Tabulka s žádostí na ATM PIN a zasekávající se internet

[Žbeky]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"=-
"52344:TCP"=-


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Reklama]

[indos]

ComboFix 11-07-14.05 - Yumi & Keunsoo 15/07/2011 8:39.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1033.18.1015.184 [GMT 2:00]
Spuštěný z: c:\documents and settings\Yumi & Keunsoo\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Yumi & Keunsoo\Desktop\CFScript.txt.txt
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\_000006_.tmp.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-15 do 2011-07-15 )))))))))))))))))))))))))))))))
.
.
2011-07-15 06:24 . 2011-07-15 06:24 -------- d-----w- c:\windows\LastGood
2011-06-29 19:09 . 2011-06-29 19:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 14:02 . 2009-04-01 23:44 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-29 07:11 . 2011-04-18 11:54 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2011-04-18 11:54 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-04 02:52 . 2011-04-26 01:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2010-05-21 05:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2009-04-02 00:55 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2009-04-01 23:44 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2009-04-01 23:44 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2011-04-26 11:07 293376 ----a-w- c:\windows\system32\SETE.tmp
2011-04-26 11:07 . 2009-04-01 23:44 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:11 . 2009-04-01 23:44 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2009-04-01 23:44 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2009-04-01 23:44 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2009-04-01 23:44 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2009-04-01 23:44 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-18 03:37 . 2011-04-18 03:37 388096 ----a-r- c:\documents and settings\Yumi & Keunsoo\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2011-06-28_05.47.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-15 01:31 . 2011-07-15 01:31 16384 c:\windows\temp\Perflib_Perfdata_a78.dat
+ 2009-04-01 23:44 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-04-01 23:44 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2011-06-30 04:43 . 2011-06-30 04:43 19968 c:\windows\Installer\4f771.msi
+ 2009-10-28 14:52 . 2011-07-15 01:02 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-10-28 14:52 . 2011-06-16 12:39 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-10-28 14:52 . 2011-06-16 12:39 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-10-28 14:52 . 2011-07-15 01:02 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-10-28 14:52 . 2011-06-16 12:39 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-10-28 14:52 . 2011-07-15 01:02 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-10-28 14:52 . 2011-07-15 01:02 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-10-28 14:52 . 2011-06-16 12:39 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-10-28 14:52 . 2011-06-16 12:39 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-10-28 14:52 . 2011-07-15 01:02 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-10-28 14:52 . 2011-07-15 01:02 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-10-28 14:52 . 2011-06-16 12:39 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-10-28 14:52 . 2011-06-16 12:39 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-10-28 14:52 . 2011-07-15 01:02 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-06-29 19:09 . 2011-06-29 19:09 243360 c:\windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe
+ 2011-06-29 19:09 . 2011-06-29 19:09 328864 c:\windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.dll
+ 2009-04-01 16:50 . 2011-07-15 01:31 341032 c:\windows\system32\FNTCACHE.DAT
- 2009-04-01 16:50 . 2011-04-15 04:24 341032 c:\windows\system32\FNTCACHE.DAT
+ 2009-04-01 23:44 . 2011-04-26 11:07 293376 c:\windows\system32\dllcache\winsrv.dll
- 2009-04-01 23:44 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2009-04-01 23:44 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll
- 2009-10-28 14:52 . 2011-06-16 12:39 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-10-28 14:52 . 2011-07-15 01:02 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-10-28 14:52 . 2011-06-16 12:39 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-10-28 14:52 . 2011-07-15 01:02 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-10-28 14:52 . 2011-07-15 01:02 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-10-28 14:52 . 2011-06-16 12:39 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-10-28 14:52 . 2011-07-15 01:02 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-10-28 14:52 . 2011-06-16 12:39 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-10-28 14:52 . 2011-06-16 12:39 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-10-28 14:52 . 2011-07-15 01:02 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-10-28 14:52 . 2011-07-15 01:02 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2009-10-28 14:52 . 2011-06-16 12:39 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-04-01 23:44 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys
+ 2011-05-23 12:15 . 2011-05-23 12:15 3617792 c:\windows\Installer\257db5f.msp
+ 2007-04-19 13:09 . 2007-04-19 13:09 1061720 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\OMFC.DLL
+ 2009-08-29 01:41 . 2011-07-15 01:02 49089992 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-11 17881600]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-05-08 696320]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-05-08 118784]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-14 125632]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-23 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2009-06-17 22:18 3054136 ----a-w- c:\windows\AsScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gemstrmw]
2003-08-29 22:35 24576 ------w- c:\windows\system32\gemstrmw.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2002-07-24 20:20 28672 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28/10/2009 16:40 642560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [25/05/2011 4:38 105592]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [01/04/2009 4:41 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [01/04/2009 4:41 39040]
R3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [18/06/2009 0:19 1684736]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [15/03/2007 1:48 116416]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
Trusted Zone: csob.cz\ib24
Trusted Zone: ica.cz
Trusted Zone: postovnisporitelna.cz\maxibps
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-15 08:49
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2011-07-15 08:52:28
ComboFix-quarantined-files.txt 2011-07-15 06:52
ComboFix2.txt 2011-06-29 16:32
ComboFix3.txt 2011-06-28 05:50
ComboFix4.txt 2011-04-19 05:49
.
Před spuštěním: 32.212.791.296 bytes free
Po spuštění: 32.420.454.400 bytes free
.
- - End Of File - - 2254A2A02F255E40ACBC2F1FD89EAEE9

