
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Díky za kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Díky za kontrolu
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 17:29 on 10/03/2010 by Administrátor Petr (Administrator - Elevation successful)
========== filefind ==========
Searching for "Sunbelt.*"
No files found.
========== regfind ==========
Searching for "Sunbelt"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="Sunbelt Software"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="Sunbelt Software"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5604]
"000"="Sunbelt Software"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Sunbelt Software]
[HKEY_CURRENT_USER\Software\Sunbelt Software]
[HKEY_LOCAL_MACHINE\SOFTWARE\Sunbelt Software]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_USERS\.DEFAULT\Software\Sunbelt Software]
[HKEY_USERS\S-1-5-21-1004336348-1993962763-1417001333-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="Sunbelt Software"
[HKEY_USERS\S-1-5-21-1004336348-1993962763-1417001333-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="Sunbelt Software"
[HKEY_USERS\S-1-5-21-1004336348-1993962763-1417001333-1003\Software\Microsoft\Search Assistant\ACMru\5604]
"000"="Sunbelt Software"
[HKEY_USERS\S-1-5-21-1004336348-1993962763-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Sunbelt Software]
[HKEY_USERS\S-1-5-21-1004336348-1993962763-1417001333-1003\Software\Sunbelt Software]
[HKEY_USERS\S-1-5-18\Software\Sunbelt Software]
========== folderfind ==========
Searching for "Sunbelt"
No folders found.
-=End Of File=-
Log created at 17:29 on 10/03/2010 by Administrátor Petr (Administrator - Elevation successful)
========== filefind ==========
Searching for "Sunbelt.*"
No files found.
========== regfind ==========
Searching for "Sunbelt"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="Sunbelt Software"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="Sunbelt Software"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5604]
"000"="Sunbelt Software"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Sunbelt Software]
[HKEY_CURRENT_USER\Software\Sunbelt Software]
[HKEY_LOCAL_MACHINE\SOFTWARE\Sunbelt Software]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E452D170-E253-48BF-B13F-B88CB6548DD3}\Ndi]
"HelpText"="Sunbelt Software Firewall NDIS IM Filter"
[HKEY_USERS\.DEFAULT\Software\Sunbelt Software]
[HKEY_USERS\S-1-5-21-1004336348-1993962763-1417001333-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="Sunbelt Software"
[HKEY_USERS\S-1-5-21-1004336348-1993962763-1417001333-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="Sunbelt Software"
[HKEY_USERS\S-1-5-21-1004336348-1993962763-1417001333-1003\Software\Microsoft\Search Assistant\ACMru\5604]
"000"="Sunbelt Software"
[HKEY_USERS\S-1-5-21-1004336348-1993962763-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Sunbelt Software]
[HKEY_USERS\S-1-5-21-1004336348-1993962763-1417001333-1003\Software\Sunbelt Software]
[HKEY_USERS\S-1-5-18\Software\Sunbelt Software]
========== folderfind ==========
Searching for "Sunbelt"
No folders found.
-=End Of File=-
- Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Díky za kontrolu

Kód: Vybrat vše
REGEDIT4
[-HKEY_USERS\S-1-5-21-1004336348-1993962763-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Sunbelt Software]
[-HKEY_USERS\S-1-5-21-1004336348-1993962763-1417001333-1003\Software\Sunbelt Software]
[-HKEY_USERS\S-1-5-18\Software\Sunbelt Software]
[-HKEY_USERS\.DEFAULT\Software\Sunbelt Software]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Sunbelt Software]
[-HKEY_CURRENT_USER\Software\Sunbelt Software]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Sunbelt Software]
Re: Díky za kontrolu
CITUJI
---------------------------
Editor registru
---------------------------
Do registru byly úspěšně uloženy informace, obsažené v C:\Documents and Settings\Administrátor Petr\Plocha\smazani.reg.
---------------------------
OK
---------------------------
---------------------------
Editor registru
---------------------------
Do registru byly úspěšně uloženy informace, obsažené v C:\Documents and Settings\Administrátor Petr\Plocha\smazani.reg.
---------------------------
OK
---------------------------
- Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Díky za kontrolu
stále to nejde zkusím ještě po tom čištění restartovat stroj
- Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
- Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Díky za kontrolu

- Rozbalte a spusťte, klikněte na záložku Drivers, poté klikněte na Scan.
- Po dokončení skenu klikněte na Save Report, tím uložíte log, zkopírujte ho sem.
