Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
rewer
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 09 říj 2009 09:14

Prosím o kontrolu logu

#1 Příspěvek od rewer »

Problém s připojením k internetu , neustálé odpojování a zpomalení připojení . Firefox padá při otvírání stream videa
z youtube atd. . Opera padá i při normálním připojení .Děkuji .

Logfile of random's system information tool 1.06 (written by random/random)
Run by radim at 2009-12-28 21:52:21
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (8%) free of 95 GB
Total RAM: 1023 MB (68% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-13 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-13 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2009-07-11 2160840]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-13 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@OnlineArmor GUI]
C:\Program Files\Tall Emu\Online Armor\oaui.exe [2009-07-11 2160840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2005-09-09 88203]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
C:\ComboFix\ /c C:\ComboFix\C.bat []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\MAMBMalwere\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MGSysCtrl]
C:\Program Files\System Control Manager\MGSysCtrl.exe [2006-03-24 179200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2008-04-14 171008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe [2005-07-08 1953887]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2008-01-20 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-06-29 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
C:\WINDOWS\vsnp2std.exe [2005-08-16 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-11-23 2001648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
C:\WINDOWS\tsnp2std.exe [2005-08-17 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~3\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Wireless Utility.lnk]
C:\PROGRA~1\EDIMAX\Common\RaUI.exe [2007-12-14 716800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^radim^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-10-04 393216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-01-10 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2009-07-11 336584]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\GAMEs\LOTR II\game.dat"="C:\GAMEs\LOTR II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Utorent\uTorrent\utorrent.exe"="C:\Program Files\Utorent\uTorrent\utorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23109fe1-918a-11de-b2de-0016174fa96c}]
shell\AutoRun\command - F:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f04a5077-e182-11de-b37d-d5c87f440030}]
shell\AutoRun\command - G:\AutoRun.exe


======List of files/folders created in the last 1 months======

2009-12-28 21:52:22 ----D---- C:\Program Files\trend micro
2009-12-28 21:52:21 ----D---- C:\rsit
2009-12-25 15:04:54 ----D---- C:\Program Files\DIFX
2009-12-25 15:04:44 ----D---- C:\Program Files\Garmin
2009-12-25 15:04:43 ----D---- C:\Garmin
2009-12-21 23:21:52 ----D---- C:\Program Files\CCleaner
2009-12-20 18:04:34 ----D---- C:\Documents and Settings\radim\Data aplikací\Download Manager
2009-12-13 02:11:39 ----A---- C:\WINDOWS\system32\javaws.exe
2009-12-13 02:11:39 ----A---- C:\WINDOWS\system32\javaw.exe
2009-12-13 02:11:39 ----A---- C:\WINDOWS\system32\java.exe
2009-12-13 01:09:57 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-12-12 23:29:37 ----D---- C:\Program Files\JAVASUN
2009-12-12 23:13:35 ----D---- C:\Program Files\JavaObnovaVerzí
2009-12-12 22:47:32 ----D---- C:\Program Files\OTCcleaner
2009-12-12 21:27:47 ----D---- C:\HijackThis
2009-12-12 20:42:47 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2009-12-12 20:04:01 ----D---- C:\32788R22FWJFW
2009-12-12 15:10:04 ----D---- C:\Documents and Settings\radim\Data aplikací\dvdcss
2009-12-12 15:06:37 ----D---- C:\Documents and Settings\radim\Data aplikací\vlc
2009-12-10 22:52:05 ----SHD---- C:\RECYCLER
2009-12-10 19:53:24 ----A---- C:\WINDOWS\PEV.exe
2009-12-10 19:53:24 ----A---- C:\WINDOWS\MBR.exe
2009-12-10 02:37:10 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-10 02:37:02 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-10 02:36:48 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-10 02:36:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-10 02:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-10 02:36:19 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-10 02:15:36 ----D---- C:\Documents and Settings\radim\Data aplikací\GRETECH
2009-12-10 01:56:37 ----D---- C:\Program Files\GOMplayer
2009-12-09 21:55:09 ----A---- C:\UsbFix.txt
2009-12-09 18:24:13 ----RAD---- C:\autorun.inf
2009-12-08 19:24:34 ----D---- C:\UsbFix
2009-12-06 14:12:57 ----D---- C:\Program Files\RootkitRevealer
2009-12-06 10:23:23 ----D---- C:\Program Files\MobilePartner
2009-12-05 15:24:18 ----D---- C:\Documents and Settings\radim\Data aplikací\Opera
2009-12-05 15:21:02 ----D---- C:\Program Files\Opera Turbo
2009-12-04 20:20:24 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-04 20:07:40 ----D---- C:\Program Files\SUPERAntiSpyware
2009-12-04 13:16:11 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2009-12-02 11:17:38 ----D---- C:\Program Files\O2 Mobilni internet
2009-12-01 16:17:15 ----D---- C:\Program Files\directx
2009-12-01 15:57:31 ----D---- C:\Program Files\Nival Interactive

======List of files/folders modified in the last 1 months======

2009-12-28 21:52:22 ----D---- C:\Program Files
2009-12-28 21:49:35 ----D---- C:\WINDOWS\Prefetch
2009-12-28 21:35:07 ----D---- C:\WINDOWS
2009-12-28 21:35:03 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-28 21:35:01 ----HD---- C:\WINDOWS\inf
2009-12-28 21:30:58 ----D---- C:\Program Files\Mozilla Firefox
2009-12-28 21:26:46 ----D---- C:\WINDOWS\Temp
2009-12-28 21:22:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-28 14:51:05 ----SHD---- C:\WINDOWS\Installer
2009-12-26 17:44:58 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-25 16:08:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-21 02:04:40 ----D---- C:\Documents and Settings\radim\Data aplikací\GARMIN
2009-12-21 00:52:11 ----D---- C:\WINDOWS\system32\Restore
2009-12-18 14:56:38 ----D---- C:\WINDOWS\system32
2009-12-14 13:41:15 ----RASH---- C:\boot.ini
2009-12-14 13:41:15 ----A---- C:\WINDOWS\win.ini
2009-12-14 13:41:15 ----A---- C:\WINDOWS\system.ini
2009-12-13 01:09:31 ----D---- C:\Program Files\Java
2009-12-12 21:34:17 ----D---- C:\Program Files\HijackThis
2009-12-12 20:48:00 ----D---- C:\WINDOWS\Debug
2009-12-12 20:44:32 ----D---- C:\WINDOWS\AppPatch
2009-12-12 20:42:51 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-12-12 20:41:23 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-12 15:03:51 ----D---- C:\Program Files\VLC Player
2009-12-10 21:51:34 ----D---- C:\WINDOWS\pss
2009-12-10 20:22:55 ----D---- C:\WINDOWS\system32\drivers
2009-12-10 20:01:19 ----D---- C:\Program Files\Common Files
2009-12-10 12:25:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-09 14:43:27 ----D---- C:\Program Files\golm
2009-12-09 11:12:31 ----A---- C:\WINDOWS\WORDPAD.INI
2009-12-09 03:09:26 ----D---- C:\Downloads
2009-12-09 01:13:17 ----SHD---- C:\System Volume Information
2009-12-07 16:32:53 ----D---- C:\WINDOWS\ERDNT
2009-12-04 22:44:33 ----D---- C:\Program Files\Adobe
2009-12-04 20:20:44 ----D---- C:\Documents and Settings\radim\Data aplikací\SUPERAntiSpyware.com
2009-12-04 20:16:57 ----D---- C:\Program Files\SuperaAntiSpyWare
2009-12-04 08:57:19 ----A---- C:\WINDOWS\wincmd.ini
2009-12-03 16:23:52 ----D---- C:\WINDOWS\system32\config
2009-12-01 21:06:19 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-30 12:32:25 ----D---- C:\Documents and Settings\radim\Data aplikací\Desktopicon
2009-11-30 12:32:07 ----D---- C:\Program Files\MAMBMalwere
2009-11-30 00:12:40 ----D---- C:\Documents and Settings\radim\Data aplikací\uTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []
R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []
R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-04-23 21361]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-09-26 1145728]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-10 1421312]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-09-26 101376]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-16 4249088]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Bridge;Most MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;Miniport mostu MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-04-20 17480]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PavTPK.sys;PavTPK.sys; \??\C:\WINDOWS\system32\PavTPK.sys []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-10-09 47360]
S3 RT2500;RT2500 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys []
S3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2008-01-15 459520]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-08-25 8807424]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-04-10 104576]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-04-12 639224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-10 405504]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 NishService;SCM Driver Daemon; C:\Program Files\System Control Manager\edd.exe [2006-03-22 40960]
R2 O2Flash;O2Micro Flash Memory; C:\WINDOWS\system32\o2flash.exe [2005-01-27 36864]
R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\OAcat.exe [2009-07-11 362184]
S2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2009-07-11 3285704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 XVYLU;XVYLU; C:\DOCUME~1\radim\LOCALS~1\Temp\XVYLU.exe []
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

meteorolog
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 308
Registrován: 07 led 2007 15:20
Bydliště: Pardubice

Re: Prosím o kontrolu logu

#2 Příspěvek od meteorolog »

Dobrý den :-)

použijte http://sweb.cz/Marinus/T-Cleaner.exe - pro potvrzení stiskněte vždy klávesu A nebo Enter restartujte PC a postup zopakujte - dojde k odebrání všech komponent Combofixu
(utilita může být označena antivirem jako vir - po použití ji smažte)

a pošlete nový log z Combofix:

Stáhneme na plochu, ukončíme všechna aktivní okna a spustíme ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Po spuštění potvrdíme podmínky užití
- Dále postupujeme dle pokynů, během aplikování ComboFixu neklikejte do zobrazujících se oken
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt
- ComboFix je třeba spustit pod účtem s právy administrátora
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."

"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)

rewer
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 09 říj 2009 09:14

Re: Prosím o kontrolu logu

#3 Příspěvek od rewer »

T Cleaner jsem použil a log z CoboFix je zde , ale musel jsem ho rozdělit na dvě části , protože byl moc dlouhý .
Děkuji .
ComboFix 09-12-28.05 - radim 29.12.2009 13:19:32.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.637 [GMT 1:00]
Spuštěný z: c:\documents and settings\radim\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091229-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-11-28 do 2009-12-29 )))))))))))))))))))))))))))))))
.

2009-12-29 12:06 . 2009-12-29 12:08 -------- d-----w- C:\TCleanerOdstraneníistícíchUtilitzPC
2009-12-28 20:52 . 2009-12-28 20:52 -------- d-----w- c:\program files\trend micro
2009-12-25 14:04 . 2009-12-25 14:04 -------- d-----w- c:\program files\DIFX
2009-12-25 14:04 . 2009-12-26 16:45 -------- d-----w- c:\program files\Garmin
2009-12-25 14:04 . 2009-12-26 14:21 -------- d-----w- C:\Garmin
2009-12-21 22:21 . 2009-12-21 22:28 -------- d-----w- c:\program files\CCleaner
2009-12-13 00:09 . 2009-12-13 01:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-12 22:29 . 2009-12-13 01:07 -------- d-----w- c:\program files\JAVASUN
2009-12-12 22:13 . 2009-12-12 22:15 -------- d-----w- c:\program files\JavaObnovaVerzí
2009-12-12 21:47 . 2009-12-12 21:51 -------- d-----w- c:\program files\OTCcleaner
2009-12-12 20:27 . 2009-12-12 20:28 -------- d-----w- C:\HijackThis
2009-12-10 00:56 . 2009-12-10 01:14 -------- d-----w- c:\program files\GOMplayer
2009-12-09 00:10 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\71871562.sys
2009-12-09 00:10 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\7187156.sys
2009-12-09 00:10 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\71871561.sys
2009-12-08 18:24 . 2009-12-09 20:55 -------- d-----w- C:\UsbFix
2009-12-06 13:12 . 2009-12-06 15:41 -------- d-----w- c:\program files\RootkitRevealer
2009-12-06 09:23 . 2009-12-06 09:32 -------- d-----w- c:\program files\MobilePartner
2009-12-05 14:21 . 2009-12-28 13:51 -------- d-----w- c:\program files\Opera Turbo
2009-12-04 21:35 . 2009-12-04 21:35 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-12-04 19:20 . 2009-12-04 19:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-04 19:07 . 2009-12-04 19:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-04 12:14 . 2008-09-26 17:01 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2009-12-04 12:14 . 2008-09-26 17:01 113664 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2009-12-04 12:14 . 2008-09-26 17:01 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2009-12-04 12:14 . 2008-09-26 17:00 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2009-12-02 10:17 . 2009-12-05 17:47 -------- d-----w- c:\program files\O2 Mobilni internet
2009-12-01 15:17 . 2009-12-01 15:17 -------- d-----w- c:\program files\directx
2009-12-01 14:57 . 2009-12-01 14:57 -------- d-----w- c:\program files\Nival Interactive