[indos]

Dneska jsem se dívala na www.ebay.com a tabulku s žádostí na můj ATM PIN už tam mám zase
Co dál dělat?

[jaro3]

Stáhni AVP Tools
na svojí plochu.

Zaškrtni :
Hidden startup objects
System Memory
Disk boot sectors
Dokumenty
My email
Počítač
Místní disk C
Místní disk D
Jednotka DVD-Rom (E)
Jednotka BD-ROM (G)
A jiné , např. Flash disky , které máš připojeny.

Pokračuj podle instrukcí.Na konci se objeví textový soubor , který si hned ulož (save log) na svojí plochu pod názvem KAS.txt .Poté sem vlož celý obsah toho logu.

Pokud se Ti log nezobrazí:
Pokud máš AVPtool stále zapnutý, zkus zmáčknout tlačítko Zpráva (Report).
Pokud se Ti zobrazí tabulka, klikni na ní pravým myšítkem a dej Maximalize a měli by se Ti zobrazit výsledky.

+
stáhni SuperAntiSpyware
aktualizuj databázi , proveď sken a následně nákazy smaž

[indos]

AVP Tools nic nenašel, report má 63MB..což sem nelze vložit.. /případně jak na to?/
SuperAntiSpyware nalezl 20 cookies, které byly smazány, ale problém pokračuje..

[jaro3]

Stáhni si z některého odkazu SysProt AntiRootkit:
Odkaz 1

Odkaz 2

Odkaz 3

Odkaz 4

Rozbal si ho na svojí plochu.
Spusť SysProt>> klikni na Log tab.
Zatrhni všechny čtverečky v sekci "Write to log" ( nedávej zatržítko na volbu "Hidden Objects Only").
Klikni na Create Log. Když se Tě zeptá na volbu skenu , vyber Scanning all drives >>klikni na na Start ( neklikej na "Ok" !).
Nech sken nerušeně běžet, až sken skončí , najdi log.txt ve složce SysProt . Zkopíruj sem prosím celý obsah toho logu.

+
Stáhni si RootRepeal

Rozbal si archív třeba do C:\RootRepeal
Poklepej na RootRepeal.exe ke startu programu ( ve vistě pravým a vybrat spustit jako administrátor).
Klikni v dolní části na Files a potom na Scan .
Objeví se dialog.okno, dej zatržítko na disk, který chceš skenovat( nejčastěji na C:\) , a potom na OK.
Program začne skenovat zatržený disk. Když sken skončí , budou tam vypsané soubory, ale ne všechny musí být legitimní. Klikni na Save Report a ulož si log do dokumentů. Vlož sem prosím celý jeho obsah.