Re: Díky za kontrolu
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/03/10 18:13
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xB7E6E000 Size: 188288 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2068224 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA9220000 Size: 138496 File Visible: - Signed: -
Status: -
Name: ajgz0wsa.SYS
Image Path: C:\WINDOWS\System32\Drivers\ajgz0wsa.SYS
Address: 0xB69BC000 Size: 233472 File Visible: - Signed: -
Status: -
Name: ALCXWDM.SYS
Image Path: C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Address: 0xB6A33000 Size: 4017536 File Visible: - Signed: -
Status: -
Name: AmdK8.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AmdK8.sys
Address: 0xB81A8000 Size: 57344 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0xB7E00000 Size: 98304 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0x00000000 Size: 0 File Visible: - Signed: -
Status: -
Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -
Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xB8746000 Size: 3072 File Visible: - Signed: -
Status: -
Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xA910E000 Size: 328576 File Visible: - Signed: -
Status: -
Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xB14C2000 Size: 21120 File Visible: - Signed: -
Status: -
Name: avgrkx86.sys
Image Path: avgrkx86.sys
Address: 0xB85B0000 Size: 5888 File Visible: - Signed: -
Status: -
Name: avgtdix.sys
Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys
Address: 0xA926A000 Size: 101888 File Visible: - Signed: -
Status: -
Name: BATTC.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xB84C0000 Size: 16384 File Visible: - Signed: -
Status: -
Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xB863C000 Size: 4224 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xB84B8000 Size: 12288 File Visible: - Signed: -
Status: -
Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xB1E0C000 Size: 63744 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xB82B8000 Size: 62976 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xB80F8000 Size: 53248 File Visible: - Signed: -
Status: -
Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xB84BC000 Size: 10240 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: disk.sys
Address: 0xB80E8000 Size: 36352 File Visible: - Signed: -
Status: -
Name: dmio.sys
Image Path: dmio.sys
Address: 0xB7E18000 Size: 153856 File Visible: - Signed: -
Status: -
Name: dmload.sys
Image Path: dmload.sys
Address: 0xB85AE000 Size: 5888 File Visible: - Signed: -
Status: -
Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xB8308000 Size: 61440 File Visible: - Signed: -
Status: -
Name: dump_diskdump.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_diskdump.sys
Address: 0xB8570000 Size: 16384 File Visible: No Signed: -
Status: -
Name: dump_viamraid.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_viamraid.sys
Address: 0xB648E000 Size: 61440 File Visible: No Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB58A2000 Size: 12288 File Visible: - Signed: -
Status: -
Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBD000000 Size: 73728 File Visible: - Signed: -
Status: -
Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xB87F2000 Size: 4096 File Visible: - Signed: -
Status: -
Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xB8480000 Size: 27392 File Visible: - Signed: -
Status: -
Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xAA64E000 Size: 44544 File Visible: - Signed: -
Status: -
Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xB44BD000 Size: 20480 File Visible: - Signed: -
Status: -
Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xB7DE0000 Size: 129792 File Visible: - Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xB8644000 Size: 7936 File Visible: - Signed: -
Status: -
Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xB7E3E000 Size: 125184 File Visible: - Signed: -
Status: -
Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806D0000 Size: 131840 File Visible: - Signed: -
Status: -
Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xB1DEC000 Size: 36864 File Visible: - Signed: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xB44FD000 Size: 28672 File Visible: - Signed: -
Status: -
Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xA976F000 Size: 10368 File Visible: - Signed: -
Status: -
Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA7D1D000 Size: 265728 File Visible: - Signed: -
Status: -
Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xB8318000 Size: 52096 File Visible: - Signed: -
Status: -
Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xB82A8000 Size: 42112 File Visible: - Signed: -
Status: -
Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA915F000 Size: 152832 File Visible: - Signed: -
Status: -
Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA92DC000 Size: 75264 File Visible: - Signed: -
Status: -
Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xB80A8000 Size: 37248 File Visible: - Signed: -
Status: -
Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xB8488000 Size: 24576 File Visible: - Signed: -
Status: -
Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xB85A8000 Size: 8192 File Visible: - Signed: -
Status: -
Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA6AE7000 Size: 172416 File Visible: - Signed: -
Status: -
Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB6EE5000 Size: 143360 File Visible: - Signed: -
Status: -
Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xB7DB7000 Size: 92928 File Visible: - Signed: -
Status: -
Name: L8042Kbd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
Address: 0xB7CAB000 Size: 13568 File Visible: - Signed: -
Status: -
Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xB8654000 Size: 4224 File Visible: - Signed: -
Status: -
Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xB36D7000 Size: 23040 File Visible: - Signed: -
Status: -
Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xA9763000 Size: 12160 File Visible: - Signed: -
Status: -
Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xB80B8000 Size: 42368 File Visible: - Signed: -
Status: -
Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA859A000 Size: 180608 File Visible: - Signed: -
Status: -
Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA9185000 Size: 455424 File Visible: - Signed: -
Status: -
Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xB36FF000 Size: 19072 File Visible: - Signed: -
Status: -
Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xB8198000 Size: 35072 File Visible: - Signed: -
Status: -
Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xB58B2000 Size: 15488 File Visible: - Signed: -
Status: -
Name: Mup.sys
Image Path: Mup.sys
Address: 0xB7CE3000 Size: 105344 File Visible: - Signed: -
Status: -
Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xB7CFD000 Size: 182656 File Visible: - Signed: -
Status: -
Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xB7CA3000 Size: 10112 File Visible: - Signed: -
Status: -
Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA9773000 Size: 14592 File Visible: - Signed: -
Status: -
Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB67E0000 Size: 91520 File Visible: - Signed: -
Status: -
Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xB8288000 Size: 40576 File Visible: - Signed: -
Status: -
Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xAA65E000 Size: 34688 File Visible: - Signed: -
Status: -
Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA9242000 Size: 162816 File Visible: - Signed: -
Status: -
Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xB36F7000 Size: 30848 File Visible: - Signed: -