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-13 00:09 . 2007-11-21 11:01 -------- d-----w- c:\program files\Java
2009-12-12 14:03 . 2007-02-09 14:31 -------- d-----w- c:\program files\VLC Player
2009-12-10 11:25 . 2004-08-18 11:00 81034 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 11:25 . 2004-08-18 11:00 434234 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 13:43 . 2008-01-04 10:06 -------- d-----w- c:\program files\golm
2009-12-04 19:16 . 2009-10-16 14:09 -------- d-----w- c:\program files\SuperaAntiSpyWare
2009-11-30 11:32 . 2009-10-16 13:54 -------- d-----w- c:\program files\MAMBMalwere
2009-11-27 20:18 . 2009-11-27 20:17 -------- d-----w- c:\program files\MalwareBytes
2009-11-27 20:10 . 2009-11-27 20:10 -------- d-----w- c:\program files\MSXML 4.0
2009-11-24 23:54 . 2009-09-11 08:25 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-09-11 08:25 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-09-11 08:25 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-09-11 08:25 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-09-11 08:25 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-09-11 08:25 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-09-11 08:25 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-09-11 08:25 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-09-11 08:25 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2004-08-18 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 11:35 . 2009-11-21 11:33 -------- d-----w- c:\program files\DesetiPrsty
2009-11-19 11:37 . 2009-11-19 11:32 -------- d-----w- c:\program files\anonimizer TOR
2009-11-15 20:00 . 2009-11-15 19:57 -------- d-----w- c:\program files\INKSCAPEgrafika
2009-10-30 21:52 . 2007-04-12 08:32 -------- d-----w- c:\program files\FireFox
2009-10-29 05:26 . 2004-08-18 11:00 668160 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2004-08-18 11:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-18 11:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2009-08-13 06:31 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2004-08-18 11:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2004-08-18 11:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2004-08-18 11:00 150016 ----a-w- c:\windows\system32\rastls.dll
2008-04-14 18:41 . 2008-04-14 18:41 1086613 ----a-w- c:\program files\PowerISO39.exe
2007-12-27 18:46 . 2007-12-27 18:45 1734996 ----a-w- c:\program files\free-ipod-video-converter.exe
2007-02-08 17:36 . 2007-02-08 17:36 11855 ----a-w- c:\program files\DCPlusPlus0694CZ.rar
2007-02-08 17:24 . 2007-02-08 16:46 4277889 ----a-w- c:\program files\sdc203.rar
2007-02-08 17:11 . 2007-02-08 17:11 1201644 ----a-w- c:\program files\wrar37b3.exe
2007-02-08 17:08 . 2007-02-08 17:07 2072464 ----a-w- c:\program files\tcmd7pb3.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-07-11 2160840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-13 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-07-11 336584]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Wireless Utility.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Wireless Utility.lnk
backup=c:\windows\pss\Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^radim^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
C:\ComboFix [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@OnlineArmor GUI]
2009-07-11 03:15 2160840 ----a-w- c:\program files\Tall Emu\Online Armor\oaui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-09-09 03:20 88203 ----a-r- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 15:50 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-09-10 13:53 1312080 ----a-w- c:\program files\MAMBMalwere\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MGSysCtrl]
2006-03-24 14:23 179200 ----a-w- c:\program files\System Control Manager\MGSysCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 03:22 171008 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 10:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
2005-07-08 15:01 1953887 ------w- c:\program files\CyberLink\Power2Go\Power2GoExpress.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-01-20 07:05 217088 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-06-29 00:03 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
2005-08-16 20:54 339968 ----a-w- c:\windows\vsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 11:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-11-23 07:43 2001648 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
2005-08-17 14:57 90112 ----a-w- c:\windows\tsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 14:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\GAMEs\\LOTR II\\game.dat"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Utorent\\uTorrent\\utorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23859:TCP"= 23859:TCP:BitComet 23859 TCP
"23859:UDP"= 23859:UDP:BitComet 23859 UDP
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27.2.2006 8:00 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20.2.2006 9:01 29056]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11.9.2009 9:25 114768]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [20.6.2008 17:34 200784]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [20.6.2008 17:34 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\oanet.sys [20.6.2008 17:34 29776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23.11.2009 8:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.11.2009 8:43 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.9.2009 9:25 20560]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [13.8.2009 10:51 362184]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [20.6.2008 17:34 3285704]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.4.2007 13:34 639224]
S2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [7.2.2007 10:58 40960]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23.11.2009 8:43 7408]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [4.12.2009 22:35 23600]
S3 XVYLU;XVYLU;c:\docume~1\radim\LOCALS~1\Temp\XVYLU.exe --> c:\docume~1\radim\LOCALS~1\Temp\XVYLU.exe [?]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
TCP: {CFFB196D-329C-46D0-8BCD-E32B9DD0022C} = 217.195.160.10,217.195.165.131
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
FF - component: c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
FF - plugin: c:\program files\golm\Real Alternative\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\golm\Real Alternative\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera Turbo\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera Turbo\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\VLC Player\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

rewer
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 09 říj 2009 09:14

Re: Prosím o kontrolu logu

#4 Příspěvek od rewer »