[indos]

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 764
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 824
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 956
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 1020
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 1032
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1228
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1336
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1512
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1612
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 1876
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2032
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 304
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PID: 588
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PID: 628
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PID: 328
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 884
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\scardsvr.exe
PID: 1444
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 3796
Hidden: No
Window Visible: No

Name: C:\Program Files\Symantec AntiVirus\DefWatch.exe
PID: 3844
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 3912
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PID: 3944
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PID: 1120
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PID: 1576
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PID: 1780
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1800
Hidden: No
Window Visible: No

Name: C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PID: 1676
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wuauclt.exe
PID: 2300
Hidden: No
Window Visible: No

Name: C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PID: 2548
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 2812
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxsrvc.exe
PID: 3260
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\hkcmd.exe
PID: 3388
Hidden: No
Window Visible: No

Name: C:\WINDOWS\RTHDCPL.EXE
PID: 3616
Hidden: No
Window Visible: No

Name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PID: 3672
Hidden: No
Window Visible: No

Name: C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
PID: 3716
Hidden: No
Window Visible: No

Name: C:\Program Files\EeePC\ACPI\AsEPCMon.exe
PID: 3744
Hidden: No
Window Visible: No

Name: C:\Program Files\EeePC\ACPI\AsTray.exe
PID: 3756
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PID: 3772
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\SYMANT~1\VPTray.exe
PID: 3836
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxext.exe
PID: 236
Hidden: No
Window Visible: No

Name: C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PID: 544
Hidden: No
Window Visible: No

Name: C:\Program Files\Symantec AntiVirus\DoScan.exe
PID: 2928
Hidden: No
Window Visible: No

Name: C:\Program Files\Skype\Phone\Skype.exe
PID: 3824
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 3872
Hidden: No
Window Visible: No

Name: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PID: 3968
Hidden: No
Window Visible: No

Name: C:\Program Files\Skype\Plugin Manager\skypePM.exe
PID: 4048
Hidden: No
Window Visible: No

Name: C:\Program Files\WinRAR\WinRAR.exe
PID: 4372
Hidden: No
Window Visible: No

Name: C:\DOCUME~1\YUMI&K~1\LOCALS~1\temp\Rar$EX00.812\SysProt\SysProt.exe
PID: 4500
Hidden: No
Window Visible: Yes

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\DOCUME~1\YUMI&K~1\LOCALS~1\Temp\Rar$EX00.281\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A4775000
Module End: A4780000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E5000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E5000
Module End: 80705D00
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F7A88000
Module End: F7A8A000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F7998000
Module End: F799B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sptd.sys
Service Name: sptd
Module Base: F73B7000
Module End: F7487000
Hidden: No

Module Name: \WINDOWS\System32\Drivers\WMILIB.SYS
Service Name: ---
Module Base: F7A8A000
Module End: F7A8C000
Hidden: No