Status: -
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB7D2A000 Size: 574976 File Visible: - Signed: -
Status: -
Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2068224 File Visible: - Signed: -
Status: -
Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xA9C40000 Size: 2944 File Visible: - Signed: -
Status: -
Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBD012000 Size: 6361088 File Visible: - Signed: -
Status: -
Name: nv4_mini.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xB6FCA000 Size: 10276768 File Visible: - Signed: -
Status: -
Name: nvmpu401.sys
Image Path: C:\WINDOWS\system32\drivers\nvmpu401.sys
Address: 0xB7CA7000 Size: 10240 File Visible: - Signed: -
Status: -
Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xB6851000 Size: 80000 File Visible: - Signed: -
Status: -
Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xB8330000 Size: 19712 File Visible: - Signed: -
Status: -
Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xB85BA000 Size: 6784 File Visible: - Signed: -
Status: -
Name: pci.sys
Image Path: pci.sys
Address: 0xB7E5D000 Size: 68736 File Visible: - Signed: -
Status: -
Name: PCI_PNP0862
Image Path: \Driver\PCI_PNP0862
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: pciide.sys
Image Path: pciide.sys
Address: 0xB8670000 Size: 3328 File Visible: - Signed: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xB8328000 Size: 28672 File Visible: - Signed: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2068224 File Visible: - Signed: -
Status: -
Name: point32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\point32.sys
Address: 0xB8490000 Size: 21760 File Visible: - Signed: -
Status: -
Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB6A0F000 Size: 147456 File Visible: - Signed: -
Status: -
Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB67B0000 Size: 69120 File Visible: - Signed: -
Status: -
Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xB36E7000 Size: 17792 File Visible: - Signed: -
Status: -
Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xB8108000 Size: 35712 File Visible: - Signed: -
Status: -
Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xAB310000 Size: 8832 File Visible: - Signed: -
Status: -
Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xB8148000 Size: 51328 File Visible: - Signed: -
Status: -
Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xB8168000 Size: 41472 File Visible: - Signed: -
Status: -
Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xB8178000 Size: 48384 File Visible: - Signed: -
Status: -
Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xB36DF000 Size: 16512 File Visible: - Signed: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2068224 File Visible: - Signed: -
Status: -
Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA91F5000 Size: 175744 File Visible: - Signed: -
Status: -
Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xB8656000 Size: 4224 File Visible: - Signed: -
Status: -
Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB0CF5000 Size: 196224 File Visible: - Signed: -
Status: -
Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xB82C8000 Size: 58496 File Visible: - Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA6C32000 Size: 49152 File Visible: No Signed: -
Status: -
Name: Rtnicxp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
Address: 0xB69F5000 Size: 104320 File Visible: - Signed: -
Status: -
Name: SbFw.sys
Image Path: C:\WINDOWS\system32\drivers\SbFw.sys
Address: 0xA92EF000 Size: 265472 File Visible: - Signed: -
Status: -
Name: sbfwim.sys
Image Path: C:\WINDOWS\system32\DRIVERS\sbfwim.sys
Address: 0xB1E1C000 Size: 60160 File Visible: - Signed: -
Status: -
Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xB7E9C000 Size: 98304 File Visible: - Signed: -
Status: -
Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xB7CAF000 Size: 15744 File Visible: - Signed: -
Status: -
Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xB8188000 Size: 64256 File Visible: - Signed: -
Status: -
Name: snpstd3.sys
Image Path: C:\WINDOWS\system32\DRIVERS\snpstd3.sys
Address: 0xA8760000 Size: 10148480 File Visible: - Signed: -
Status: -
Name: spel.sys
Image Path: spel.sys
Address: 0xB7EB4000 Size: 995328 File Visible: No Signed: -
Status: -
Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: sr.sys
Image Path: sr.sys
Address: 0xB7DCE000 Size: 73344 File Visible: - Signed: -
Status: -
Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA8376000 Size: 353792 File Visible: - Signed: -
Status: -
Name: StarOpen.SYS
Image Path: C:\WINDOWS\System32\Drivers\StarOpen.SYS
Address: 0xB36EF000 Size: 24576 File Visible: - Signed: -
Status: -
Name: STREAM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\STREAM.SYS
Address: 0xB64BE000 Size: 53248 File Visible: - Signed: -
Status: -
Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xB863E000 Size: 4352 File Visible: - Signed: -
Status: -
Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB35EC000 Size: 60800 File Visible: - Signed: -
Status: -
Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA9283000 Size: 361600 File Visible: - Signed: -
Status: -
Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xB8498000 Size: 20480 File Visible: - Signed: -
Status: -
Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xB35BC000 Size: 40704 File Visible: - Signed: -
Status: -
Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB0BF7000 Size: 384768 File Visible: - Signed: -
Status: -
Name: usbaudio.sys
Image Path: C:\WINDOWS\system32\drivers\usbaudio.sys
Address: 0xB54C3000 Size: 60032 File Visible: - Signed: -
Status: -
Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xB14BA000 Size: 32128 File Visible: - Signed: -
Status: -
Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xB8666000 Size: 8192 File Visible: - Signed: -
Status: -
Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xB8410000 Size: 30208 File Visible: - Signed: -
Status: -
Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xB82D8000 Size: 59520 File Visible: - Signed: -
Status: -
Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB6E6E000 Size: 147456 File Visible: - Signed: -
Status: -
Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xB8408000 Size: 20608 File Visible: - Signed: -
Status: -
Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xB3707000 Size: 20992 File Visible: - Signed: -
Status: -
Name: viaagp1.sys
Image Path: viaagp1.sys
Address: 0xB8338000 Size: 27904 File Visible: - Signed: -
Status: -
Name: viaide.sys
Image Path: viaide.sys
Address: 0xB85AC000 Size: 5376 File Visible: - Signed: -
Status: -
Name: viamraid.sys
Image Path: viamraid.sys
Address: 0xB80D8000 Size: 60928 File Visible: - Signed: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB6F40000 Size: 81920 File Visible: - Signed: -
Status: -
Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xB80C8000 Size: 52480 File Visible: - Signed: -
Status: -
Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xAA62E000 Size: 34560 File Visible: - Signed: -
Status: -
Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xB83A8000 Size: 20480 File Visible: - Signed: -
Status: -
Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA855D000 Size: 83072 File Visible: - Signed: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -
Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -
Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\WMILIB.SYS
Address: 0xB85AA000 Size: 8192 File Visible: - Signed: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2068224 File Visible: - Signed: -
Status: -
==================================================