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-29 13:29
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\windows\$NtUninstallKB952069_WM9$
c:\windows\vsnp2std.exe 339968 bytes executable
c:\windows\WBEM
c:\windows\Web
c:\windows\wiadebug.log 159 bytes
c:\windows\wiaservc.log 50 bytes
c:\windows\win.ini 781 bytes
c:\windows\wincmd.ini 1310 bytes
c:\windows\WindowsShell.Manifest 749 bytes
c:\windows\WindowsUpdate.log 1581681 bytes
c:\windows\WindowsXP-KB822603-x86.exe 349472 bytes executable
c:\windows\winhelp.exe 256419 bytes
c:\windows\winhlp32.exe 283648 bytes executable
c:\windows\winnt.bmp 48680 bytes
c:\windows\winnt256.bmp 48680 bytes
c:\windows\grep.exe 80412 bytes executable
c:\windows\Help
c:\windows\hh.exe 10752 bytes executable
c:\windows\HideWin.exe 315392 bytes executable
c:\windows\ie8updates
c:\windows\IFinst27.exe 65536 bytes executable
c:\windows\ime
c:\windows\inf
c:\windows\Installer
c:\windows\Internet Logs
c:\windows\IsUn0405.exe 307200 bytes executable
c:\windows\IsUninst.exe 306688 bytes executable
c:\windows\iun6002.exe 737280 bytes executable
c:\windows\pss
c:\windows\RAR.PIF 545 bytes
c:\windows\regedit.exe 147968 bytes executable
c:\windows\Registration
c:\windows\repair
c:\windows\Resources
c:\windows\Rododendron.bmp 17362 bytes
c:\windows\RTHDCPL.exe 16010752 bytes executable
c:\windows\RTLCPL.exe 9711104 bytes executable
c:\windows\RtlExUpd.dll 520192 bytes executable
c:\windows\RtlUpd.exe 364544 bytes executable
c:\windows\SchedLgU.Txt 32602 bytes
c:\windows\security
c:\windows\sed.exe 98816 bytes executable
c:\windows\ServicePackFiles
c:\windows\Mýdlové bubliny.bmp 65978 bytes
c:\windows\Na rybách.bmp 17336 bytes
c:\windows\network diagnostic
c:\windows\NIRCMD.exe 31232 bytes executable
c:\windows\NOCLOSE.PIF 545 bytes
c:\windows\notepad.exe 69632 bytes executable
c:\windows\nsreg.dat 0 bytes
c:\windows\ODBC.INI 390 bytes
c:\windows\ODBCINST.INI 4249 bytes
c:\windows\Offline Web Pages
c:\windows\Omítka Santa Fe.bmp 65832 bytes
c:\windows\PCDLIB32.DLL 212480 bytes executable
c:\windows\pchealth
c:\windows\PeerNet
c:\windows\PEV.exe 261632 bytes executable
c:\windows\PIF
c:\windows\PKUNZIP.PIF 545 bytes
c:\windows\PKZIP.PIF 545 bytes
c:\windows\Prefetch
c:\windows\Provisioning
c:\windows\Prérijní vítr.bmp 65954 bytes
c:\windows\setupact.log 41 bytes
c:\windows\setupapi.log 4024 bytes
c:\windows\setuperr.log 0 bytes
c:\windows\ShellNew
c:\windows\slrundll.exe 32866 bytes executable
c:\windows\snp2std.ini 15497 bytes
c:\windows\snp2std.src 13022 bytes
c:\windows\SoftwareDistribution
c:\windows\SoundMan.exe 86016 bytes executable
c:\windows\srchasst
c:\windows\ST6UNST.000 4565 bytes
c:\windows\ST6UNST.EXE 73216 bytes executable
c:\windows\Sti_Trace.log 0 bytes
c:\windows\Sun
c:\windows\SWREG.exe 161792 bytes executable
c:\windows\SWSC.exe 136704 bytes executable
c:\windows\SWXCACLS.exe 212480 bytes executable
c:\windows\SxsCaPendDel
c:\windows\system.ini 277 bytes
c:\windows\system32
c:\windows\system32CmdLineExt.dll 98304 bytes executable
c:\windows\$NtUninstallKB890859$
c:\windows\$NtUninstallKB914389$
c:\windows\$NtUninstallKB922819$
c:\windows\$NtUninstallKB927779$
c:\windows\$NtUninstallKB932168$
c:\windows\$NtUninstallKB941202$
c:\windows\$NtUninstallKB946627$
c:\windows\$hf_mig$
c:\windows\$MSI31Uninstall_KB893803v2$
c:\windows\control.ini 0 bytes
c:\windows\Cursors
c:\windows\Debug
c:\windows\desktop.ini 2 bytes
c:\windows\doom3.ini 317 bytes
c:\windows\Downloaded Installations
c:\windows\Downloaded Program Files
c:\windows\Driver Cache
c:\windows\dsez6485.dat 41 bytes
c:\windows\ehome
c:\windows\ERDNT
c:\windows\explorer.exe 1034240 bytes executable
c:\windows\explorer.scf 80 bytes
c:\windows\$NtUninstallKB958215$
c:\windows\$NtUninstallKB958215_0$
c:\windows\$NtUninstallKB958470$
c:\windows\$NtUninstallKB958644$
c:\windows\$NtUninstallKB958644_0$
c:\windows\$NtUninstallKB958687$
c:\windows\$NtUninstallKB958687_0$
c:\windows\$NtUninstallKB958869$
c:\windows\$NtUninstallKB959426$
c:\windows\$NtUninstallKB959426_0$
c:\windows\$NtUninstallKB959772_WM11$
c:\windows\$NtUninstallKB960225$
c:\windows\$NtUninstallKB960225_0$
c:\windows\$NtUninstallKB960714$
c:\windows\$NtUninstallKB960714_0$
c:\windows\$NtUninstallKB960803$
c:\windows\$NtUninstallKB960803_0$
c:\windows\$NtUninstallKB960859$
c:\windows\$NtUninstallKB961118$
c:\windows\$NtUninstallKB961371-v2$
c:\windows\$NtUninstallKB961501$
c:\windows\0.log 0 bytes
c:\windows\addins
c:\windows\agrsmdel.exe 68096 bytes executable
c:\windows\AGRSMMSG.exe 88203 bytes executable
c:\windows\Alcmtr.exe 69632 bytes executable
c:\windows\alcwzrd.exe 2809344 bytes executable
c:\windows\amcap.exe 94208 bytes executable
c:\windows\AppPatch
c:\windows\ARJ.PIF 545 bytes
c:\windows\assembly
c:\windows\avisplitter.INI 38 bytes
c:\windows\bootstat.dat 2048 bytes
c:\windows\clock.avi 82944 bytes
c:\windows\Config
c:\windows\$NtUninstallKB891781$
c:\windows\$NtUninstallKB893756$
c:\windows\$NtUninstallKB894391$
c:\windows\$NtUninstallKB896358$
c:\windows\$NtUninstallKB896423$
c:\windows\$NtUninstallKB896424$
c:\windows\$NtUninstallKB896428$
c:\windows\$NtUninstallKB898461$
c:\windows\$NtUninstallKB899587$
c:\windows\$NtUninstallKB899591$
c:\windows\$NtUninstallKB900485$
c:\windows\$NtUninstallKB900725$
c:\windows\$NtUninstallKB901017$
c:\windows\$NtUninstallKB901214$
c:\windows\$NtUninstallKB902400$
c:\windows\$NtUninstallKB904706$
c:\windows\$NtUninstallKB905414$
c:\windows\$NtUninstallKB905749$
c:\windows\$NtUninstallKB908519$
c:\windows\$NtUninstallKB908531$
c:\windows\$NtUninstallKB909394$
c:\windows\$NtUninstallKB910437$
c:\windows\$NtUninstallKB911280$
c:\windows\$NtUninstallKB911562$
c:\windows\$NtUninstallKB911564$
c:\windows\$NtUninstallKB911927$
c:\windows\$NtUninstallKB912919$
c:\windows\$NtUninstallKB913580$
c:\windows\$NtUninstallKB914388$
c:\windows\$NtUninstallKB916595$
c:\windows\$NtUninstallKB917344$
c:\windows\$NtUninstallKB917422$
c:\windows\$NtUninstallKB917734_WMP9$
c:\windows\$NtUninstallKB917953$
c:\windows\$NtUninstallKB918118$
c:\windows\$NtUninstallKB918439$
c:\windows\$NtUninstallKB919007$
c:\windows\$NtUninstallKB920213$
c:\windows\$NtUninstallKB920670$
c:\windows\$NtUninstallKB920683$
c:\windows\$NtUninstallKB920685$
c:\windows\$NtUninstallKB920872$
c:\windows\$NtUninstallKB921398$
c:\windows\$NtUninstallKB921503$
c:\windows\$NtUninstallKB922582$
c:\windows\$NtUninstallKB922616$
c:\windows\$NtUninstallKB923191$
c:\windows\$NtUninstallKB923414$
c:\windows\$NtUninstallKB923561$
c:\windows\$NtUninstallKB923561_0$
c:\windows\$NtUninstallKB923689$
c:\windows\$NtUninstallKB923694$
c:\windows\$NtUninstallKB923980$
c:\windows\$NtUninstallKB924191$
c:\windows\$NtUninstallKB924270$
c:\windows\$NtUninstallKB924496$
c:\windows\$NtUninstallKB924667$
c:\windows\$NtUninstallKB925398_WMP64$
c:\windows\$NtUninstallKB925454$
c:\windows\$NtUninstallKB925902$
c:\windows\$NtUninstallKB926239$
c:\windows\$NtUninstallKB926255$
c:\windows\$NtUninstallKB926436$
c:\windows\wmprfCSY.prx 36582 bytes
c:\windows\WMSysPr8.prx 156910 bytes
c:\windows\WMSysPr9.prx 316640 bytes
c:\windows\WORDPAD.INI 754 bytes
c:\windows\x2.64.exe 502784 bytes executable
c:\windows\Zapotec.bmp 9522 bytes
c:\windows\Zelený kámen.bmp 26582 bytes
c:\windows\zip.exe 68096 bytes executable
c:\windows\Zrnko kávy.bmp 17062 bytes
c:\windows\_default.pif 707 bytes
c:\windows\Řeka Sumida.bmp 26680 bytes
c:\windows\l2schemas
c:\windows\LHA.PIF 545 bytes
c:\windows\lmunin2.exe 28672 bytes executable
c:\windows\$NtServicePackUninstall$
c:\windows\$NtUninstallKB873339$
c:\windows\$NtUninstallKB885835$
c:\windows\$NtUninstallKB885836$
c:\windows\$NtUninstallKB886185$
c:\windows\$NtUninstallKB887472$
c:\windows\$NtUninstallKB888111WXPSP2$
c:\windows\$NtUninstallKB888302$
c:\windows\$NtUninstallKB927802$
c:\windows\$NtUninstallKB927891$
c:\windows\$NtUninstallKB928090$
c:\windows\$NtUninstallKB928255$
c:\windows\$NtUninstallKB928843$
c:\windows\$NtUninstallKB929123$
c:\windows\$NtUninstallKB929338$
c:\windows\$NtUninstallKB929399$
c:\windows\$NtUninstallKB929969$
c:\windows\$NtUninstallKB930178$
c:\windows\$NtUninstallKB930916$
c:\windows\$NtUninstallKB931261$
c:\windows\$NtUninstallKB931768$
c:\windows\$NtUninstallKB931784$
c:\windows\$NtUninstallKB931836$
c:\windows\MBR.exe 77312 bytes executable
c:\windows\Media
c:\windows\meta4.exe 217073 bytes executable
c:\windows\MicCal.exe 2158592 bytes executable
c:\windows\Microsoft.NET
c:\windows\Minidump
c:\windows\ModemLog_Agere Systems HDA Modem v6081.txt 8328 bytes
c:\windows\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt 12904 bytes
c:\windows\Modrá krajka 16.bmp 1272 bytes
c:\windows\MOTA113.exe 66560 bytes executable
c:\windows\mozver.dat 2121 bytes
c:\windows\msagent
c:\windows\msapps
c:\windows\msdfmap.ini 1405 bytes
c:\windows\$NtUninstallKB933360$
c:\windows\$NtUninstallKB933566$
c:\windows\$NtUninstallKB933729$
c:\windows\$NtUninstallKB935448$
c:\windows\$NtUninstallKB935839$
c:\windows\$NtUninstallKB935840$
c:\windows\$NtUninstallKB936021$
c:\windows\$NtUninstallKB936782_WMP11$
c:\windows\$NtUninstallKB937143$
c:\windows\$NtUninstallKB937894$
c:\windows\$NtUninstallKB938127$
c:\windows\$NtUninstallKB938464$
c:\windows\$NtUninstallKB938464-v2$
c:\windows\$NtUninstallKB938464_0$
c:\windows\$NtUninstallKB938828$
c:\windows\$NtUninstallKB938829$
c:\windows\$NtUninstallKB939653$
c:\windows\$NtUninstallKB939683$
c:\windows\TASKMAN.EXE 15360 bytes executable
c:\windows\Tasks
c:\windows\Temp
c:\windows\Textura peří.bmp 16730 bytes
c:\windows\tsnp2std.exe 90112 bytes executable
c:\windows\twain.dll 94784 bytes
c:\windows\twain_32
c:\windows\twain_32.dll 50688 bytes executable
c:\windows\twunk_16.exe 49680 bytes
c:\windows\twunk_32.exe 25600 bytes executable
c:\windows\UC.PIF 545 bytes
c:\windows\usnp2std.exe 20480 bytes executable
c:\windows\vb.ini 36 bytes
c:\windows\vbaddin.ini 37 bytes
c:\windows\VBR6.CAB 4875633 bytes
c:\windows\$NtUninstallKB973346$
c:\windows\$NtUninstallKB973354$
c:\windows\$NtUninstallKB973354_0$
c:\windows\$NtUninstallKB973507$
c:\windows\$NtUninstallKB973507_0$
c:\windows\$NtUninstallKB973525$
c:\windows\$NtUninstallKB973540_WM9L$
c:\windows\$NtUninstallKB973687$
c:\windows\$NtUninstallKB973815$
c:\windows\$NtUninstallKB973815_0$
c:\windows\$NtUninstallKB973869$
c:\windows\$NtUninstallKB973869_0$
c:\windows\$NtUninstallKB973904$
c:\windows\$NtUninstallKB974112$
c:\windows\$NtUninstallKB974318$
c:\windows\$NtUninstallKB974392$
c:\windows\$NtUninstallKB974455$
c:\windows\$NtUninstallKB974571$
c:\windows\$NtUninstallKB975025$
c:\windows\$NtUninstallKB975467$
c:\windows\$NtUninstallKB976098-v2$
c:\windows\$NtUninstallKB976325$
c:\windows\$NtUninstallKB976749$
c:\windows\$NtUninstallMSCompPackV1$
c:\windows\$NtUninstallWMFDist11$
c:\windows\$NtUninstallwmp11$
c:\windows\$NtUninstallWudf01000$
c:\windows\$NtUninstallKB941568$
c:\windows\$NtUninstallKB941569$
c:\windows\$NtUninstallKB941644$
c:\windows\$NtUninstallKB941693$
c:\windows\$NtUninstallKB942615$
c:\windows\$NtUninstallKB942763$
c:\windows\$NtUninstallKB942840$
c:\windows\$NtUninstallKB943055$
c:\windows\$NtUninstallKB943460$
c:\windows\$NtUninstallKB943485$
c:\windows\$NtUninstallKB944338$
c:\windows\$NtUninstallKB944533$
c:\windows\$NtUninstallKB944653$
c:\windows\$NtUninstallKB945553$
c:\windows\$NtUninstallKB946026$
c:\windows\$NtUninstallKB967715$
c:\windows\$NtUninstallKB967715_0$
c:\windows\$NtUninstallKB968389$
c:\windows\$NtUninstallKB968537$
c:\windows\$NtUninstallKB968537_0$
c:\windows\$NtUninstallKB968816_WM9$
c:\windows\$NtUninstallKB969059$
c:\windows\$NtUninstallKB969947$
c:\windows\$NtUninstallKB970238$
c:\windows\$NtUninstallKB970238_0$
c:\windows\$NtUninstallKB970430$
c:\windows\$NtUninstallKB970653-v3$
c:\windows\$NtUninstallKB971032$
c:\windows\$NtUninstallKB971486$
c:\windows\$NtUninstallKB971557$
c:\windows\$NtUninstallKB971633$
c:\windows\$NtUninstallKB971633_0$
c:\windows\$NtUninstallKB971657$
c:\windows\$NtUninstallKB971737$
c:\windows\$NtUninstallKB971961$
c:\windows\$NtUninstallKB972260$
c:\windows\$NtUninstallKB946648$
c:\windows\$NtUninstallKB946648_0$
c:\windows\$NtUninstallKB947864$
c:\windows\$NtUninstallKB948590$
c:\windows\$NtUninstallKB948881$
c:\windows\$NtUninstallKB950749$
c:\windows\$NtUninstallKB950759$
c:\windows\$NtUninstallKB950759_0$
c:\windows\$NtUninstallKB950760$
c:\windows\$NtUninstallKB950762$
c:\windows\$NtUninstallKB950762_0$
c:\windows\$NtUninstallKB950974$
c:\windows\$NtUninstallKB950974_0$
c:\windows\$NtUninstallKB951066$
c:\windows\$NtUninstallKB951066_0$
c:\windows\$NtUninstallKB951072-v2$
c:\windows\$NtUninstallKB951376$
c:\windows\$NtUninstallKB951376-v2$
c:\windows\$NtUninstallKB951376-v2_0$
c:\windows\$NtUninstallKB951376_0$
c:\windows\$NtUninstallKB951698$
c:\windows\$NtUninstallKB951698_0$
c:\windows\$NtUninstallKB951748$
c:\windows\$NtUninstallKB951748_0$
c:\windows\$NtUninstallKB951978$
c:\windows\$NtUninstallKB952004$
c:\windows\$NtUninstallKB952004_0$
c:\windows\$NtUninstallKB956390$
c:\windows\$NtUninstallKB956390_0$
c:\windows\$NtUninstallKB956391$
c:\windows\$NtUninstallKB956572$