Module Name: \WINDOWS\System32\Drivers\SPTD4125.SYS
Service Name: ---
Module Base: F739F000
Module End: F73B7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F7371000
Module End: F739F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F7360000
Module End: F7371000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F7588000
Module End: F7592000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\compbatt.sys
Service Name: Compbatt
Module Base: F799C000
Module End: F799F000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: F79A0000
Module End: F79A4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7B50000
Module End: F7B51000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F7808000
Module End: F780F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F7598000
Module End: F75A3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F7341000
Module End: F7360000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F7810000
Module End: F7815000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPIEC.sys
Service Name: ACPIEC
Module Base: F79A4000
Module End: F79A7000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Service Name: ---
Module Base: F7B51000
Module End: F7B52000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F75A8000
Module End: F75B5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F7329000
Module End: F7341000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\iaStor.sys
Service Name: iaStor
Module Base: F724F000
Module End: F7329000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F75B8000
Module End: F75C1000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F75C8000
Module End: F75D5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltMgr.sys
Service Name: FltMgr
Module Base: F722F000
Module End: F724F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F721D000
Module End: F722F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F7206000
Module End: F721D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\WudfPf.sys
Service Name: WudfPf
Module Base: F71EF000
Module End: F7206000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F7162000
Module End: F71EF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F7135000
Module End: F7162000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F711B000
Module End: F7135000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F77A8000
Module End: F77B1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
Service Name: ialm
Module Base: F4FCE000
Module End: F5564000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F4FBA000
Module End: F4FCE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: F4F92000
Module End: F4FBA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
Service Name: L1c
Module Base: F77B8000
Module End: F77C6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\athw.sys
Service Name: AR5416
Module Base: F4E1C000
Module End: F4F92000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F78A8000
Module End: F78AE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F4DF8000
Module End: F4E1C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F78B0000
Module End: F78B8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: F77C8000
Module End: F77D5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F78B8000
Module End: F78BE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\SynTP.sys
Service Name: SynTP
Module Base: F4DC6000
Module End: F4DF8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F7AB8000
Module End: F7ABA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS
Service Name: ---
Module Base: F77D8000
Module End: F77E6000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\wdf01000.sys
Service Name: Wdf01000
Module Base: F4D55000
Module End: F4DC6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F78C0000
Module End: F78C6000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\dtscsi.sys
Service Name: dtscsi
Module Base: F4D0B000
Module End: F4D55000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Service Name: ---
Module Base: F0086000
Module End: F009E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: F0F4E000
Module End: F0F52000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
Service Name: AsusACPI
Module Base: F0F4A000
Module End: F0F4D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\btkrnl.sys
Service Name: BTKRNL
Module Base: EF947000
Module End: EFA38000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7C57000
Module End: F7C58000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F009E000
Module End: F00AB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F0F46000
Module End: F0F49000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: EF930000
Module End: EF947000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: EFF8E000
Module End: EFF99000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: EFF7E000
Module End: EFF8A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F142D000
Module End: F1432000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: EF87F000
Module End: EF890000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: EFF6E000
Module End: EFF77000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F1425000
Module End: F142A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F141D000
Module End: F1422000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: EFF5E000
Module End: EFF68000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F7AE0000
Module End: F7AE2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: EF80C000
Module End: EF82F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: EF7AE000
Module End: EF80C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F0F3A000
Module End: F0F3E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: EFF2E000
Module End: EFF3E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: EFF1E000
Module End: EFF2D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\btport.sys
Service Name: BTDriver
Module Base: F0E22000
Module End: F0E2A000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: EEB5A000
Module End: EEB64000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Service Name: IntcAzAudAddService
Module Base: A6EB5000
Module End: A73B9000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: A6E91000
Module End: A6EB5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: EE7F9000
Module End: EE808000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F76B8000
Module End: F76C7000
Hidden: No

Module Name: \??\C:\Program Files\Symantec AntiVirus\savrt.sys
Service Name: SAVRT
Module Base: A5071000
Module End: A50C9000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
Service Name: SymEvent
Module Base: A504F000
Module End: A5071000
Hidden: No

Module Name: \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
Service Name: SAVRTPEL
Module Base: A503B000
Module End: A504F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\uvclf.sys
Service Name: uvclf
Module Base: F76D8000
Module End: F76E2000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\usbvideo.sys
Service Name: usbvideo
Module Base: A4E92000
Module End: A4EB0000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F7AB2000
Module End: F7AB4000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7B83000
Module End: F7B84000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F7AEA000
Module End: F7AEC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: A9A1A000
Module End: A9A21000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: EF82F000
Module End: EF835000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F7AD0000
Module End: F7AD2000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F7AD4000
Module End: F7AD6000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F7988000
Module End: F798D000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F7848000
Module End: F7850000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F5FDF000
Module End: F5FE2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: A4E5F000
Module End: A4E72000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: A4E06000
Module End: A4E5F000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\SYMTDI.SYS
Service Name: SYMTDI
Module Base: A4DCB000
Module End: A4E06000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: A4DA5000
Module End: A4DCB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F7708000
Module End: F7711000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: A4D7D000
Module End: A4DA5000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: A4D5B000
Module End: A4D7D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F6560000
Module End: F6569000
Hidden: No