Scan Start Time: 2010/03/10 18:13
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xB7E6E000 Size: 188288 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2068224 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA9220000 Size: 138496 File Visible: - Signed: -
Status: -
Name: ajgz0wsa.SYS
Image Path: C:\WINDOWS\System32\Drivers\ajgz0wsa.SYS
Address: 0xB69BC000 Size: 233472 File Visible: - Signed: -
Status: -
Name: ALCXWDM.SYS
Image Path: C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Address: 0xB6A33000 Size: 4017536 File Visible: - Signed: -
Status: -
Name: AmdK8.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AmdK8.sys
Address: 0xB81A8000 Size: 57344 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0xB7E00000 Size: 98304 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0x00000000 Size: 0 File Visible: - Signed: -
Status: -
Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -
Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xB8746000 Size: 3072 File Visible: - Signed: -
Status: -
Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xA910E000 Size: 328576 File Visible: - Signed: -
Status: -
Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xB14C2000 Size: 21120 File Visible: - Signed: -
Status: -
Name: avgrkx86.sys
Image Path: avgrkx86.sys
Address: 0xB85B0000 Size: 5888 File Visible: - Signed: -
Status: -
Name: avgtdix.sys
Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys
Address: 0xA926A000 Size: 101888 File Visible: - Signed: -
Status: -
Name: BATTC.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xB84C0000 Size: 16384 File Visible: - Signed: -
Status: -
Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xB863C000 Size: 4224 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xB84B8000 Size: 12288 File Visible: - Signed: -
Status: -
Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xB1E0C000 Size: 63744 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xB82B8000 Size: 62976 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xB80F8000 Size: 53248 File Visible: - Signed: -
Status: -
Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xB84BC000 Size: 10240 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: disk.sys
Address: 0xB80E8000 Size: 36352 File Visible: - Signed: -
Status: -
Name: dmio.sys
Image Path: dmio.sys
Address: 0xB7E18000 Size: 153856 File Visible: - Signed: -
Status: -
Name: dmload.sys
Image Path: dmload.sys
Address: 0xB85AE000 Size: 5888 File Visible: - Signed: -
Status: -
Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xB8308000 Size: 61440 File Visible: - Signed: -
Status: -
Name: dump_diskdump.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_diskdump.sys
Address: 0xB8570000 Size: 16384 File Visible: No Signed: -
Status: -
Name: dump_viamraid.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_viamraid.sys
Address: 0xB648E000 Size: 61440 File Visible: No Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB58A2000 Size: 12288 File Visible: - Signed: -
Status: -
Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBD000000 Size: 73728 File Visible: - Signed: -
Status: -
Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xB87F2000 Size: 4096 File Visible: - Signed: -
Status: -
Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xB8480000 Size: 27392 File Visible: - Signed: -
Status: -
Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xAA64E000 Size: 44544 File Visible: - Signed: -
Status: -
Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xB44BD000 Size: 20480 File Visible: - Signed: -
Status: -
Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xB7DE0000 Size: 129792 File Visible: - Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xB8644000 Size: 7936 File Visible: - Signed: -
Status: -
Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xB7E3E000 Size: 125184 File Visible: - Signed: -
Status: -
Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806D0000 Size: 131840 File Visible: - Signed: -
Status: -
Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xB1DEC000 Size: 36864 File Visible: - Signed: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xB44FD000 Size: 28672 File Visible: - Signed: -
Status: -
Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xA976F000 Size: 10368 File Visible: - Signed: -
Status: -
Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA7D1D000 Size: 265728 File Visible: - Signed: -
Status: -
Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xB8318000 Size: 52096 File Visible: - Signed: -
Status: -
Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xB82A8000 Size: 42112 File Visible: - Signed: -
Status: -
Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA915F000 Size: 152832 File Visible: - Signed: -
Status: -
Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA92DC000 Size: 75264 File Visible: - Signed: -
Status: -
Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xB80A8000 Size: 37248 File Visible: - Signed: -
Status: -
Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xB8488000 Size: 24576 File Visible: - Signed: -
Status: -
Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xB85A8000 Size: 8192 File Visible: - Signed: -
Status: -
Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA6AE7000 Size: 172416 File Visible: - Signed: -
Status: -
Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB6EE5000 Size: 143360 File Visible: - Signed: -
Status: -
Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xB7DB7000 Size: 92928 File Visible: - Signed: -
Status: -
Name: L8042Kbd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
Address: 0xB7CAB000 Size: 13568 File Visible: - Signed: -
Status: -
Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xB8654000 Size: 4224 File Visible: - Signed: -
Status: -
Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xB36D7000 Size: 23040 File Visible: - Signed: -
Status: -
Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xA9763000 Size: 12160 File Visible: - Signed: -
Status: -
Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xB80B8000 Size: 42368 File Visible: - Signed: -
Status: -
Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA859A000 Size: 180608 File Visible: - Signed: -
Status: -
Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA9185000 Size: 455424 File Visible: - Signed: -
Status: -
Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xB36FF000 Size: 19072 File Visible: - Signed: -
Status: -
Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xB8198000 Size: 35072 File Visible: - Signed: -
Status: -
Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xB58B2000 Size: 15488 File Visible: - Signed: -
Status: -
Name: Mup.sys
Image Path: Mup.sys
Address: 0xB7CE3000 Size: 105344 File Visible: - Signed: -
Status: -
Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xB7CFD000 Size: 182656 File Visible: - Signed: -
Status: -
Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xB7CA3000 Size: 10112 File Visible: - Signed: -
Status: -
Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA9773000 Size: 14592 File Visible: - Signed: -
Status: -
Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB67E0000 Size: 91520 File Visible: - Signed: -
Status: -
Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xB8288000 Size: 40576 File Visible: - Signed: -
Status: -
Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xAA65E000 Size: 34688 File Visible: - Signed: -
Status: -
Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA9242000 Size: 162816 File Visible: - Signed: -
Status: -
Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xB36F7000 Size: 30848 File Visible: - Signed: -
Status: -