c:\windows\$NtUninstallKB956744$
c:\windows\$NtUninstallKB956802$
c:\windows\$NtUninstallKB956802_0$
c:\windows\$NtUninstallKB956803$
c:\windows\$NtUninstallKB956803_0$
c:\windows\$NtUninstallKB956841$
c:\windows\$NtUninstallKB956841_0$
c:\windows\$NtUninstallKB956844$
c:\windows\$NtUninstallKB957095$
c:\windows\$NtUninstallKB957095_0$
c:\windows\$NtUninstallKB957097$
c:\windows\$NtUninstallKB952287$
c:\windows\$NtUninstallKB952287_0$
c:\windows\$NtUninstallKB952954$
c:\windows\$NtUninstallKB952954_0$
c:\windows\$NtUninstallKB953838$
c:\windows\$NtUninstallKB953838_0$
c:\windows\$NtUninstallKB953839$
c:\windows\$NtUninstallKB954154_WM11$
c:\windows\$NtUninstallKB954155_WM9$
c:\windows\$NtUninstallKB954211$
c:\windows\$NtUninstallKB954211_0$
c:\windows\$NtUninstallKB954459$
c:\windows\$NtUninstallKB954600$
c:\windows\$NtUninstallKB954600_0$
c:\windows\$NtUninstallKB955069$
c:\windows\$NtUninstallKB955069_0$
c:\windows\$NtUninstallKB955759$
c:\windows\$NtUninstallKB955839$
c:\windows\$NtUninstallKB957097_0$
c:\windows\$NtUninstallKB961501_0$
c:\windows\$NtUninstallKB972260_0$
c:\windows\Connection Wizard
c:\windows\Fonts
c:\windows\java
c:\windows\MAXLINK.INI 416 bytes
c:\windows\mui
c:\windows\vmmreg32.dll 18944 bytes executable
c:\windows\WinSxS
c:\windows\system32\drivers\sr.sys 73344 bytes executable
c:\windows\system32\drivers\srv.sys 333952 bytes executable
c:\windows\system32\drivers\stream.sys 49408 bytes executable
c:\windows\system32\drivers\streamip.sys 15232 bytes executable
c:\windows\system32\drivers\swenum.sys 4352 bytes executable
c:\windows\system32\drivers\swmidi.sys 56576 bytes executable
c:\windows\system32\drivers\sysaudio.sys 60800 bytes executable
c:\windows\system32\drivers\tape.sys 14976 bytes executable
c:\windows\system32\drivers\tcpip.sys 361600 bytes executable
c:\windows\system32\drivers\tcpip6.sys 225856 bytes executable
c:\windows\system32\drivers\tdi.sys 19072 bytes executable
c:\windows\system32\drivers\tdpipe.sys 12040 bytes executable
c:\windows\system32\drivers\tdtcp.sys 21896 bytes executable
c:\windows\system32\drivers\termdd.sys 40840 bytes executable
c:\windows\system32\drivers\tosdvd.sys 51712 bytes executable
c:\windows\system32\drivers\tsbvcap.sys 21376 bytes executable
c:\windows\system32\drivers\tunmp.sys 12288 bytes executable
c:\windows\system32\drivers\TVICHW32.SYS 23600 bytes executable
c:\windows\system32\drivers\uagp35.sys 44672 bytes executable
c:\windows\system32\drivers\udfs.sys 66048 bytes executable
c:\windows\system32\drivers\UMDF
c:\windows\system32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf 0 bytes
c:\windows\system32\drivers\UMDF\wpdmtpdr.dll 671232 bytes executable
c:\windows\system32\drivers\update.sys 384768 bytes executable
c:\windows\system32\drivers\usb8023.sys 12800 bytes executable
c:\windows\system32\drivers\usb8023x.sys 12800 bytes executable
c:\windows\system32\drivers\usbcamd.sys 25600 bytes executable
c:\windows\system32\drivers\usbcamd2.sys 25728 bytes executable
c:\windows\system32\drivers\usbccgp.sys 32128 bytes executable
c:\windows\system32\drivers\ewdcsc.sys 24448 bytes executable
c:\windows\system32\drivers\ewusbmdm.sys 101376 bytes executable
c:\windows\system32\drivers\ewusbnet.sys 113664 bytes executable
c:\windows\system32\drivers\fastfat.sys 143744 bytes executable
c:\windows\system32\drivers\fdc.sys 27392 bytes executable
c:\windows\system32\drivers\fips.sys 44544 bytes executable
c:\windows\system32\drivers\flpydisk.sys 20480 bytes executable
c:\windows\system32\drivers\fltmgr.sys 129792 bytes executable
c:\windows\system32\drivers\fsbts.sys 26624 bytes executable
c:\windows\system32\drivers\fsvga.sys 12160 bytes executable
c:\windows\system32\drivers\fs_rec.sys 7936 bytes executable
c:\windows\system32\drivers\ftdisk.sys 125184 bytes executable
c:\windows\system32\drivers\gagp30kx.sys 46464 bytes executable
c:\windows\system32\drivers\gm.dls 3440660 bytes
c:\windows\system32\drivers\gmreadme.txt 646 bytes
c:\windows\system32\drivers\hamachi.sys 17480 bytes executable
c:\windows\system32\drivers\hdaudbus.sys 144384 bytes executable
c:\windows\system32\drivers\Hdaudio.sys 145920 bytes executable
c:\windows\system32\drivers\hidbth.sys 25600 bytes executable
c:\windows\system32\drivers\hidclass.sys 36864 bytes executable
c:\windows\system32\drivers\hidir.sys 19200 bytes executable
c:\windows\system32\drivers\hidparse.sys 24960 bytes executable
c:\windows\system32\drivers\hidusb.sys 10368 bytes executable
c:\windows\system32\drivers\hsfbs2s2.sys 220032 bytes executable
c:\windows\system32\drivers\hsfcxts2.sys 685056 bytes executable
c:\windows\system32\drivers\hsfdpsp2.sys 1041536 bytes executable
c:\windows\system32\drivers\http.sys 265728 bytes executable
c:\windows\system32\drivers\i8042prt.sys 52096 bytes executable
c:\windows\system32\drivers\imapi.sys 42112 bytes executable
c:\windows\system32\drivers\intelppm.sys 40192 bytes executable
c:\windows\system32\drivers\ip6fw.sys 36608 bytes executable
c:\windows\system32\drivers\mrxdav.sys 180608 bytes executable
c:\windows\system32\drivers\mrxsmb.sys 455296 bytes executable
c:\windows\system32\drivers\msfs.sys 19072 bytes executable
c:\windows\system32\drivers\msgpc.sys 35072 bytes executable
c:\windows\system32\drivers\mskssrv.sys 7552 bytes executable
c:\windows\system32\drivers\mspclock.sys 5376 bytes executable
c:\windows\system32\drivers\mspqm.sys 4992 bytes executable
c:\windows\system32\drivers\mssmbios.sys 15488 bytes executable
c:\windows\system32\drivers\mstee.sys 5504 bytes executable
c:\windows\system32\drivers\mtlmnt5.sys 126686 bytes executable
c:\windows\system32\drivers\mtlstrm.sys 1309184 bytes executable
c:\windows\system32\drivers\mtxparhm.sys 452736 bytes executable
c:\windows\system32\drivers\mup.sys 105344 bytes executable
c:\windows\system32\drivers\mutohpen.sys 12672 bytes executable
c:\windows\system32\drivers\nabtsfec.sys 85248 bytes executable
c:\windows\system32\drivers\ndis.sys 182656 bytes executable
c:\windows\system32\drivers\ndisip.sys 10880 bytes executable
c:\windows\system32\drivers\ndistapi.sys 10112 bytes executable
c:\windows\system32\drivers\ndisuio.sys 14592 bytes executable
c:\windows\system32\drivers\ndiswan.sys 91520 bytes executable
c:\windows\system32\drivers\ndproxy.sys 40576 bytes executable
c:\windows\system32\drivers\netbios.sys 34688 bytes executable
c:\windows\system32\drivers\netbt.sys 162816 bytes executable
c:\windows\system32\drivers\netwlan5.img 67866 bytes
c:\windows\system32\drivers\nic1394.sys 61824 bytes executable
c:\windows\system32\drivers\nikedrv.sys 12032 bytes executable
c:\windows\system32\drivers\nmnt.sys 40320 bytes executable
c:\windows\system32\drivers\npfs.sys 30848 bytes executable
c:\windows\system32\drivers\ntfs.sys 574976 bytes executable
c:\windows\system32\drivers\ntmtlfax.sys 180360 bytes executable
c:\windows\system32\drivers\null.sys 2944 bytes executable
c:\windows\system32\drivers\nv4_mini.sys 1897408 bytes executable
c:\windows\system32\drivers\nwlnkflt.sys 12416 bytes executable
c:\windows\system32\drivers\nwlnkfwd.sys 32512 bytes executable
c:\windows\system32\drivers\nwlnkipx.sys 88320 bytes executable
c:\windows\system32\drivers\cdrom.sys 62976 bytes executable
c:\windows\system32\drivers\ch7xxnt5.dll 15423 bytes executable
c:\windows\system32\drivers\cinemst2.sys 262528 bytes executable
c:\windows\system32\drivers\classpnp.sys 49536 bytes executable
c:\windows\system32\drivers\cmbatt.sys 13952 bytes executable
c:\windows\system32\drivers\compbatt.sys 10240 bytes executable
c:\windows\system32\drivers\cpqdap01.sys 11776 bytes executable
c:\windows\system32\drivers\crusoe.sys 40576 bytes executable
c:\windows\system32\drivers\cxthsfs2.cty 129045 bytes
c:\windows\system32\drivers\disdn
c:\windows\system32\drivers\disk.sys 36352 bytes executable
c:\windows\system32\drivers\diskdump.sys 14208 bytes executable
c:\windows\system32\drivers\dmboot.sys 800000 bytes executable
c:\windows\system32\drivers\dmio.sys 153856 bytes executable
c:\windows\system32\drivers\dmload.sys 5888 bytes executable
c:\windows\system32\drivers\dmusic.sys 52864 bytes executable
c:\windows\system32\drivers\drmk.sys 60160 bytes executable
c:\windows\system32\drivers\drmkaud.sys 2944 bytes executable
c:\windows\system32\drivers\dxapi.sys 10496 bytes executable
c:\windows\system32\drivers\dxg.sys 71168 bytes executable
c:\windows\system32\drivers\dxgthk.sys 3328 bytes executable
c:\windows\system32\drivers\enum1394.sys 6400 bytes executable
c:\windows\system32\drivers\rdbss.sys 175744 bytes executable
c:\windows\system32\drivers\rdpcdd.sys 4224 bytes executable
c:\windows\system32\drivers\rdpdr.sys 196224 bytes executable
c:\windows\system32\drivers\rdpwd.sys 139656 bytes executable
c:\windows\system32\drivers\recagent.sys 13776 bytes executable
c:\windows\system32\drivers\redbook.sys 58496 bytes executable
c:\windows\system32\drivers\rfcomm.sys 59136 bytes executable
c:\windows\system32\drivers\rio8drv.sys 12032 bytes executable
c:\windows\system32\drivers\riodrv.sys 12032 bytes executable
c:\windows\system32\drivers\rmcast.sys 203136 bytes executable
c:\windows\system32\drivers\rndismp.sys 30592 bytes executable
c:\windows\system32\drivers\rndismpx.sys 30592 bytes executable
c:\windows\system32\drivers\rootmdm.sys 5888 bytes executable
c:\windows\system32\drivers\rt73.sys 459520 bytes executable
c:\windows\system32\drivers\Rtenicxp.sys 78976 bytes executable
c:\windows\system32\drivers\RtkHDAud.Sys 4249088 bytes executable
c:\windows\system32\drivers\s3gnbm.sys 166912 bytes executable
c:\windows\system32\drivers\scdemu.sys 33292 bytes executable
c:\windows\system32\drivers\scsiport.sys 96384 bytes executable
c:\windows\system32\drivers\sdbus.sys 79232 bytes executable
c:\windows\system32\drivers\AmdK8.sys 42496 bytes executable
c:\windows\system32\drivers\ati1xsxx.sys 34735 bytes executable
c:\windows\system32\drivers\ativvpxx.vp 25600 bytes
c:\windows\system32\drivers\cdralw2k.sys 9464 bytes executable
c:\windows\system32\drivers\etc
c:\windows\system32\drivers\etc\hosts 27 bytes
c:\windows\system32\drivers\etc\hosts.20071003-191230.backup 737 bytes
c:\windows\system32\drivers\etc\hosts.20081105-195032.backup 186194 bytes
c:\windows\system32\drivers\etc\hosts.20081105-195137.backup 186715 bytes
c:\windows\system32\drivers\etc\hosts.20081105-195441.backup 186715 bytes
c:\windows\system32\drivers\etc\hosts.ics 443 bytes
c:\windows\system32\drivers\etc\hosts.idx 52 bytes
c:\windows\system32\drivers\etc\lmhosts.sam 3615 bytes
c:\windows\system32\drivers\etc\NetPcap.cfg 3464 bytes
c:\windows\system32\drivers\etc\networks 412 bytes
c:\windows\system32\drivers\etc\protocol 831 bytes
c:\windows\system32\drivers\etc\services 7137 bytes
c:\windows\system32\drivers\ipfltdrv.sys 32896 bytes executable
c:\windows\system32\drivers\mqac.sys 91776 bytes executable
c:\windows\system32\drivers\nwlnknb.sys 63232 bytes executable
c:\windows\system32\drivers\oprghdlr.sys 3456 bytes executable
c:\windows\system32\drivers\rawwan.sys 34432 bytes executable
c:\windows\system32\drivers\secdrv.sys 20480 bytes executable
c:\windows\system32\drivers\sptd.sys 639224 bytes executable
c:\windows\system32\drivers\usbd.sys 4736 bytes executable
c:\windows\system32\drivers\wadv09nt.sys 11871 bytes executable
c:\windows\system32\drivers\1394bus.sys 53376 bytes executable
c:\windows\system32\drivers\7187156.sys 315408 bytes executable
c:\windows\system32\drivers\71871561.sys 128016 bytes executable
c:\windows\system32\drivers\71871562.sys 37392 bytes executable
c:\windows\system32\drivers\aavmker4.sys 27408 bytes executable
c:\windows\system32\drivers\acpi.sys 188288 bytes executable
c:\windows\system32\drivers\acpiec.sys 11776 bytes executable
c:\windows\system32\drivers\adv01nt5.dll 4255 bytes executable
c:\windows\system32\drivers\adv02nt5.dll 3967 bytes executable
c:\windows\system32\drivers\adv05nt5.dll 3615 bytes executable
c:\windows\system32\drivers\adv07nt5.dll 3647 bytes executable
c:\windows\system32\drivers\adv08nt5.dll 3135 bytes executable
c:\windows\system32\drivers\adv09nt5.dll 3711 bytes executable
c:\windows\system32\drivers\adv11nt5.dll 3775 bytes executable
c:\windows\system32\drivers\aec.sys 142592 bytes executable
c:\windows\system32\drivers\AegisP.sys 21361 bytes executable
c:\windows\system32\drivers\afd.sys 138496 bytes executable
c:\windows\system32\drivers\agp440.sys 42368 bytes executable
c:\windows\system32\drivers\agpcpq.sys 44928 bytes executable
c:\windows\system32\drivers\AGRSM.sys 1145728 bytes executable
c:\windows\system32\drivers\alim1541.sys 42752 bytes executable
c:\windows\system32\drivers\amdagp.sys 43008 bytes executable
c:\windows\system32\drivers\amdk6.sys 41216 bytes executable
c:\windows\system32\drivers\amdk7.sys 41600 bytes executable
c:\windows\system32\drivers\ipinip.sys 20864 bytes executable
c:\windows\system32\drivers\ipnat.sys 152832 bytes executable
c:\windows\system32\drivers\ipsec.sys 75264 bytes executable
c:\windows\system32\drivers\irbus.sys 46592 bytes executable
c:\windows\system32\drivers\irenum.sys 11264 bytes executable