Module Name: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
Service Name: SPBBCDrv
Module Base: A4CF9000
Module End: A4D5B000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Service Name: SASKUTIL
Module Base: A4CD7000
Module End: A4CF9000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Service Name: SASDIFSV
Module Base: F13FD000
Module End: F1403000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: A4CAC000
Module End: A4CD7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: A4C3C000
Module End: A4CAC000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F64F0000
Module End: F64FB000
Hidden: No

Module Name: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Service Name: eeCtrl
Module Base: A4BDE000
Module End: A4C3C000
Hidden: No

Module Name: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Service Name: EraserUtilRebootDrv
Module Base: A4BC0000
Module End: A4BDE000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F1A66000
Module End: F1A76000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: A4AE6000
Module End: A4BC0000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: F5588000
Module End: F558B000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F13E5000
Module End: F13EA000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7B79000
Module End: F7B7A000
Hidden: No

Module Name: \SystemRoot\system32\drivers\xpsec.sys
Service Name: xpsec
Module Base: A4AD3000
Module End: A4AE6000
Hidden: Yes

Module Name: \SystemRoot\system32\drivers\xcpip.sys
Service Name: xcpip
Module Base: A4A7A000
Module End: A4AD3000
Hidden: Yes

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: A49CE000
Module End: A49D2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: A4795000
Module End: A47AA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: A975A000
Module End: A9769000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: A4380000
Module End: A43AD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: A4300000
Module End: A4358000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\TDTCP.SYS
Service Name: TDTCP
Module Base: F7850000
Module End: F7856000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\RDPWD.SYS
Service Name: RDPWD
Module Base: A3F80000
Module End: A3FA3000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: A3A74000
Module End: A3AB5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: A39F9000
Module End: A3A24000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\splitter.sys
Service Name: splitter
Module Base: F7B30000
Module End: F7B32000
Hidden: No

Module Name: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110715.004\navex15.sys
Service Name: NAVEX15
Module Base: A32C9000
Module End: A3440000
Hidden: No

Module Name: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110715.004\naveng.sys
Service Name: NAVENG
Module Base: A32B5000
Module End: A32C9000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAlertResumeThread
Address: 860D6C10
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAlertThread
Address: 861062B8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAllocateVirtualMemory
Address: 8629AA58
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwConnectPort
Address: 8612DFC0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateKey
Address: F73BCB3A
Driver Base: F73B7000
Driver End: F7487000
Driver Name: sptd.sys

Function Name: ZwCreateMutant
Address: 86161008
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThread
Address: 86295410
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteValueKey
Address: A5063350
Driver Base: A504F000
Driver End: A5071000
Driver Name: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

Function Name: ZwEnumerateKey
Address: F73BCC7E
Driver Base: F73B7000
Driver End: F7487000
Driver Name: sptd.sys

Function Name: ZwEnumerateValueKey
Address: F73BCFF6
Driver Base: F73B7000
Driver End: F7487000
Driver Name: sptd.sys

Function Name: ZwFreeVirtualMemory
Address: 86D49B50
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwImpersonateAnonymousToken
Address: 86153208
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwImpersonateThread
Address: 860A3328
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwMapViewOfSection
Address: 8616C0B8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenEvent
Address: 8615B478
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenKey
Address: F73BCA18
Driver Base: F73B7000
Driver End: F7487000
Driver Name: sptd.sys

Function Name: ZwOpenProcessToken
Address: 861A6888
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThreadToken
Address: 8614A1C8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwQueryKey
Address: F73BD0C0
Driver Base: F73B7000
Driver End: F7487000
Driver Name: sptd.sys

Function Name: ZwQueryValueKey
Address: 86149AC0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwResumeThread
Address: 8605B2D8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetContextThread
Address: 86149930
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetInformationProcess
Address: 86288120
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetInformationThread
Address: 86146AF8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetValueKey
Address: A5063580
Driver Base: A504F000
Driver End: A5071000
Driver Name: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