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB7D2A000 Size: 574976 File Visible: - Signed: -
Status: -
Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2068224 File Visible: - Signed: -
Status: -
Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xA9C40000 Size: 2944 File Visible: - Signed: -
Status: -
Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBD012000 Size: 6361088 File Visible: - Signed: -
Status: -
Name: nv4_mini.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xB6FCA000 Size: 10276768 File Visible: - Signed: -
Status: -
Name: nvmpu401.sys
Image Path: C:\WINDOWS\system32\drivers\nvmpu401.sys
Address: 0xB7CA7000 Size: 10240 File Visible: - Signed: -
Status: -
Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xB6851000 Size: 80000 File Visible: - Signed: -
Status: -
Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xB8330000 Size: 19712 File Visible: - Signed: -
Status: -
Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xB85BA000 Size: 6784 File Visible: - Signed: -
Status: -
Name: pci.sys
Image Path: pci.sys
Address: 0xB7E5D000 Size: 68736 File Visible: - Signed: -
Status: -
Name: PCI_PNP0862
Image Path: \Driver\PCI_PNP0862
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: pciide.sys
Image Path: pciide.sys
Address: 0xB8670000 Size: 3328 File Visible: - Signed: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xB8328000 Size: 28672 File Visible: - Signed: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2068224 File Visible: - Signed: -
Status: -
Name: point32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\point32.sys
Address: 0xB8490000 Size: 21760 File Visible: - Signed: -
Status: -
Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB6A0F000 Size: 147456 File Visible: - Signed: -
Status: -
Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB67B0000 Size: 69120 File Visible: - Signed: -
Status: -
Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xB36E7000 Size: 17792 File Visible: - Signed: -
Status: -
Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xB8108000 Size: 35712 File Visible: - Signed: -
Status: -
Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xAB310000 Size: 8832 File Visible: - Signed: -
Status: -
Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xB8148000 Size: 51328 File Visible: - Signed: -
Status: -
Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xB8168000 Size: 41472 File Visible: - Signed: -
Status: -
Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xB8178000 Size: 48384 File Visible: - Signed: -
Status: -
Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xB36DF000 Size: 16512 File Visible: - Signed: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2068224 File Visible: - Signed: -
Status: -
Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA91F5000 Size: 175744 File Visible: - Signed: -
Status: -
Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xB8656000 Size: 4224 File Visible: - Signed: -
Status: -
Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB0CF5000 Size: 196224 File Visible: - Signed: -
Status: -
Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xB82C8000 Size: 58496 File Visible: - Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA6C32000 Size: 49152 File Visible: No Signed: -
Status: -
Name: Rtnicxp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
Address: 0xB69F5000 Size: 104320 File Visible: - Signed: -
Status: -
Name: SbFw.sys
Image Path: C:\WINDOWS\system32\drivers\SbFw.sys
Address: 0xA92EF000 Size: 265472 File Visible: - Signed: -
Status: -
Name: sbfwim.sys
Image Path: C:\WINDOWS\system32\DRIVERS\sbfwim.sys
Address: 0xB1E1C000 Size: 60160 File Visible: - Signed: -
Status: -
Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xB7E9C000 Size: 98304 File Visible: - Signed: -
Status: -
Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xB7CAF000 Size: 15744 File Visible: - Signed: -
Status: -
Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xB8188000 Size: 64256 File Visible: - Signed: -
Status: -
Name: snpstd3.sys
Image Path: C:\WINDOWS\system32\DRIVERS\snpstd3.sys
Address: 0xA8760000 Size: 10148480 File Visible: - Signed: -
Status: -
Name: spel.sys
Image Path: spel.sys
Address: 0xB7EB4000 Size: 995328 File Visible: No Signed: -
Status: -
Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: sr.sys
Image Path: sr.sys
Address: 0xB7DCE000 Size: 73344 File Visible: - Signed: -
Status: -
Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA8376000 Size: 353792 File Visible: - Signed: -
Status: -
Name: StarOpen.SYS
Image Path: C:\WINDOWS\System32\Drivers\StarOpen.SYS
Address: 0xB36EF000 Size: 24576 File Visible: - Signed: -
Status: -
Name: STREAM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\STREAM.SYS
Address: 0xB64BE000 Size: 53248 File Visible: - Signed: -
Status: -
Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xB863E000 Size: 4352 File Visible: - Signed: -
Status: -
Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB35EC000 Size: 60800 File Visible: - Signed: -
Status: -
Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA9283000 Size: 361600 File Visible: - Signed: -
Status: -
Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xB8498000 Size: 20480 File Visible: - Signed: -
Status: -
Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xB35BC000 Size: 40704 File Visible: - Signed: -
Status: -
Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB0BF7000 Size: 384768 File Visible: - Signed: -
Status: -
Name: usbaudio.sys
Image Path: C:\WINDOWS\system32\drivers\usbaudio.sys
Address: 0xB54C3000 Size: 60032 File Visible: - Signed: -
Status: -
Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xB14BA000 Size: 32128 File Visible: - Signed: -
Status: -
Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xB8666000 Size: 8192 File Visible: - Signed: -
Status: -
Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xB8410000 Size: 30208 File Visible: - Signed: -
Status: -
Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xB82D8000 Size: 59520 File Visible: - Signed: -
Status: -
Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB6E6E000 Size: 147456 File Visible: - Signed: -
Status: -
Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xB8408000 Size: 20608 File Visible: - Signed: -
Status: -
Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xB3707000 Size: 20992 File Visible: - Signed: -
Status: -
Name: viaagp1.sys
Image Path: viaagp1.sys
Address: 0xB8338000 Size: 27904 File Visible: - Signed: -
Status: -
Name: viaide.sys
Image Path: viaide.sys
Address: 0xB85AC000 Size: 5376 File Visible: - Signed: -
Status: -
Name: viamraid.sys
Image Path: viamraid.sys
Address: 0xB80D8000 Size: 60928 File Visible: - Signed: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB6F40000 Size: 81920 File Visible: - Signed: -
Status: -
Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xB80C8000 Size: 52480 File Visible: - Signed: -
Status: -
Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xAA62E000 Size: 34560 File Visible: - Signed: -
Status: -
Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xB83A8000 Size: 20480 File Visible: - Signed: -
Status: -
Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA855D000 Size: 83072 File Visible: - Signed: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -
Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -
Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\WMILIB.SYS
Address: 0xB85AA000 Size: 8192 File Visible: - Signed: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2068224 File Visible: - Signed: -
Status: -
- Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Díky za kontrolu

- Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.