c:\windows\system32\drivers\isapnp.sys 37248 bytes executable
c:\windows\system32\drivers\kbdclass.sys 24576 bytes executable
c:\windows\system32\drivers\kbdhid.sys 14592 bytes executable
c:\windows\system32\drivers\kmixer.sys 172416 bytes executable
c:\windows\system32\drivers\ks.sys 141056 bytes executable
c:\windows\system32\drivers\ksecdd.sys 92928 bytes executable
c:\windows\system32\drivers\Lbd.sys 64160 bytes executable
c:\windows\system32\drivers\mbam.sys 19160 bytes executable
c:\windows\system32\drivers\mbamswissarmy.sys 38224 bytes executable
c:\windows\system32\drivers\mcd.sys 7680 bytes executable
c:\windows\system32\drivers\mdmxsdk.sys 11868 bytes executable
c:\windows\system32\drivers\mf.sys 63744 bytes executable
c:\windows\system32\drivers\MGHwCtrl.sys 20128 bytes executable
c:\windows\system32\drivers\mnmdd.sys 4224 bytes executable
c:\windows\system32\drivers\mod7700.sys 621056 bytes executable
c:\windows\system32\drivers\modem.sys 30080 bytes executable
c:\windows\system32\drivers\mouclass.sys 23040 bytes executable
c:\windows\system32\drivers\mouhid.sys 12160 bytes executable
c:\windows\system32\drivers\mountmgr.sys 42368 bytes executable
c:\windows\system32\drivers\p3.sys 46592 bytes executable
c:\windows\system32\drivers\parport.sys 80000 bytes executable
c:\windows\system32\drivers\partmgr.sys 19712 bytes executable
c:\windows\system32\drivers\parvdm.sys 6784 bytes executable
c:\windows\system32\drivers\pci.sys 68736 bytes executable
c:\windows\system32\drivers\pciide.sys 3328 bytes executable
c:\windows\system32\drivers\pciidex.sys 24960 bytes executable
c:\windows\system32\drivers\pcmcia.sys 120064 bytes executable
c:\windows\system32\drivers\pcouffin.sys 47360 bytes executable
c:\windows\system32\drivers\portcls.sys 146048 bytes executable
c:\windows\system32\drivers\processr.sys 39680 bytes executable
c:\windows\system32\drivers\psched.sys 69120 bytes executable
c:\windows\system32\drivers\ptilink.sys 17792 bytes executable
c:\windows\system32\drivers\PxHelp20.sys 43528 bytes executable
c:\windows\system32\drivers\rasacd.sys 8832 bytes executable
c:\windows\system32\drivers\rasl2tp.sys 51328 bytes executable
c:\windows\system32\drivers\raspppoe.sys 41472 bytes executable
c:\windows\system32\drivers\raspptp.sys 48384 bytes executable
c:\windows\system32\drivers\raspti.sys 16512 bytes executable
c:\windows\system32\drivers\serenum.sys 15744 bytes executable
c:\windows\system32\drivers\serial.sys 64256 bytes executable
c:\windows\system32\drivers\sfdrv01.sys 50688 bytes executable
c:\windows\system32\drivers\sffdisk.sys 11904 bytes executable
c:\windows\system32\drivers\sffp_mmc.sys 10240 bytes executable
c:\windows\system32\drivers\sffp_sd.sys 11008 bytes executable
c:\windows\system32\drivers\sfhlp02.sys 6656 bytes executable
c:\windows\system32\drivers\sfloppy.sys 11392 bytes executable
c:\windows\system32\drivers\siint5.dll 3901 bytes executable
c:\windows\system32\drivers\sisagp.sys 40960 bytes executable
c:\windows\system32\drivers\slip.sys 11136 bytes executable
c:\windows\system32\drivers\slnt7554.sys 129535 bytes executable
c:\windows\system32\drivers\slntamr.sys 404990 bytes executable
c:\windows\system32\drivers\slnthal.sys 95424 bytes executable
c:\windows\system32\drivers\slwdmsup.sys 13240 bytes executable
c:\windows\system32\drivers\smbali.sys 5888 bytes executable
c:\windows\system32\drivers\smclib.sys 14592 bytes executable
c:\windows\system32\drivers\sncamd.sys 24448 bytes executable
c:\windows\system32\drivers\snp2sxp.sys 8807424 bytes executable
c:\windows\system32\drivers\sonydcam.sys 25344 bytes executable
c:\windows\system32\drivers\splitter.sys 6272 bytes executable
c:\windows\system32\drivers\usbehci.sys 30208 bytes executable
c:\windows\system32\drivers\usbhub.sys 59520 bytes executable
c:\windows\system32\drivers\usbintel.sys 15872 bytes executable
c:\windows\system32\drivers\usbohci.sys 17152 bytes executable
c:\windows\system32\drivers\usbport.sys 143872 bytes executable
c:\windows\system32\drivers\usbprint.sys 25856 bytes executable
c:\windows\system32\drivers\usbscan.sys 15104 bytes executable
c:\windows\system32\drivers\usbstor.sys 26368 bytes executable
c:\windows\system32\drivers\usbvideo.sys 121984 bytes executable
c:\windows\system32\drivers\vchnt5.dll 11325 bytes executable
c:\windows\system32\drivers\vdmindvd.sys 58112 bytes executable
c:\windows\system32\drivers\vga.sys 20992 bytes executable
c:\windows\system32\drivers\viaagp.sys 42240 bytes executable
c:\windows\system32\drivers\videoprt.sys 81664 bytes executable
c:\windows\system32\drivers\volsnap.sys 52480 bytes executable
c:\windows\system32\drivers\wacompen.sys 14208 bytes executable
c:\windows\system32\drivers\wadv07nt.sys 11807 bytes executable
c:\windows\system32\drivers\wadv08nt.sys 11295 bytes executable
c:\windows\system32\drivers\atmarpc.sys 59904 bytes executable
c:\windows\system32\drivers\atmepvc.sys 31360 bytes executable
c:\windows\system32\drivers\atmlane.sys 55808 bytes executable
c:\windows\system32\drivers\atmuni.sys 352256 bytes executable
c:\windows\system32\drivers\atv01nt5.dll 21183 bytes executable
c:\windows\system32\drivers\atv02nt5.dll 11359 bytes executable
c:\windows\system32\drivers\atv04nt5.dll 25471 bytes executable
c:\windows\system32\drivers\atv06nt5.dll 14143 bytes executable
c:\windows\system32\drivers\atv10nt5.dll 17279 bytes executable
c:\windows\system32\drivers\audstub.sys 3072 bytes executable
c:\windows\system32\drivers\battc.sys 14208 bytes executable
c:\windows\system32\drivers\beep.sys 4224 bytes executable
c:\windows\system32\drivers\bridge.sys 71552 bytes executable
c:\windows\system32\drivers\bthenum.sys 17024 bytes executable
c:\windows\system32\drivers\bthmodem.sys 37888 bytes executable
c:\windows\system32\drivers\bthpan.sys 101120 bytes executable
c:\windows\system32\drivers\bthport.sys 272128 bytes executable
c:\windows\system32\drivers\bthprint.sys 36480 bytes executable
c:\windows\system32\drivers\bthusb.sys 18944 bytes executable
c:\windows\system32\drivers\cbidf2k.sys 13952 bytes executable
c:\windows\system32\drivers\ccdecode.sys 17024 bytes executable
c:\windows\system32\drivers\cdaudio.sys 18688 bytes executable
c:\windows\system32\drivers\cdfs.sys 63744 bytes executable
c:\windows\system32\drivers\cdr4_xp.sys 9336 bytes executable
c:\windows\system32\drivers\nwlnkspx.sys 55936 bytes executable
c:\windows\system32\drivers\nwrdr.sys 163584 bytes executable
c:\windows\system32\drivers\O2MDDISK.CAT 7537 bytes
c:\windows\system32\drivers\O2MDDISK.INF 886 bytes
c:\windows\system32\drivers\O2MEDIA.CAT 7960 bytes
c:\windows\system32\drivers\O2MEDIA.INF 1705 bytes
c:\windows\system32\drivers\o2media.sys 34880 bytes executable
c:\windows\system32\drivers\O2MWXP.CAT 8655 bytes
c:\windows\system32\drivers\O2MWXP.INF 4286 bytes
c:\windows\system32\drivers\O2SD.CAT 7948 bytes
c:\windows\system32\drivers\O2SD.INF 1683 bytes
c:\windows\system32\drivers\o2sd.sys 29056 bytes executable
c:\windows\system32\drivers\O2SDDISK.CAT 7537 bytes
c:\windows\system32\drivers\O2SDDISK.INF 874 bytes
c:\windows\system32\drivers\OADriver.sys 200784 bytes executable
c:\windows\system32\drivers\OAmon.sys 24656 bytes executable
c:\windows\system32\drivers\oanet.sys 29776 bytes executable
c:\windows\system32\drivers\ohci1394.sys 61696 bytes executable
c:\windows\system32\drivers\arp1394.sys 60800 bytes executable
c:\windows\system32\drivers\aswFsBlk.sys 20560 bytes executable
c:\windows\system32\drivers\aswmon.sys 93424 bytes executable
c:\windows\system32\drivers\aswmon2.sys 94160 bytes executable
c:\windows\system32\drivers\aswRdr.sys 23120 bytes executable
c:\windows\system32\drivers\aswSP.sys 114768 bytes executable
c:\windows\system32\drivers\aswTdi.sys 48560 bytes executable
c:\windows\system32\drivers\asyncmac.sys 14336 bytes executable
c:\windows\system32\drivers\atapi.sys 96512 bytes executable
c:\windows\system32\drivers\ati1btxx.sys 56623 bytes executable
c:\windows\system32\drivers\ati1mdxx.sys 11615 bytes executable
c:\windows\system32\drivers\ati1pdxx.sys 12047 bytes executable
c:\windows\system32\drivers\ati1raxx.sys 30671 bytes executable
c:\windows\system32\drivers\ati1rvxx.sys 63663 bytes executable
c:\windows\system32\drivers\ati1snxx.sys 26367 bytes executable
c:\windows\system32\drivers\ati1ttxx.sys 21343 bytes executable
c:\windows\system32\drivers\ati1tuxx.sys 36463 bytes executable
c:\windows\system32\drivers\ati1xbxx.sys 29455 bytes executable
c:\windows\system32\drivers\wadv11nt.sys 11935 bytes executable
c:\windows\system32\drivers\wanarp.sys 34560 bytes executable
c:\windows\system32\drivers\watv06nt.sys 22271 bytes executable
c:\windows\system32\drivers\watv10nt.sys 25471 bytes executable
c:\windows\system32\drivers\wceusbsh.sys 104576 bytes executable
c:\windows\system32\drivers\wdmaud.sys 83072 bytes executable
c:\windows\system32\drivers\wmilib.sys 4352 bytes executable
c:\windows\system32\drivers\wpdusb.sys 38528 bytes executable
c:\windows\system32\drivers\ws2ifsl.sys 12032 bytes executable
c:\windows\system32\drivers\wstcodec.sys 19200 bytes executable
c:\windows\system32\drivers\WudfPf.sys 77568 bytes executable
c:\windows\system32\drivers\WudfRd.sys 82944 bytes executable
c:\windows\system32\drivers\_004470_.tmp.dll 71040 bytes executable
c:\windows\system32\drivers\ati2erec.dll 40960 bytes executable
c:\windows\system32\drivers\ati2mtaa.sys 326912 bytes executable
c:\windows\system32\drivers\ati2mtag.sys 1421312 bytes executable
c:\windows\system32\drivers\atinbtxx.sys 57856 bytes executable
c:\windows\system32\drivers\atinmdxx.sys 13824 bytes executable
c:\windows\system32\drivers\atinpdxx.sys 14336 bytes executable
c:\windows\system32\drivers\atinraxx.sys 52224 bytes executable
c:\windows\system32\drivers\atinrvxx.sys 104960 bytes executable
c:\windows\system32\drivers\atinsnxx.sys 28672 bytes executable
c:\windows\system32\drivers\atinttxx.sys 13824 bytes executable
c:\windows\system32\drivers\atintuxx.sys 73216 bytes executable
c:\windows\system32\drivers\atinxbxx.sys 31744 bytes executable
c:\windows\system32\drivers\atinxsxx.sys 63488 bytes executable
c:\windows\system32\drivers\ativcaxx.cpa 1114674 bytes
c:\windows\system32\drivers\ativcaxx.vp 929 bytes
c:\windows\system32\drivers\ativckxx.vp 58560 bytes
c:\windows\system32\drivers\ativmc20.cod 64352 bytes
c:\windows\system32\wbem\wmipicmp.mfl 14284 bytes
c:\windows\system32\wbem\wmipicmp.mof 19356 bytes
c:\windows\system32\wbem\wmipiprt.dll 61952 bytes executable
c:\windows\system32\wbem\wmipiprt.mfl 16662 bytes
c:\windows\system32\wbem\wmipiprt.mof 23692 bytes
c:\windows\system32\wbem\wmipjobj.dll 62464 bytes executable
c:\windows\system32\wbem\wmipjobj.mfl 43978 bytes
c:\windows\system32\wbem\wmipjobj.mof 61208 bytes
c:\windows\system32\wbem\wmiprov.dll 144896 bytes executable
c:\windows\system32\wbem\wmiprvsd.dll 453120 bytes executable
c:\windows\system32\wbem\wmiprvse.exe 227840 bytes executablec:\windows\system32\wbem\wmipsess.dll 41472 bytes executable
c:\windows\system32\wbem\wmipsess.mfl 9004 bytes
c:\windows\system32\wbem\wmipsess.mof 13880 bytes
c:\windows\system32\wbem\wmisvc.dll 144896 bytes executable
c:\windows\system32\wbem\wmitimep.dll 52224 bytes executable
c:\windows\system32\wbem\wmitimep.mfl 4014 bytes
c:\windows\system32\wbem\wmitimep.mof 6494 bytes
c:\windows\system32\wbem\wmiutils.dll 96768 bytes executable
c:\windows\system32\wbem\wscenter.mof 2460 bytes
c:\windows\system32\wbem\xml
c:\windows\system32\wbem\xml\cim20.dtd 9018 bytes
c:\windows\system32\wbem\xml\wmi20.dtd 12356 bytes
c:\windows\system32\wbem\xml\wmi2xml.dll 45568 bytes executable
c:\windows\system32\wbem\xml.xsl 1743 bytes
c:\windows\system32\wbem\xsl-mappings.xml 2870 bytes
c:\windows\system32\wbem\esscli.dll 247808 bytes executable
c:\windows\system32\wbem\evntrprv.dll 21504 bytes executable
c:\windows\system32\wbem\evntrprv.mof 10742 bytes
c:\windows\system32\wbem\fastprox.dll 473600 bytes executable
c:\windows\system32\wbem\fconprov.mfl 5896 bytes
c:\windows\system32\wbem\fconprov.mof 8790 bytes
c:\windows\system32\wbem\fevprov.mfl 3248 bytes
c:\windows\system32\wbem\fevprov.mof 4392 bytes
c:\windows\system32\wbem\framedyn.dll 185344 bytes executable
c:\windows\system32\wbem\fwdprov.dll 53248 bytes executable
c:\windows\system32\wbem\hform.xsl 4930 bytes
c:\windows\system32\wbem\hnetcfg.mof 16810 bytes
c:\windows\system32\wbem\htable-sortby.xsl 2855 bytes
c:\windows\system32\wbem\htable.xsl 4588 bytes
c:\windows\system32\wbem\ieinfo5.mof 43078 bytes
c:\windows\system32\wbem\krnlprov.dll 24576 bytes executable
c:\windows\system32\wbem\krnlprov.mfl 8454 bytes
c:\windows\system32\wbem\krnlprov.mof 12712 bytes
c:\windows\system32\wbem\licwmi.mfl 10350 bytes
c:\windows\system32\wbem\licwmi.mof 15586 bytes
c:\windows\system32\wbem\Logs
c:\windows\system32\wbem\Logs\FrameWork.log 1028 bytes
c:\windows\system32\wbem\Logs\NTEVT.log 2 bytes
c:\windows\system32\wbem\Logs\wbemcore.log 12480 bytes
c:\windows\system32\wbem\Logs\wbemess.log 49577 bytes
c:\windows\system32\wbem\Logs\wbemprox.log 510 bytes
