Module Name: C:\Windows\System32\Drivers\aswRdr.SYS
Service Name: aswRdr
Module Base: 8A44B000
Module End: 8A44F000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\netbt.sys
Service Name: netbt
Module Base: 8A44F000
Module End: 8A481000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pacer.sys
Service Name: PSched
Module Base: 8A481000
Module End: 8A497000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: 8A497000
Module End: 8A4A5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: 8A4A5000
Module End: 8A4B8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ssmdrv.sys
Service Name: ssmdrv
Module Base: 8A4B8000
Module End: 8A4BE000
Hidden: No

Module Name: C:\Windows\system32\drivers\RTSTOR.SYS
Service Name: RTSTOR
Module Base: 8A4BE000
Module End: 8A4CF000
Hidden: No

Module Name: C:\Windows\system32\drivers\USBD.SYS
Service Name: ---
Module Base: 8A4CF000
Module End: 8A4D1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdbss.sys
Service Name: rdbss
Module Base: 8A4D1000
Module End: 8A50D000
Hidden: No

Module Name: C:\Windows\system32\drivers\nsiproxy.sys
Service Name: nsiproxy
Module Base: 8A50D000
Module End: 8A517000
Hidden: No

Module Name: C:\Windows\System32\Drivers\dfsc.sys
Service Name: DfsC
Module Base: 8A517000
Module End: 8A52E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\avipbb.sys
Service Name: avipbb
Module Base: 8A52E000
Module End: 8A550000
Hidden: No

Module Name: C:\Windows\System32\Drivers\aswSP.SYS
Service Name: aswSP
Module Base: 8A550000
Module End: 8A571000
Hidden: No

Module Name: C:\Windows\System32\Drivers\crashdmp.sys
Service Name: ---
Module Base: 8A571000
Module End: 8A57E000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 8A57E000
Module End: 8A589000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 8A589000
Module End: 8A591000
Hidden: Yes

Module Name: C:\Windows\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: 8A591000
Module End: 8A59B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\monitor.sys
Service Name: monitor
Module Base: 8A59B000
Module End: 8A5AA000
Hidden: No

Module Name: C:\Windows\system32\drivers\luafv.sys
Service Name: luafv
Module Base: 8A5AA000
Module End: 8A5C5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\aswMonFlt.sys
Service Name: aswMonFlt
Module Base: 8A5C5000
Module End: 8A5DC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\avgntflt.sys
Service Name: avgntflt
Module Base: 8A5DC000
Module End: 8A5F1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\aswFsBlk.sys
Service Name: aswFsBlk
Module Base: 8A5F1000
Module End: 8A5F9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lltdio.sys
Service Name: lltdio
Module Base: 85FED000
Module End: 85FFD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nwifi.sys
Service Name: NativeWifiP
Module Base: AD80B000
Module End: AD835000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: AD835000
Module End: AD83F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rspndr.sys
Service Name: rspndr
Module Base: AD83F000
Module End: AD852000
Hidden: No

Module Name: C:\Windows\system32\drivers\spsys.sys
Service Name: ---
Module Base: AD852000
Module End: AD902000
Hidden: No

Module Name: C:\Windows\system32\drivers\HTTP.sys
Service Name: HTTP
Module Base: AD902000
Module End: AD96F000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srvnet.sys
Service Name: srvnet
Module Base: AD96F000
Module End: AD98C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bowser.sys
Service Name: bowser
Module Base: AD98C000
Module End: AD9A5000
Hidden: No

Module Name: C:\Windows\System32\drivers\mpsdrv.sys
Service Name: mpsdrv
Module Base: AD9A5000
Module End: AD9BA000
Hidden: No

Module Name: C:\Windows\system32\drivers\mrxdav.sys
Service Name: MRxDAV
Module Base: AD9BA000
Module End: AD9DB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Name: mrxsmb
Module Base: AD9DB000
Module End: AD9FA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Name: mrxsmb10
Module Base: B000E000
Module End: B0047000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Name: mrxsmb20
Module Base: B0047000
Module End: B005F000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv2.sys
Service Name: srv2
Module Base: B005F000
Module End: B0086000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv.sys
Service Name: srv
Module Base: B0086000
Module End: B00D4000
Hidden: No