Function Name: ZwSuspendProcess
Address: 86113750
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSuspendThread
Address: 86095378
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: A4CE1640
Driver Base: A4CD7000
Driver End: A4CF9000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

Function Name: ZwTerminateThread
Address: 86111098
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwUnmapViewOfSection
Address: 8620DA30
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwWriteVirtualMemory
Address: 861C4008
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 860530E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 860530E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 860530E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 860530E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 860530E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 860530E8
Hooking Module: _unknown_

Hooked Module: \Driver\00000107
Hooked IRP: IRP_MJ_POWER
Jump To: F73C3EA8
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\00000107
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: F73D7A70
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: C:\WINDOWS\system32\drivers\iaStor.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 86D950E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\iaStor.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 86D950E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\iaStor.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 86D950E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\iaStor.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 86D950E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\iaStor.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 86D950E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 86D96748
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_READ
Jump To: 86D96748
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 86D96748
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 86D96748
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 86D96748
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 86D96748
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 86D96748
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 86D96748
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 86D96748
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 86D96748
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 86068840
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 86068840
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 86068840
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 86068840
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 86068840
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 86D4A740
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 86D4A740
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_READ
Jump To: 86D4A740
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 86D4A740
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 86D4A740
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 86D4A740
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 86D4A740
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 86D4A740
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 86D4A740
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 86D4A740
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\disk.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 86D95EB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\disk.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 86D95EB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\disk.sys
Hooked IRP: IRP_MJ_READ
Jump To: 86D95EB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\disk.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 86D95EB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\disk.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 86D95EB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\disk.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 86D95EB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\disk.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 86D95EB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\disk.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 86D95EB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\disk.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 86D95EB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\disk.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 86D95EB0
Hooking Module: _unknown_

******************************************************************************************
******************************************************************************************
Ports:
Local Address: LENKA:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: LENKA:1026
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: LENKA:63378
Remote Address: 10.71.16.1:DOMAIN
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LENKA:1073
Remote Address: A23-2-66-161.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTPS
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: ESTABLISHED

Local Address: LENKA:1072
Remote Address: A173-223-57-195.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTPS
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: ESTABLISHED

Local Address: LENKA:1069
Remote Address: A23-2-66-161.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTPS
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: ESTABLISHED

Local Address: LENKA:1049
Remote Address: 78.141.177.89:12350
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: ESTABLISHED

Local Address: LENKA:1044
Remote Address: 213.146.189.205:12350
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: ESTABLISHED

Local Address: LENKA:1043
Remote Address: 213.146.189.205:12350
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LENKA:1039
Remote Address: P1131-IPBF1006OSAKAKITA.OSAKA.OCN.NE.JP:29553
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: ESTABLISHED

Local Address: LENKA:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: LENKA:30571
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: LISTENING

Local Address: LENKA:3389
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: LENKA:1344
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
State: LISTENING

Local Address: LENKA:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: LENKA:HTTPS
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: LISTENING

Local Address: LENKA:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: LENKA:HTTP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: LISTENING

Local Address: LENKA:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: LENKA:1046
Remote Address: NA
Type: UDP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: NA

Local Address: LENKA:1038
Remote Address: NA
Type: UDP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: NA

Local Address: LENKA:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: LENKA:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: LENKA:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: LENKA:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: LENKA:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: LENKA:30571
Remote Address: NA
Type: UDP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: NA

Local Address: LENKA:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: LENKA:MS-SQL-M
Remote Address: NA
Type: UDP
Process: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
State: NA

Local Address: LENKA:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: LENKA:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: LENKA:HTTPS
Remote Address: NA
Type: UDP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: D:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: D:\System Volume Information\tracking.log
Status: Access denied

Object: D:\System Volume Information\_restore{14D749C5-72A6-49A9-B916-8A062E8C7619}
Status: Access denied

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied



ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2011/07/19 12:32
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Hidden/Locked Files
-------------------
Path: Volume C:\
Status: MBR Rootkit Detected!