c:\windows\system32\wbem\Logs\WBEMSNMP.log 2 bytes
c:\windows\system32\wbem\Logs\wmiprov.log 1032 bytes
c:\windows\system32\wbem\repdrvfs.dll 178176 bytes executable
c:\windows\system32\wbem\Repository
c:\windows\system32\wbem\Repository\$WinMgmt.CFG 20 bytes
c:\windows\system32\wbem\Repository\FS
c:\windows\system32\wbem\Repository\FS\INDEX.BTR 1589248 bytes
c:\windows\system32\wbem\Repository\FS\INDEX.MAP 820 bytes
c:\windows\system32\wbem\Repository\FS\MAPPING.VER 4 bytes
c:\windows\system32\wbem\Repository\FS\MAPPING1.MAP 12724 bytes
c:\windows\system32\wbem\Repository\FS\MAPPING2.MAP 12724 bytes
c:\windows\system32\wbem\Repository\FS\OBJECTS.DATA 24371200 bytes
c:\windows\system32\wbem\Repository\FS\OBJECTS.MAP 11924 bytes
c:\windows\system32\wbem\rsop.mfl 294190 bytes
c:\windows\system32\wbem\rsop.mof 88644 bytes
c:\windows\system32\wbem\scersop.mof 8716 bytes
c:\windows\system32\wbem\scm.mof 32676 bytes
c:\windows\system32\wbem\scrcons.exe 36352 bytes executable
c:\windows\system32\wbem\scrcons.mfl 3432 bytes
c:\windows\system32\wbem\scrcons.mof 5728 bytes
c:\windows\system32\wbem\secrcw32.mfl 33290 bytes
c:\windows\system32\wbem\wbemcntl.dll 198144 bytes executable
c:\windows\system32\wbem\wbemcomn.dll 214528 bytes executable
c:\windows\system32\wbem\wbemcons.dll 71680 bytes executable
c:\windows\system32\wbem\wbemcons.mfl 12862 bytes
c:\windows\system32\wbem\wbemcons.mof 18004 bytes
c:\windows\system32\wbem\wbemcore.dll 531456 bytes executable
c:\windows\system32\wbem\wbemdisp.dll 178176 bytes executable
c:\windows\system32\wbem\wbemdisp.tlb 59904 bytes executable
c:\windows\system32\wbem\wbemess.dll 273920 bytes executable
c:\windows\system32\wbem\wbemperf.dll 42496 bytes executable
c:\windows\system32\wbem\wbemprox.dll 18944 bytes executable
c:\windows\system32\wbem\wbemsvc.dll 43520 bytes executable
c:\windows\system32\wbem\wbemtest.exe 117760 bytes executable
c:\windows\system32\wbem\wbemupgd.dll 197120 bytes executable
c:\windows\system32\wbem\whqlprov.mof 19266 bytes
c:\windows\system32\wbem\winmgmt.exe 13824 bytes executable
c:\windows\system32\wbem\winmgmtr.dll 16896 bytes executable
c:\windows\system32\wbem\wmi.mfl 4498 bytes
c:\windows\system32\wbem\AutoRecover
c:\windows\system32\wbem\AutoRecover\D724DF13E0B0DF051EB5D403DD8EF2FC.mof 294288 bytes
c:\windows\system32\wbem\AutoRecover\D92470B796B6B18F9EE52301857F0567.mof 4092 bytes
c:\windows\system32\wbem\AutoRecover\DBD781C2C031C708BCB490F228E7BEF9.mof 8560 bytes
c:\windows\system32\wbem\AutoRecover\DC999686F8B85B326CEDFA199DD07F72.mof 165526 bytes
c:\windows\system32\wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof 42152 bytes
c:\windows\system32\wbem\AutoRecover\DFD614E4D613EF4506AC8F525F5F514B.mof 21220 bytes
c:\windows\system32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof 10784 bytes
c:\windows\system32\wbem\AutoRecover\E441354B9FE5F63362A481C9B9195A73.mof 10848 bytes
c:\windows\system32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof 58852 bytes
c:\windows\system32\wbem\AutoRecover\EDBF963FB003D0670AA9C2219BD091FB.mof 6600 bytes
c:\windows\system32\wbem\AutoRecover\FAAD7D567E76CAB10704AFD7C0488F23.mof 61314 bytes
c:\windows\system32\wbem\AutoRecover\79E817BC978E2D450EB9E3794DFDA6CF.mof 15688 bytes
c:\windows\system32\wbem\AutoRecover\7A62FA52E22CE751514BC93BE067BC80.mof 4594 bytes
c:\windows\system32\wbem\AutoRecover\7BDE76979585395D59B5DA1D62E63C50.mof 25566 bytes
c:\windows\system32\wbem\AutoRecover\7E27EAAD25AA36FEADFF502991DFC5C1.mof 167174 bytes
c:\windows\system32\wbem\AutoRecover\7F417E1A6D819A9B2FEB55DA6858EA0A.mof 1394 bytes
c:\windows\system32\wbem\AutoRecover\852ECCDBABE77624586E4417FE66F857.mof 4120 bytes
c:\windows\system32\wbem\AutoRecover\8636DC7F9479DACE6778109CB4FB4B01.mof 12818 bytes
c:\windows\system32\wbem\AutoRecover\88744D2A29102FC88ECF505DD2E984FC.mof 29386 bytes
c:\windows\system32\wbem\AutoRecover\903E49C444C46FEF5F2C3A189C9CEF71.mof 8102 bytes
c:\windows\system32\wbem\AutoRecover\958A50DFF8A9DF5FAEA042AC9F60815F.mof 11468 bytes
c:\windows\system32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof 2566 bytes
c:\windows\system32\wbem\AutoRecover\02E78424AB18BDBFA706C08B7D7B9F1D.mof 33396 bytes
c:\windows\system32\wbem\AutoRecover\092389D621F5A8834203DAAC74CCA279.mof 23798 bytes
c:\windows\system32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof 130456 bytes
c:\windows\system32\wbem\AutoRecover\1E97A05DE566CF6EEAE29D0634E27392.mof 7694 bytes
c:\windows\system32\wbem\AutoRecover\1EBE968EB7AF815A32641E6185350A9E.mof 107496 bytes
c:\windows\system32\wbem\AutoRecover\20D2C3B8CE10B96CE6B8A3C241EF4416.mof 3352 bytes
c:\windows\system32\wbem\AutoRecover\23BDE61F1F4FACE17E9B0C01F2A1FD9B.mof 32000 bytes
c:\windows\system32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof 2775948 bytes
c:\windows\system32\wbem\AutoRecover\26D6C4EB696DD0C83F5D5BF2235000A7.mof 10452 bytes
c:\windows\system32\wbem\AutoRecover\A99860BB696AE92ED001E48B014365CE.mof 14390 bytes
c:\windows\system32\wbem\AutoRecover\ABB70D53B97FC8002205F77E02C97304.mof 8664 bytes
c:\windows\system32\wbem\AutoRecover\AE7023598F41510BF261111652046301.mof 19462 bytes
c:\windows\system32\wbem\AutoRecover\AEA50E449C23761CA4D9B7F9ED0D9C89.mof 9110 bytes
c:\windows\system32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof 32772 bytes
c:\windows\system32\wbem\AutoRecover\C3A0BE17B37ACE48BE78B31580231AE9.mof 88742 bytes
c:\windows\system32\wbem\AutoRecover\C6300BFE37ADE6B52EC023F66124985F.mof 99856 bytes
c:\windows\system32\wbem\AutoRecover\C81ACF420917AA0F87487BC4D958BEB4.mof 18500 bytes
c:\windows\system32\wbem\AutoRecover\C8463ECBE33BC240263A0B094E46D510.mof 2570652 bytes
c:\windows\system32\wbem\AutoRecover\C92641594A6F2DA8A55FE4738AFDA539.mof 28022 bytes
c:\windows\system32\wbem\AutoRecover\CA0106054EB09C302ED3E0669F99D021.mof 38840 bytes
c:\windows\system32\wbem\AutoRecover\2A61A823DC2C1C838EE71C4351BED0B4.mof 16768 bytes
c:\windows\system32\wbem\AutoRecover\3EC317800FF508210BB945C81C0EACE7.mof 1987264 bytes
c:\windows\system32\wbem\AutoRecover\731AE1FC8C795979F40FAD645FFBAEB1.mof 43182 bytes
c:\windows\system32\wbem\AutoRecover\A7575F8DE31A912FFE91A7A41B1E382A.mof 46478 bytes
c:\windows\system32\wbem\AutoRecover\CFC35B349D24A8495FD2CEAB15C32D88.mof 4496 bytes
c:\windows\system32\wbem\AutoRecover\42355E8E232EF8CADD187D531DEC55DD.mof 13986 bytes
c:\windows\system32\wbem\AutoRecover\42C894EEACAD83A4E41154685841B3E1.mof 16914 bytes
c:\windows\system32\wbem\AutoRecover\4D89333771FD4AF4E1A113F1D464674C.mof 15792 bytes
c:\windows\system32\wbem\AutoRecover\608B41C6A2CD9460C2263E6CD80C335A.mof 19372 bytes
c:\windows\system32\wbem\AutoRecover\60A06765DDFE47EF7240BD9C1EB29EFE.mof 5110 bytes
c:\windows\system32\wbem\AutoRecover\6B38F33147D0369D5038BBB61C7A31C8.mof 107982 bytes
c:\windows\system32\wbem\AutoRecover\6FFF7467A5B40765D5740A413CA8BB8A.mof 8820 bytes
c:\windows\system32\wbem\AutoRecover\701B705ED7DF100F88D5BC4A595E938D.mof 58940 bytes
c:\windows\system32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof 127988 bytes
c:\windows\system32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof 41508 bytes
c:\windows\system32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof 2376 bytes
c:\windows\system32\wbem\AutoRecover\2C142C4C15E3B8D139B98154CD083071.mof 13448 bytes
c:\windows\system32\wbem\AutoRecover\2CE64FBD51953C097BB5470043A6DAF9.mof 44084 bytes
c:\windows\system32\wbem\AutoRecover\2CFB5B149FA396D1AEA5F89B1C5A8D81.mof 12256 bytes
c:\windows\system32\wbem\AutoRecover\2DA80135BA8EC175C9B1C1598F659434.mof 3182 bytes
c:\windows\system32\wbem\AutoRecover\37134956F76D3C30C9BE0C12571CAF43.mof 29862 bytes
c:\windows\system32\wbem\cimwin32.dll 1359360 bytes executable
c:\windows\system32\wbem\cimwin32.mfl 1988244 bytes
c:\windows\system32\wbem\cimwin32.mof 2775842 bytes
c:\windows\system32\wbem\cli.mof 29290 bytes
c:\windows\system32\wbem\cliegaliases.mfl 31886 bytes
c:\windows\system32\wbem\cliegaliases.mof 2570538 bytes
c:\windows\system32\wbem\cmdevtgprov.dll 45056 bytes executable
c:\windows\system32\wbem\cmdevtgprov.mof 4148 bytes
c:\windows\system32\wbem\csv.xsl 2503 bytes
c:\windows\system32\wbem\dgnet.mof 3082 bytes
c:\windows\system32\wbem\dsprov.dll 120320 bytes executable
c:\windows\system32\wbem\dsprov.mfl 11366 bytes
c:\windows\system32\wbem\dsprov.mof 18398 bytes
c:\windows\system32\wbem\mof
c:\windows\system32\wbem\mof\bad
c:\windows\system32\wbem\mof\good
c:\windows\system32\wbem\mof\good\MSIOff9.mof 39167 bytes
c:\windows\system32\wbem\regevent.mof 46372 bytes
c:\windows\system32\wbem\secrcw32.mof 58746 bytes
c:\windows\system32\wbem\textvaluelist.xsl 2766 bytes
c:\windows\system32\wbem\wbemads.tlb 31232 bytes executable
c:\windows\system32\wbem\wmi.mof 10688 bytes
c:\windows\system32\wbem\wmipicmp.dll 76288 bytes executable
c:\windows\system32\wbem\mof.xsl 9261 bytes
c:\windows\system32\wbem\mofcomp.exe 16896 bytes executable
c:\windows\system32\wbem\mofd.dll 124416 bytes executable
c:\windows\system32\wbem\msi.mfl 107886 bytes
c:\windows\system32\wbem\msi.mof 165430 bytes
c:\windows\system32\wbem\msiprov.dll 273920 bytes executable
c:\windows\system32\wbem\napclientprov.mof 638 bytes
c:\windows\system32\wbem\napclientschema.mof 3990 bytes
c:\windows\system32\wbem\ncprov.dll 47104 bytes executable
c:\windows\system32\wbem\ncprov.mfl 626 bytes
c:\windows\system32\wbem\ncprov.mof 2880 bytes
c:\windows\system32\wbem\ntevt.dll 212992 bytes executable
c:\windows\system32\wbem\ntevt.mfl 21120 bytes
c:\windows\system32\wbem\ntevt.mof 29762 bytes
c:\windows\system32\wbem\Performance
c:\windows\system32\wbem\Performance\WmiApRpl.h 738 bytes
c:\windows\system32\wbem\Performance\WmiApRpl.ini 6290 bytes
c:\windows\system32\wbem\policman.dll 92672 bytes executable
c:\windows\system32\wbem\policman.mfl 5004 bytes
c:\windows\system32\wbem\policman.mof 12150 bytes
c:\windows\system32\wbem\provthrd.dll 237056 bytes executable
c:\windows\system32\wbem\rawxml.xsl 623 bytes
c:\windows\system32\wbem\regevent.mfl 38734 bytes
c:\windows\system32\wbem\tmplprov.dll 61952 bytes executable
c:\windows\system32\wbem\tmplprov.mfl 7664 bytes
c:\windows\system32\wbem\tmplprov.mof 12144 bytes
c:\windows\system32\wbem\trnsprov.dll 59904 bytes executable
c:\windows\system32\wbem\trnsprov.mfl 2040 bytes
c:\windows\system32\wbem\trnsprov.mof 4998 bytes
c:\windows\system32\wbem\tscfgwmi.mfl 58834 bytes
c:\windows\system32\wbem\tscfgwmi.mof 99750 bytes
c:\windows\system32\wbem\unsecapp.exe 16896 bytes executable
c:\windows\system32\wbem\updprov.dll 116224 bytes executable
c:\windows\system32\wbem\updprov.mfl 12776 bytes
c:\windows\system32\wbem\updprov.mof 20720 bytes
c:\windows\system32\wbem\viewprov.dll 131584 bytes executable
c:\windows\system32\wbem\wbemads.dll 12288 bytes executable
c:\windows\system32\wbem\wmiadap.exe 196608 bytes executable
c:\windows\system32\wbem\wmiapres.dll 6656 bytes executable
c:\windows\system32\wbem\wmiaprpl.dll 88576 bytes executable
c:\windows\system32\wbem\wmiapsrv.exe 126464 bytes executable
c:\windows\system32\wbem\wmic.exe 361472 bytes executable
c:\windows\system32\wbem\wmiclimofformat.xsl 9442 bytes
c:\windows\system32\wbem\wmiclitableformat.xsl 3247 bytes
c:\windows\system32\wbem\wmiclitableformatnosys.xsl 3921 bytes
c:\windows\system32\wbem\wmiclivalueformat.xsl 485 bytes
c:\windows\system32\wbem\wmicookr.dll 60928 bytes executable
c:\windows\system32\wbem\wmidcprv.dll 140800 bytes executable
c:\windows\system32\wbem\wmimsg.dll 61440 bytes executable
c:\windows\system32\wbem\wmipcima.dll 156672 bytes executable
c:\windows\system32\wbem\wmipcima.mfl 27916 bytes
c:\windows\system32\wbem\wmipcima.mof 41402 bytes
c:\windows\system32\wbem\wmipdskq.dll 132096 bytes executable
c:\windows\system32\wbem\wmipdskq.mfl 8558 bytes
c:\windows\system32\wbem\wmipdskq.mof 13342 bytes
c:\windows\system32\wbem\smtpcons.dll 40960 bytes executable
c:\windows\system32\wbem\smtpcons.mfl 2758 bytes
c:\windows\system32\wbem\smtpcons.mof 4100 bytes
c:\windows\system32\wbem\snmp
c:\windows\system32\wbem\sr.mof 7600 bytes
c:\windows\system32\wbem\stdprov.dll 86528 bytes executable
c:\windows\system32\wbem\subscrpt.mof 4458 bytes
c:\windows\system32\wbem\system.mof 127370 bytes
c:\windows\system32\wbem\texttable.xsl 6000 bytes
c:\windows\system32\wbem\texttablewsys.xsl 3247 bytes
C:\Documents and Settings
C:\Program Files
C:\aaw7boot.log 2220 bytes
C:\ASLog.txt 28900 bytes
C:\autorun.inf
C:\Boot.bak 211 bytes
C:\boot.ini 281 bytes
C:\Bootfont.bin 4952 bytes
C:\c17247ce1158ca76e21e
C:\cmdcons
C:\cmldr 261312 bytes
C:\ComboFix
C:\CONFIG.SYS 0 bytes
C:\deviceInfo.txt 8925 bytes
C:\Downloads
C:\Faktury
C:\GAMEs
C:\Garmin
C:\hiberfil.sys 1073139712 bytes
C:\HijackThis
C:\invisiblewar
C:\IO.SYS 0 bytes
C:\MSDOS.SYS 0 bytes
C:\MSOCache
C:\MyWorks
C:\NTDETECT.COM 47564 bytes
C:\ntldr 250576 bytes
C:\output
C:\pagefile.sys 1610612736 bytes
C:\Qoobox
C:\Red Dwarf
C:\Securiti windows
C:\TCleanerOdstraneníistícíchUtilitzPC
C:\Temp
C:\tmp
C:\totalcmd
C:\treeinfo.wc 213103 bytes
C:\UsbFix
C:\UsbFix.txt 111 bytes
C:\WINDOWS
C:\WinXMp4