Module Name: C:\Windows\system32\drivers\peauth.sys
Service Name: PEAUTH
Module Base: B00EC000
Module End: B01CA000
Hidden: No

Module Name: C:\Windows\System32\Drivers\secdrv.SYS
Service Name: secdrv
Module Base: B01CA000
Module End: B01D4000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpipreg.sys
Service Name: tcpipreg
Module Base: B01D4000
Module End: B01E0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\WUDFRd.sys
Service Name: WUDFRd
Module Base: B01E0000
Module End: B01F5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\WUDFPf.sys
Service Name: ---
Module Base: B00D4000
Module End: B00E6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ipnat.sys
Service Name: IPNAT
Module Base: B3A04000
Module End: B3A2A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdfs.sys
Service Name: cdfs
Module Base: B3A2A000
Module End: B3A40000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Null.SYS
Service Name: Null
Module Base: 89FED000
Module End: 89FF4000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: 89DF0000
Module End: 89DFB000
Hidden: No

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: EVKA1-PC:12143
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: EVKA1-PC:12119
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: EVKA1-PC:12110
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: EVKA1-PC:12080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
State: LISTENING

Local Address: EVKA1-PC:12025
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: EVKA1-PC:49157
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: EVKA1-PC:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: EVKA1-PC:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: EVKA1-PC:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: EVKA1-PC:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: EVKA1-PC:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: EVKA1-PC:27785
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\DNA\btdna.exe
State: LISTENING

Local Address: EVKA1-PC:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: EVKA1-PC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: EVKA1-PC:49224
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: EVKA1-PC:49159
Remote Address: NA
Type: UDP
Process: C:\Program Files\Windows Sidebar\sidebar.exe
State: NA

Local Address: EVKA1-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: EVKA1-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Program Files\DNA\btdna.exe
State: NA

Local Address: EVKA1-PC:49152
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: EVKA1-PC:27785
Remote Address: NA
Type: UDP
Process: C:\Program Files\DNA\btdna.exe
State: NA

Local Address: EVKA1-PC:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: EVKA1-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: EVKA1-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: EVKA1-PC:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: EVKA1-PC:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\SPP
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\{0467caaf-407c-11df-a2d5-00030d88030b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{2c5ee429-4243-11df-995d-00030d88030b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{2c5ee434-4243-11df-995d-00030d88030b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{515b7c98-4016-11df-89c0-00030d88030b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{928d2d9c-4195-11df-9946-00030d88030b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{df47d117-401f-11df-bab7-00030d88030b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{f8c08421-418a-11df-b61c-fe1bbf465cfa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\Users\evka\Desktop\INE KAFE\ine kafe - Záverecná.mp3
Status: Hidden

Object: C:\Users\evka\Desktop\INE KAFE\ine kafe - cumil.mp3
Status: Hidden

Object: C:\Users\evka\Desktop\INE KAFE\ine kafe - dakujeme vám.mp3
Status: Hidden

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

a zas som v koncoch neviem ako sem mam dostat ten screen toho taskmng mate to so mnou tazke

mam ho zatial ulozeny na ploche z paintu...alebo som ho mal sem vlozit hned po snapnuti? to som skusal ale mi tu vyhodilo viac ponuk ako som ocakaval neviem...a mam snapnut iba zakladne procesy alebo zaskrtnut vyber pre vsetkych uzivatelov? lebo ked mam procesy vsetkych uzivatelov tak sa to do jedneho screenu nevojde...hm?

[motji]

Potřebuji vidět ten běžící prohlížeč, takže screen tak, aby byl vidět. Je jedno z kterého uživatelského profilu, jde mi jen o ten prohlížeč
Můžete obrázek nahrát zde http://www.imageshack.us/

Ten sken jste dělal, když byl IE vypnutý?