Path: c:\documents and settings\yumi & keunsoo\local settings\temp\~df9a23.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\yumi & keunsoo\local settings\temp\~dfab3e.tmp
Status: Allocation size mismatch (API: 327680, Raw: 16384)

Path: c:\program files\microsoft sql server\mssql.1\mssql\log\log_192.trc
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: Volume D:\
Status: MBR Rootkit Detected!

[jaro3]

Stáhni si aswMBR

na svojí plochu.Poklepej na aswMBR.exe. Klikni na Scan.
Po skenu klikni na aswASW.log a ulož si ho na plochu , vlož sem celý obsak toho logu.

Stáhni Bootkit Remover

-ulož na plochu
-spusť
- pak klikni do černého okna a zkopíruj sem výsledek, případně dej screen

[indos]

aswMBR version 0.9.7.777 Copyright(c) 2011 AVAST Software
Run date: 2011-07-20 11:06:09
-----------------------------
11:06:09.296 OS Version: Windows 5.1.2600 Service Pack 3
11:06:09.296 Number of processors: 2 586 0x1C02
11:06:09.296 ComputerName: LENKA UserName:
11:06:12.296 Initialize success
11:06:41.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:06:41.734 Disk 0 Vendor: ST916031 0303 Size: 152627MB BusType: 3
11:06:41.734 Disk 0 MBR read successfully
11:06:41.750 Disk 0 MBR scan
11:06:41.750 Disk 0 Windows XP default MBR code
11:06:41.765 Disk 0 scanning sectors +312576705
11:06:41.890 Disk 0 scanning C:\WINDOWS\system32\drivers
11:06:56.359 Service scanning
11:06:57.531 Disk 0 trace - called modules:
11:06:57.531 ntkrnlpa.exe >>UNKNOWN [0x86d95eb0]<<
11:06:57.546 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d57030]
11:06:57.562 \Driver\Disk[0x86d4a850] -> IRP_MJ_CREATE -> 0x86d95eb0
11:06:57.562 Scan finished successfully
11:07:13.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Yumi & Keunsoo\My Documents\MBR.dat"
11:07:13.187 The log file has been saved successfully to "C:\Documents and Settings\Yumi & Keunsoo\My Documents\aswMBR.txt"


Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

a použij i T-Cleaner

http://www.edisk.cz/stahni/29485/T-Clea ... 8.5KB.html

smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.

**************************************************************************************************************************************

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

@ECHO OFF
remover.exe fix \\.\PhysicalDrive0

EXIT

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: fix.bat
Uložit jako typ: tak tam vyber Všechny soubory

Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Poklepej na soubor fix.bat, ten se spustí a poté se systém restartuje , pokud ne proveď sám.

**************************************************************************************************************************************
Poté opakuj :
Spusť Bootkit Remover

- pak klikni do černého okna a zkopíruj sem výsledek, případně dej screen

[indos]

Vše provedeno. Ale při poklepání na soubor fix.bat pouze krátce problikne okno, dál to vypadá, že se nic neděje, systém se nerestartuje.
Restart jsem provedla ručně, ale problém pořád přetrvává

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...

[jaro3]

Vše provedeno. Ale při poklepání na soubor fix.bat pouze krátce problikne okno, dál to vypadá, že se nic neděje, systém se nerestartuje.----to je OK , restartovat si nemusela..

Jdi na tuto stránku:
http://www.sysint.no/en/Download.aspx

a stáhni si MBRFix , rozbal si ho a ulož na svojí plochu. Potom složku otevři a zkopíruj oba soubory (mbrfix.exe and mbrfix64.exe) do své složky C:\ ( kde máš operační systém).
Poté klikni na Start>> Run( spustit) >>zkopíruj a vlož tam tento text:
C:\MbrFix.exe /drive 0 fixmbr /yes
Restartuj PC a poté spusť znovu mbr.exe a vlož sem z něj opět log.