sken byl úspešně dokončen
skryté soubory: 1065

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-507921405-706699826-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:29,6e,22,45,a7,0c,3c,94,8d,ed,49,35,f2,ae,94,4d,3f,bc,ff,0a,a8,a6,f4,
1a,8d,e2,19,f5,0c,85,79,8f,5a,34,f5,5e,1c,16,4d,21,82,f0,28,ed,23,e5,26,d2,\
"??"=hex:33,11,23,de,0b,d9,1f,29,a6,ce,2a,8b,3d,1b,54,1f
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(428)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1928)
c:\program files\Tall Emu\Online Armor\OAwatch.dll
c:\program files\matrjoska spliter\MatroskaSplitter\mmfinfo.dll
c:\program files\matrjoska spliter\MatroskaSplitter\mkunicode.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-12-29 13:32:58
ComboFix-quarantined-files.txt 2009-12-29 12:32

Před spuštěním: 8 524 742 656
Po spuštění: 8 493 993 984

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 986542ECC410E4544B485BB8AE918D6E

meteorolog
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 308
Registrován: 07 led 2007 15:20
Bydliště: Pardubice

Re: Prosím o kontrolu logu

#5 Příspěvek od meteorolog »

odinstalujte Online Armor Firewall

tyto soubory otestujte na www.virustotal.com a vložte sem odkazy na výsledky:
c:\windows\system32\drivers\71871562.sys
c:\windows\system32\drivers\7187156.sys
c:\windows\system32\drivers\71871561.sys
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."

"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)

rewer
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 09 říj 2009 09:14

Re: Prosím o kontrolu logu

#6 Příspěvek od rewer »

Online Armor jsem v průběhu kontroly vypnul , nebyl jsem si jistý jestli úplně odinstalovat a nahradit jiným .

odkaz: analisis/a3f8d9139142391d5f68aeb75a501243852a487f084f5aa75c03eb173d2b8935-1261861225
odkaz: analisis/16b77fb533986ca6119f1307e52a4d0b863043c3fee572df20c0bc0115cf68d8-1261956849
odkaz: analisis/d30daffafc29919c891c8952fc27890d735e4368c706ef452aa86b8b05cd7884-1261956820

meteorolog
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 308
Registrován: 07 led 2007 15:20
Bydliště: Pardubice

Re: Prosím o kontrolu logu

#7 Příspěvek od meteorolog »

sice jste svoje soubory neotestoval, ale nevadí, jsou v pořádku

Online Armor doporučuji úplně odinstalovat a nahradit spolehlivějším firewallem - např Zone Alarmem :)

na odinstalaci Online Armoru použijte Revo Uninstaller - http://www.studna.cz/8117/systemove-nas ... installer/ potom restartujte PC a pošlete nový log z Combofix
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."

"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)

rewer
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 09 říj 2009 09:14

Re: Prosím o kontrolu logu

#8 Příspěvek od rewer »

ComboFix 09-12-28.05 - radim 29.12.2009 22:07:33.8.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.616 [GMT 1:00]
Spuštěný z: c:\documents and settings\radim\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091229-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-11-28 do 2009-12-29 )))))))))))))))))))))))))))))))
.

2009-12-29 20:44 . 2009-11-22 14:42 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-12-29 20:44 . 2009-11-22 14:42 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-12-29 20:44 . 2009-11-22 14:42 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-12-29 20:44 . 2009-12-29 20:44 -------- d-----w- c:\program files\Zone Labs
2009-12-29 17:47 . 2009-12-29 17:47 -------- d-----w- c:\program files\Nová složka (2)
2009-12-29 17:35 . 2009-12-20 16:40 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2009-12-29 17:25 . 2009-12-29 17:35 -------- d-----w- c:\program files\RevoUninstaler
2009-12-29 12:06 . 2009-12-29 12:08 -------- d-----w- C:\TCleanerOdstraneníistícíchUtilitzPC
2009-12-28 20:52 . 2009-12-28 20:52 -------- d-----w- c:\program files\trend micro
2009-12-25 14:04 . 2009-12-25 14:04 -------- d-----w- c:\program files\DIFX
2009-12-25 14:04 . 2009-12-26 16:45 -------- d-----w- c:\program files\Garmin
2009-12-25 14:04 . 2009-12-26 14:21 -------- d-----w- C:\Garmin
2009-12-21 22:21 . 2009-12-21 22:28 -------- d-----w- c:\program files\CCleaner
2009-12-13 00:09 . 2009-12-13 01:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-12 22:29 . 2009-12-13 01:07 -------- d-----w- c:\program files\JAVASUN
2009-12-12 22:13 . 2009-12-12 22:15 -------- d-----w- c:\program files\JavaObnovaVerzí
2009-12-12 21:47 . 2009-12-12 21:51 -------- d-----w- c:\program files\OTCcleaner
2009-12-12 20:27 . 2009-12-12 20:28 -------- d-----w- C:\HijackThis
2009-12-10 00:56 . 2009-12-10 01:14 -------- d-----w- c:\program files\GOMplayer
2009-12-09 00:10 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\71871562.sys
2009-12-09 00:10 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\7187156.sys
2009-12-09 00:10 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\71871561.sys
2009-12-08 18:24 . 2009-12-09 20:55 -------- d-----w- C:\UsbFix
2009-12-06 13:12 . 2009-12-06 15:41 -------- d-----w- c:\program files\RootkitRevealer
2009-12-06 09:23 . 2009-12-06 09:32 -------- d-----w- c:\program files\MobilePartner
2009-12-05 14:21 . 2009-12-28 13:51 -------- d-----w- c:\program files\Opera Turbo
2009-12-04 21:35 . 2009-12-04 21:35 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-12-04 19:20 . 2009-12-04 19:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-04 19:07 . 2009-12-04 19:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-04 12:14 . 2008-09-26 17:01 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2009-12-04 12:14 . 2008-09-26 17:01 113664 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2009-12-04 12:14 . 2008-09-26 17:01 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2009-12-04 12:14 . 2008-09-26 17:00 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2009-12-02 10:17 . 2009-12-05 17:47 -------- d-----w- c:\program files\O2 Mobilni internet
2009-12-01 15:17 . 2009-12-01 15:17 -------- d-----w- c:\program files\directx
2009-12-01 14:57 . 2009-12-01 14:57 -------- d-----w- c:\program files\Nival Interactive

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-29 21:05 . 2009-12-29 21:05 308645 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-12-29 20:44 . 2007-12-15 19:26 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-29 17:56 . 2007-12-15 19:19 -------- d-----w- c:\program files\ZoneAlarm
2009-12-13 00:09 . 2007-11-21 11:01 -------- d-----w- c:\program files\Java
2009-12-12 14:03 . 2007-02-09 14:31 -------- d-----w- c:\program files\VLC Player
2009-12-10 11:25 . 2004-08-18 11:00 81034 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 11:25 . 2004-08-18 11:00 434234 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 13:43 . 2008-01-04 10:06 -------- d-----w- c:\program files\golm
2009-12-04 19:16 . 2009-10-16 14:09 -------- d-----w- c:\program files\SuperaAntiSpyWare
2009-11-30 11:32 . 2009-10-16 13:54 -------- d-----w- c:\program files\MAMBMalwere
2009-11-27 20:18 . 2009-11-27 20:17 -------- d-----w- c:\program files\MalwareBytes
2009-11-27 20:10 . 2009-11-27 20:10 -------- d-----w- c:\program files\MSXML 4.0
2009-11-24 23:54 . 2009-09-11 08:25 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-09-11 08:25 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-09-11 08:25 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-09-11 08:25 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-09-11 08:25 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-09-11 08:25 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-09-11 08:25 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-09-11 08:25 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-09-11 08:25 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2004-08-18 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 11:35 . 2009-11-21 11:33 -------- d-----w- c:\program files\DesetiPrsty
2009-11-19 11:37 . 2009-11-19 11:32 -------- d-----w- c:\program files\anonimizer TOR
2009-11-15 20:00 . 2009-11-15 19:57 -------- d-----w- c:\program files\INKSCAPEgrafika
2009-10-30 21:52 . 2007-04-12 08:32 -------- d-----w- c:\program files\FireFox
2009-10-29 05:26 . 2004-08-18 11:00 668160 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2004-08-18 11:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-18 11:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2009-08-13 06:31 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2004-08-18 11:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2004-08-18 11:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2004-08-18 11:00 150016 ----a-w- c:\windows\system32\rastls.dll
2008-04-14 18:41 . 2008-04-14 18:41 1086613 ----a-w- c:\program files\PowerISO39.exe
2007-12-27 18:46 . 2007-12-27 18:45 1734996 ----a-w- c:\program files\free-ipod-video-converter.exe
2007-02-08 17:36 . 2007-02-08 17:36 11855 ----a-w- c:\program files\DCPlusPlus0694CZ.rar
2007-02-08 17:24 . 2007-02-08 16:46 4277889 ----a-w- c:\program files\sdc203.rar
2007-02-08 17:11 . 2007-02-08 17:11 1201644 ----a-w- c:\program files\wrar37b3.exe
2007-02-08 17:08 . 2007-02-08 17:07 2072464 ----a-w- c:\program files\tcmd7pb3.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-13 149280]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Wireless Utility.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Wireless Utility.lnk
backup=c:\windows\pss\Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^radim^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
C:\ComboFix [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-09-09 03:20 88203 ----a-r- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 15:50 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-09-10 13:53 1312080 ----a-w- c:\program files\MAMBMalwere\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MGSysCtrl]
2006-03-24 14:23 179200 ----a-w- c:\program files\System Control Manager\MGSysCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 03:22 171008 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 10:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
2005-07-08 15:01 1953887 ------w- c:\program files\CyberLink\Power2Go\Power2GoExpress.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-01-20 07:05 217088 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-06-29 00:03 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
2005-08-16 20:54 339968 ----a-w- c:\windows\vsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 11:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-11-23 07:43 2001648 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
2005-08-17 14:57 90112 ----a-w- c:\windows\tsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 14:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\GAMEs\\LOTR II\\game.dat"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Utorent\\uTorrent\\utorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23859:TCP"= 23859:TCP:BitComet 23859 TCP
"23859:UDP"= 23859:UDP:BitComet 23859 UDP
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27.2.2006 8:00 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20.2.2006 9:01 29056]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11.9.2009 9:25 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23.11.2009 8:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.11.2009 8:43 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.9.2009 9:25 20560]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [7.2.2007 10:58 20128]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.4.2007 13:34 639224]
S2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [7.2.2007 10:58 40960]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29.12.2009 18:35 27064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23.11.2009 8:43 7408]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [4.12.2009 22:35 23600]
S3 XVYLU;XVYLU;c:\docume~1\radim\LOCALS~1\Temp\XVYLU.exe --> c:\docume~1\radim\LOCALS~1\Temp\XVYLU.exe [?]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
TCP: {CFFB196D-329C-46D0-8BCD-E32B9DD0022C} = 217.195.160.10,217.195.165.131
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
FF - component: c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
FF - plugin: c:\program files\golm\Real Alternative\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\golm\Real Alternative\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera Turbo\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera Turbo\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\VLC Player\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
MSConfigStartUp-@OnlineArmor GUI - c:\program files\Tall Emu\Online Armor\oaui.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-29 22:13
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-507921405-706699826-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:29,6e,22,45,a7,0c,3c,94,8d,ed,49,35,f2,ae,94,4d,3f,bc,ff,0a,a8,a6,f4,
1a,8d,e2,19,f5,0c,85,79,8f,5a,34,f5,5e,1c,16,4d,21,82,f0,28,ed,23,e5,26,d2,\
"??"=hex:33,11,23,de,0b,d9,1f,29,a6,ce,2a,8b,3d,1b,54,1f
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(468)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-12-29 22:15:15
ComboFix-quarantined-files.txt 2009-12-29 21:15
ComboFix2.txt 2009-12-29 12:33