Kód: Vybrat vše
Driver::
SbFw
File::
C:\WINDOWS\system32\drivers\SbFw.sys
- Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
- Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
- Po aplikaci na Vás vypadne další log,vložte ho sem
Po provedení tohoto úkonu zkuste nainstalovat firewall (možná nepůjde internet).
Re: Díky za kontrolu
Firewall už mám nainstalovaný
ComboFix 10-03-11.06 - Administrátor Petr 12.03.2010 20:48:04.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1487 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrátor Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrátor Petr\Plocha\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SBFW
-------\Service_SbFw
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-12 do 2010-03-12 )))))))))))))))))))))))))))))))
.
2010-03-11 15:03 . 2010-03-11 15:03 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-10 16:21 . 2010-03-10 16:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-08 19:08 . 2010-03-11 15:02 -------- d-----w- c:\program files\VS Revo Group
2010-03-08 18:54 . 2010-03-08 18:56 -------- d-----w- c:\program files\RegCleaner
2010-03-08 18:41 . 2010-03-08 19:02 48 ----a-w- c:\windows\rafazon.bat
2010-03-08 18:41 . 2010-03-08 18:41 -------- d---a-w- C:\rafazon
2010-03-07 11:02 . 2010-03-07 11:23 -------- d-----w- C:\$AVG8.VAULT$
2010-03-06 11:27 . 2010-03-06 23:40 -------- d-----w- c:\program files\Samsung
2010-03-05 18:01 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-03 16:23 . 2010-03-11 15:02 -------- d-----w- c:\program files\ConMet
2010-03-02 21:11 . 2010-03-02 21:11 -------- d-----w- c:\program files\DIFX
2010-03-02 21:11 . 2010-03-02 21:11 -------- dc----w- c:\windows\system32\DRVSTORE
2010-03-02 19:20 . 2006-05-03 21:53 174592 ----a-w- c:\windows\system32\framedyn.dll
2010-03-02 19:20 . 2003-02-21 17:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-02 19:19 . 2007-05-02 10:11 15112 ----a-w- c:\windows\system32\drivers\ss_mdfl.sys
2010-03-02 19:19 . 2007-05-02 10:11 12424 ----a-w- c:\windows\system32\drivers\ss_whnt.sys
2010-03-02 19:19 . 2007-05-02 10:11 12424 ----a-w- c:\windows\system32\drivers\ss_wh.sys
2010-03-02 19:19 . 2007-05-02 10:11 109704 ----a-w- c:\windows\system32\drivers\ss_mdm.sys
2010-03-02 19:19 . 2007-05-02 10:11 83592 ----a-w- c:\windows\system32\drivers\ss_bus.sys
2010-03-02 19:19 . 2007-05-02 10:11 12424 ----a-w- c:\windows\system32\drivers\ss_cmnt.sys
2010-03-02 19:19 . 2007-05-02 10:11 12424 ----a-w- c:\windows\system32\drivers\ss_cm.sys
2010-03-02 19:19 . 2010-03-11 15:02 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-03-02 19:19 . 2006-07-24 15:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-03-01 20:17 . 2010-03-01 20:17 0 ----a-w- c:\windows\nsreg.dat
2010-02-24 14:57 . 2010-02-24 14:57 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-17 19:44 . 2008-10-31 06:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2010-02-17 19:44 . 2008-06-21 03:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-11 15:02 . 2010-01-11 20:20 -------- d-----w- c:\program files\trend micro
2010-03-08 12:55 . 2010-01-15 15:51 -------- d-----w- c:\program files\CCleaner
2010-03-04 22:35 . 2001-10-25 12:00 83562 ----a-w- c:\windows\system32\perfc005.dat
2010-03-04 22:35 . 2001-10-25 12:00 440812 ----a-w- c:\windows\system32\perfh005.dat
2010-03-02 21:10 . 2010-01-10 19:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-25 20:27 . 2010-01-10 19:31 -------- d-----w- c:\program files\Google
2010-02-24 13:15 . 2010-01-13 07:47 -------- d-----w- c:\program files\Electronic Arts
2010-02-15 20:34 . 2010-02-15 20:33 -------- d-----w- c:\program files\DivX
2010-02-15 20:33 . 2010-02-15 20:33 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-10 19:24 . 2010-02-03 16:51 -------- d-----w- c:\program files\Tolerance Data
2010-02-08 19:00 . 2010-02-08 19:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-02 20:37 . 2010-02-02 20:37 -------- d-----w- c:\program files\Common Files\Java
2010-02-02 20:36 . 2010-01-11 13:42 -------- d-----w- c:\program files\Java
2010-01-31 14:27 . 2010-01-13 17:36 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-31 14:27 . 2010-01-13 07:56 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-29 18:42 . 2010-01-23 09:51 -------- d-----w- c:\program files\QuickTime
2010-01-29 18:41 . 2010-01-29 18:41 -------- d-----w- c:\program files\Common Files\Apple
2010-01-29 18:41 . 2010-01-29 18:41 -------- d-----w- c:\program files\Apple Software Update
2010-01-29 15:17 . 2010-01-29 15:11 26074 ----a-w- c:\windows\War3Unin.dat
2010-01-29 15:11 . 2010-01-29 15:11 2829 ----a-w- c:\windows\War3Unin.pif
2010-01-29 15:11 . 2010-01-29 15:11 126976 ----a-w- c:\windows\War3Unin.exe
2010-01-22 18:19 . 2010-01-10 19:42 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-21 19:39 . 2010-01-21 19:39 -------- d-----w- c:\program files\Pet Soccer
2010-01-20 20:16 . 2010-01-11 16:11 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 19:43 . 2010-01-18 19:19 -------- d-----r- c:\program files\Rapget.RS_Public_v1.0.4.0_cz
2010-01-18 19:31 . 2010-01-18 19:31 -------- d-----w- c:\program files\Reference Assemblies