Ještě se trochu blbě zeptám , ale to Vám na pozadí běží pouze Internet explorer?
Neběží třeba jen Google chrome? Protože Google se tuším co hodinu updatuje,můžeme to vypnout a aktualizovat ho můžete jednou za čas ručně. Mám totiž pocit, jestli se tu nehoníme jen za updaty googlu

Jděte přes Start –spustit – napište – services.msc – ok – najít službu
Google software Updater
- Klikněte na ni pravým myšítkem, zvolte vlastnosti,na další kartě nejprve službu zastavte tlačítkem zastavit, a u položky Typ spouštění zvolit ručně

smažte soubory
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

-restartujte počítač a zjistěte, zda stále ten prohlížeč běží.

Pak poprosím o nový log ze Rsitu.

[pecko77]

ahoj Rádkině, musim vam to malinko objasnit...(este som nic nemazal..).Povodne (puvodne) tu bol ako prednastaveny hlavny prohlizec FIREFOX a stahnutej CHROME a samozrejme IE. Myslel som ze chyba bude v tom Firefoxu,tak som odstranil,restartoval a to co robil FIREFOX zacal robit chrome (samovolne spusteny (podla taskmng),vyuzitie proc. 80%),tak som odstranil aj ten CHROME a zostal tu len iE a situacia sa zopakovala...

keby to malo byt len tymi aktualizaciami tak by ten procesor nebol permanentne a konstantne vytizenej na 100%

scan som robil ked ntb nemal ziadny pristup na net a prohlizec vypnutej (teda aspon ja som ho nespustal,ani nic ine)

ten obr by tam mohol byt vy si to najdete?

a mam uz aj log z toho MBAMu
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3967

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

8. 4. 2010 12:44:36
mbam-log-2010-04-08 (12-44-36).txt

Scan type: Full scan (C:\|E:\|F:\|S:\|)
Objects scanned: 204560
Time elapsed: 2 hour(s), 39 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{snifw2pn-xqjw-0rwx-dtp3-tuq0ev3710vy} (Generic.Bot.H) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\evka\AppData\Roaming\google\google.exe (Generic.Bot.H) -> No action taken.


ma to byt toto? sa mi to zda nejake kratke..

a este nieco... pocas toho MBAMu som zabudol vypnut tu aviru a dva krat zaskrecala a teraz neviem ci som to dal opravit (vyliecit) al nie... viem,asi som vas nepotesil,mrzi ma to.. dufam ze som nic nesposobil.. potom som ju vypol...

a v tom spravcovi je dost vela nejakych schvostov(alebo tak nejak )..je to normalne?

[motji]

Co našel mbam, smažte.
Normální to je.
ne nenajdu, potřebuji k tomu link

[pecko77]

ahoj
a nevie to ten mbam zmazat nejako sam? podla tej cesty (C:\Users\evka\AppData\Roaming\google\google.exe)to tu nie je, ani adr. google ani ten subor google.exe v nom.. a mam aj zobrazene skryte priecinky a subory..

vy potrebujete vediet link kde to mam ulozene ja? naozaj neviem ako sa to robi
ja to mam tu: C:\Users\evka\Desktop\untitled ja to naozaj neviem
a neda sa to nejako priamo vlozit sem ten obr? zeby som to este raz restartoval a cvakol,hm? zas bez pristupu na net a spustania nejakeho programu

[motji]

Při screenu jste měl explorer spuštěný?

Mbam to maže

[pecko77]

nemal,ked spustim ja prohlizec tak su tam dva..jeden stale tych 70-80% a druhy (ked je len tak spusteny) tak 0-2%..cvaknem vam to teraz ked mam spusteny net?

idem sa skusit dohodnut s tym MBAMom aby to vymazal

tak sme sa nedohodli... dam mu este raz rychly scan?

[motji]

Ne, nemusíte, já to smáznu přes skript.
Ještě Vás poprosím

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.