Před spuštěním: 8 257 417 216
Po spuštění: 8 232 304 640

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 34058BF0A0354630E141513BF46A18C4

meteorolog
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 308
Registrován: 07 led 2007 15:20
Bydliště: Pardubice

Re: Prosím o kontrolu logu

#9 Příspěvek od meteorolog »

otevřte poznámkový blok (Notepad) a zkopírujte do něj následující text:
KillAll::
Driver::
XVYLU

File::
c:\docume~1\radim\LOCALS~1\Temp\XVYLU.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]

Extra::
Firefox::
FF - ProfilePath - FF - ProfilePath - c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\
Soubor uložte na plochu jako CFScript.txt a podle obrázku přetáhněte nad ComboFix

Obrázek

spustí se ComboFix a vykoná příkaz ze skriptu - potom pošlete nový log
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."

"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)

rewer
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 09 říj 2009 09:14

Re: Prosím o kontrolu logu

#10 Příspěvek od rewer »

ComboFix 09-12-28.05 - radim 30.12.2009 16:46:08.9.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.665 [GMT 1:00]
Spuštěný z: c:\documents and settings\radim\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\radim\Plocha\CFScript.txt.txt
AV: avast! antivirus 4.8.1368 [VPS 091230-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\docume~1\radim\LOCALS~1\Temp\XVYLU.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XVYLU
-------\Service_XVYLU


((((((((((((((((((((((((( Soubory vytvořené od 2009-11-28 do 2009-12-30 )))))))))))))))))))))))))))))))
.

2009-12-29 20:44 . 2009-11-22 14:42 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-12-29 20:44 . 2009-11-22 14:42 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-12-29 20:44 . 2009-11-22 14:42 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-12-29 20:44 . 2009-12-29 20:44 -------- d-----w- c:\program files\Zone Labs
2009-12-29 17:47 . 2009-12-29 17:47 -------- d-----w- c:\program files\Nová složka (2)
2009-12-29 17:35 . 2009-12-20 16:40 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2009-12-29 17:25 . 2009-12-29 17:35 -------- d-----w- c:\program files\RevoUninstaler
2009-12-29 12:06 . 2009-12-29 12:08 -------- d-----w- C:\TCleanerOdstraneníistícíchUtilitzPC
2009-12-28 20:52 . 2009-12-28 20:52 -------- d-----w- c:\program files\trend micro
2009-12-25 14:04 . 2009-12-25 14:04 -------- d-----w- c:\program files\DIFX
2009-12-25 14:04 . 2009-12-26 16:45 -------- d-----w- c:\program files\Garmin
2009-12-25 14:04 . 2009-12-26 14:21 -------- d-----w- C:\Garmin
2009-12-21 22:21 . 2009-12-21 22:28 -------- d-----w- c:\program files\CCleaner
2009-12-13 00:09 . 2009-12-13 01:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-12 22:29 . 2009-12-13 01:07 -------- d-----w- c:\program files\JAVASUN
2009-12-12 22:13 . 2009-12-12 22:15 -------- d-----w- c:\program files\JavaObnovaVerzí
2009-12-12 21:47 . 2009-12-12 21:51 -------- d-----w- c:\program files\OTCcleaner
2009-12-12 20:27 . 2009-12-12 20:28 -------- d-----w- C:\HijackThis
2009-12-10 00:56 . 2009-12-10 01:14 -------- d-----w- c:\program files\GOMplayer
2009-12-09 00:10 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\71871562.sys
2009-12-09 00:10 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\7187156.sys
2009-12-09 00:10 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\71871561.sys
2009-12-08 18:24 . 2009-12-09 20:55 -------- d-----w- C:\UsbFix
2009-12-06 13:12 . 2009-12-06 15:41 -------- d-----w- c:\program files\RootkitRevealer
2009-12-06 09:23 . 2009-12-06 09:32 -------- d-----w- c:\program files\MobilePartner
2009-12-05 14:21 . 2009-12-28 13:51 -------- d-----w- c:\program files\Opera Turbo
2009-12-04 21:35 . 2009-12-04 21:35 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-12-04 19:20 . 2009-12-04 19:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-04 19:07 . 2009-12-04 19:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-04 12:14 . 2008-09-26 17:01 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2009-12-04 12:14 . 2008-09-26 17:01 113664 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2009-12-04 12:14 . 2008-09-26 17:01 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2009-12-04 12:14 . 2008-09-26 17:00 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2009-12-02 10:17 . 2009-12-05 17:47 -------- d-----w- c:\program files\O2 Mobilni internet
2009-12-01 15:17 . 2009-12-01 15:17 -------- d-----w- c:\program files\directx
2009-12-01 14:57 . 2009-12-01 14:57 -------- d-----w- c:\program files\Nival Interactive

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 15:54 . 2009-12-29 21:05 1129051 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-12-29 20:44 . 2007-12-15 19:26 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-29 17:56 . 2007-12-15 19:19 -------- d-----w- c:\program files\ZoneAlarm
2009-12-13 00:09 . 2007-11-21 11:01 -------- d-----w- c:\program files\Java
2009-12-12 14:03 . 2007-02-09 14:31 -------- d-----w- c:\program files\VLC Player
2009-12-10 11:25 . 2004-08-18 11:00 81034 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 11:25 . 2004-08-18 11:00 434234 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 13:43 . 2008-01-04 10:06 -------- d-----w- c:\program files\golm
2009-12-04 19:16 . 2009-10-16 14:09 -------- d-----w- c:\program files\SuperaAntiSpyWare
2009-11-30 11:32 . 2009-10-16 13:54 -------- d-----w- c:\program files\MAMBMalwere
2009-11-27 20:18 . 2009-11-27 20:17 -------- d-----w- c:\program files\MalwareBytes
2009-11-27 20:10 . 2009-11-27 20:10 -------- d-----w- c:\program files\MSXML 4.0
2009-11-24 23:54 . 2009-09-11 08:25 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-09-11 08:25 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-09-11 08:25 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-09-11 08:25 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-09-11 08:25 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-09-11 08:25 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-09-11 08:25 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-09-11 08:25 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-09-11 08:25 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2004-08-18 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 11:35 . 2009-11-21 11:33 -------- d-----w- c:\program files\DesetiPrsty
2009-11-19 11:37 . 2009-11-19 11:32 -------- d-----w- c:\program files\anonimizer TOR
2009-11-15 20:00 . 2009-11-15 19:57 -------- d-----w- c:\program files\INKSCAPEgrafika
2009-10-29 05:26 . 2004-08-18 11:00 668160 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2004-08-18 11:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-18 11:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2009-08-13 06:31 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2004-08-18 11:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2004-08-18 11:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2004-08-18 11:00 150016 ----a-w- c:\windows\system32\rastls.dll
2008-04-14 18:41 . 2008-04-14 18:41 1086613 ----a-w- c:\program files\PowerISO39.exe
2007-12-27 18:46 . 2007-12-27 18:45 1734996 ----a-w- c:\program files\free-ipod-video-converter.exe
2007-02-08 17:36 . 2007-02-08 17:36 11855 ----a-w- c:\program files\DCPlusPlus0694CZ.rar
2007-02-08 17:24 . 2007-02-08 16:46 4277889 ----a-w- c:\program files\sdc203.rar
2007-02-08 17:11 . 2007-02-08 17:11 1201644 ----a-w- c:\program files\wrar37b3.exe
2007-02-08 17:08 . 2007-02-08 17:07 2072464 ----a-w- c:\program files\tcmd7pb3.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-13 149280]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Wireless Utility.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Wireless Utility.lnk
backup=c:\windows\pss\Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^radim^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-09-09 03:20 88203 ----a-r- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 15:50 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-09-10 13:53 1312080 ----a-w- c:\program files\MAMBMalwere\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MGSysCtrl]
2006-03-24 14:23 179200 ----a-w- c:\program files\System Control Manager\MGSysCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 03:22 171008 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 10:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
2005-07-08 15:01 1953887 ------w- c:\program files\CyberLink\Power2Go\Power2GoExpress.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-01-20 07:05 217088 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-06-29 00:03 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
2005-08-16 20:54 339968 ----a-w- c:\windows\vsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 11:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-11-23 07:43 2001648 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
2005-08-17 14:57 90112 ----a-w- c:\windows\tsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 14:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\GAMEs\\LOTR II\\game.dat"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Utorent\\uTorrent\\utorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23859:TCP"= 23859:TCP:BitComet 23859 TCP
"23859:UDP"= 23859:UDP:BitComet 23859 UDP
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27.2.2006 8:00 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20.2.2006 9:01 29056]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11.9.2009 9:25 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23.11.2009 8:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.11.2009 8:43 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.9.2009 9:25 20560]
R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [7.2.2007 10:58 40960]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [7.2.2007 10:58 20128]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29.12.2009 18:35 27064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23.11.2009 8:43 7408]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [4.12.2009 22:35 23600]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.4.2007 13:34 639224]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
TCP: {CFFB196D-329C-46D0-8BCD-E32B9DD0022C} = 217.195.160.10,217.195.165.131
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
FF - component: c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
FF - plugin: c:\program files\golm\Real Alternative\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\golm\Real Alternative\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera Turbo\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera Turbo\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\VLC Player\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-30 16:54
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-507921405-706699826-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:29,6e,22,45,a7,0c,3c,94,8d,ed,49,35,f2,ae,94,4d,3f,bc,ff,0a,a8,a6,f4,
1a,8d,e2,19,f5,0c,85,79,8f,5a,34,f5,5e,1c,16,4d,21,82,f0,28,ed,23,e5,26,d2,\
"??"=hex:33,11,23,de,0b,d9,1f,29,a6,ce,2a,8b,3d,1b,54,1f
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(472)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3600)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\o2flash.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2009-12-30 16:59:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-30 15:59
ComboFix2.txt 2009-12-29 21:15
ComboFix3.txt 2009-12-29 12:33

Před spuštěním: 8 145 653 760
Po spuštění: 8 067 883 008

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 122C78C51BD254606C995596DBD72C64

meteorolog
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 308
Registrován: 07 led 2007 15:20
Bydliště: Pardubice

Re: Prosím o kontrolu logu

#11 Příspěvek od meteorolog »

OK :)

znovu použijte http://sweb.cz/Marinus/T-Cleaner.exe - pro potvrzení stiskněte vždy klávesu A nebo Enter
(utilita může být označena antivirem jako vir - po použití ji smažte)

potom CCleaner - položky Čistič a Registry - čištění opakujte do odstranění všech problémů

a nakonec ATF Cleaner - http://www.atribune.org/ccount/click.php?id=1:

po spuštění staženého souboru se objeví okno:

Obrázek

zatrhněte Select All, klikněte na Empty Selected a Exit

stejným způsobem vymažte případně cache Firefoxu a Opery :-)

restartujte PC
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."

"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)

rewer
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 09 říj 2009 09:14

Re: Prosím o kontrolu logu

#12 Příspěvek od rewer »

Použil jsem TCleaner , CCleaner a ATFCleaner podle návodu , vyzkoušel FireFox zatím dobrý , ale Opera spadla během chvíle .

meteorolog
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 308
Registrován: 07 led 2007 15:20
Bydliště: Pardubice

Re: Prosím o kontrolu logu

#13 Příspěvek od meteorolog »

Opera - vymazal jste opravdu ATF Cleanerem celou cache? Jakou máte verzi, píše to nějakou chybu?
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."

"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)

rewer
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 09 říj 2009 09:14

Re: Prosím o kontrolu logu

#14 Příspěvek od rewer »

Opera i Firefox zatím ok , tak snad to vydrží . Děkuji za rady .

meteorolog
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 308
Registrován: 07 led 2007 15:20
Bydliště: Pardubice

Re: Prosím o kontrolu logu

#15 Příspěvek od meteorolog »

nemáte zač :)
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."

"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)

Odpovědět