2010-01-16 21:18 . 2010-01-16 21:17 -------- d-----w- c:\program files\WinPcap
2010-01-16 21:17 . 2010-01-16 21:17 -------- d-----w- c:\program files\SaveTubeVideo.com
2010-01-16 08:11 . 2010-01-10 18:39 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-16 08:11 . 2010-01-10 18:39 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-01-16 08:11 . 2010-01-10 18:40 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-01-16 07:32 . 2010-01-16 07:32 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-15 17:44 . 2010-01-15 17:37 -------- d-----w- c:\program files\Canon
2010-01-15 17:41 . 2010-01-15 17:41 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-01-15 17:41 . 2010-01-15 17:41 -------- d-----w- c:\program files\ScanSoft
2010-01-15 17:38 . 2010-01-15 17:38 -------- d--h--w- c:\program files\CanonBJ
2010-01-15 16:04 . 2010-01-15 16:04 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-15 15:16 . 2010-01-12 20:20 -------- d-----w- c:\program files\Microsoft Works
2010-01-13 20:28 . 2010-01-13 20:28 -------- d-----w- c:\program files\Zoner
2010-01-13 17:36 . 2010-01-13 17:36 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-13 07:47 . 2010-01-13 07:47 1180 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-01-13 07:40 . 2010-01-13 07:40 -------- d-----w- c:\program files\EA Games
2010-01-12 20:20 . 2010-01-12 20:20 -------- d-----w- c:\program files\MSBuild
2010-01-12 20:19 . 2010-01-12 20:19 -------- d-----w- c:\program files\Microsoft.NET
2010-01-12 19:07 . 2010-01-12 19:07 -------- d-----w- c:\program files\MSXML 4.0
2010-01-12 19:05 . 2010-01-12 19:05 -------- d-----w- c:\program files\APC
2010-01-12 14:52 . 2010-01-12 14:47 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-12 14:52 . 2010-01-12 14:52 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-12 11:03 . 2010-01-11 16:31 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-12 11:03 . 2010-01-11 16:31 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-12 11:03 . 2010-01-10 19:11 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-12 11:03 . 2010-01-10 19:10 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 11:03 . 2010-01-10 19:10 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 11:03 . 2010-01-10 19:10 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 11:03 . 2010-01-10 19:10 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 11:03 . 2010-01-10 19:10 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 11:03 . 2009-06-10 17:33 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-12 11:03 . 2009-06-10 17:33 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-12 11:03 . 2009-06-10 17:33 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-11 21:17 . 2010-01-11 21:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-11 21:17 . 2010-01-11 21:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-11 21:17 . 2010-01-11 21:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-11 21:17 . 2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 21:17 . 2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-11 21:17 . 2010-01-11 21:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-01-11 20:32 . 2010-01-11 20:32 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-01-11 20:31 . 2010-01-11 20:32 737280 ----a-w- c:\windows\iun6002.exe
2010-01-11 20:27 . 2010-01-11 20:25 -------- d-----w- c:\program files\ICQ6.5
2010-01-11 20:20 . 2010-01-11 20:20 781909 ----a-w- C:\RSIT.exe
2010-01-11 20:14 . 2010-01-11 20:13 -------- d-----w- c:\program files\Common Files\Nero
2010-01-11 20:13 . 2010-01-11 20:13 -------- d-----w- c:\program files\Nero
2010-01-11 16:48 . 2010-01-11 16:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-11 13:10 . 2010-01-10 19:15 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-11 13:10 . 2010-01-10 19:15 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-11 13:10 . 2010-01-10 19:15 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-11 13:10 . 2010-01-10 19:15 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-11 13:10 . 2010-01-10 19:15 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-01-10 18:37 . 2010-01-10 18:37 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-07 15:07 . 2010-02-08 19:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2010-02-08 19:00 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 09:58 . 2008-08-08 15:43 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2008-08-08 15:43 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2008-08-08 15:43 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2008-04-13 22:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 16:14 . 2010-01-11 13:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-17 07:42 . 2010-01-10 18:36 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2008-04-14 06:51 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
------- Sigcheck -------
[-] 2008-08-08 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-02-08 2343632]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-06-19 262144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-10 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-01-11 2043160]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"ConMet"="c:\program files\ConMet\ConMet.exe" [2010-03-09 4095488]
"nwiz"="nwiz.exe" [BU]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-1-12 221247]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\ovladače\Obrázky přihlašovací obrazovka\ms_rainbow_li\ms-rainbow\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-11 13:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"d:\\Program Files\\Warcraft III\\Warcraft III\\Warcraft III.exe"=
"d:\\Program Files\\Counter Strike 1.6 HD NonSteam\\hl.exe"=
"c:\\Program Files\\SaveTubeVideo.com\\SaveTubeVideo\\downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10.1.2010 20:15 12552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.1.2010 15:52 691696]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10.1.2010 20:15 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10.1.2010 20:15 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11.1.2010 14:10 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11.1.2010 14:10 297752]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [17.2.2010 20:44 65576]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29.1.2010 12:32 135664]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 21:22 34064]
S3 TVICHW32;TVICHW32;\??\c:\windows\system32\DRIVERS\TVICHW32.SYS --> c:\windows\system32\DRIVERS\TVICHW32.SYS [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-03-12 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-01-11 13:11]
2010-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 11:32]
2010-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 11:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {0631F743-D27D-44E8-9921-33739151F79E} = 192.168.1.1,0.0.0.0
FF - ProfilePath - c:\documents and settings\Administrátor Petr\Data aplikací\Mozilla\Firefox\Profiles\kp4wlv32.default\
FF - component: c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\components\swslib.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
Toolbar-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-12 20:53
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89BE91F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80fcf28
\Driver\ACPI -> ACPI.sys @ 0xb7e74cb8
\Driver\atapi -> atapi.sys @ 0xb7e09b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb7d12bb0
PacketIndicateHandler -> NDIS.sys @ 0xb7d1fa21
SendHandler -> NDIS.sys @ 0xb7cfd87b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1004336348-1993962763-1417001333-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:57,73,aa,95,fa,bb,fd,09,8c,38,1b,7c,5d,49,8f,53,bb,ba,e6,14,78,b0,50,
84,d5,d8,43,97,a3,7f,db,e8,9d,ef,23,7e,f2,ca,20,71,eb,79,eb,cf,d2,7c,31,62,\
"??"=hex:59,e0,69,9d,02,82,e7,3d,1c,88,17,20,57,71,d4,cd
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2156)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-03-12 20:57:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-12 19:57
ComboFix2.txt 2010-03-09 20:57
ComboFix3.txt 2010-03-09 15:09
Před spuštěním: Volných bajtů: 416 570 863 616
Po spuštění: Volných bajtů: 416 542 310 400
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - AC4FC734674CBE42C2790580A05E9BDA


ComboFix 10-03-11.06 - Administrátor Petr 12.03.2010 20:48:04.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1487 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrátor Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrátor Petr\Plocha\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SBFW
-------\Service_SbFw
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-12 do 2010-03-12 )))))))))))))))))))))))))))))))
.
2010-03-11 15:03 . 2010-03-11 15:03 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-10 16:21 . 2010-03-10 16:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-08 19:08 . 2010-03-11 15:02 -------- d-----w- c:\program files\VS Revo Group
2010-03-08 18:54 . 2010-03-08 18:56 -------- d-----w- c:\program files\RegCleaner
2010-03-08 18:41 . 2010-03-08 19:02 48 ----a-w- c:\windows\rafazon.bat
2010-03-08 18:41 . 2010-03-08 18:41 -------- d---a-w- C:\rafazon
2010-03-07 11:02 . 2010-03-07 11:23 -------- d-----w- C:\$AVG8.VAULT$
2010-03-06 11:27 . 2010-03-06 23:40 -------- d-----w- c:\program files\Samsung
2010-03-05 18:01 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-03 16:23 . 2010-03-11 15:02 -------- d-----w- c:\program files\ConMet
2010-03-02 21:11 . 2010-03-02 21:11 -------- d-----w- c:\program files\DIFX
2010-03-02 21:11 . 2010-03-02 21:11 -------- dc----w- c:\windows\system32\DRVSTORE
2010-03-02 19:20 . 2006-05-03 21:53 174592 ----a-w- c:\windows\system32\framedyn.dll
2010-03-02 19:20 . 2003-02-21 17:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-02 19:19 . 2007-05-02 10:11 15112 ----a-w- c:\windows\system32\drivers\ss_mdfl.sys
2010-03-02 19:19 . 2007-05-02 10:11 12424 ----a-w- c:\windows\system32\drivers\ss_whnt.sys
2010-03-02 19:19 . 2007-05-02 10:11 12424 ----a-w- c:\windows\system32\drivers\ss_wh.sys
2010-03-02 19:19 . 2007-05-02 10:11 109704 ----a-w- c:\windows\system32\drivers\ss_mdm.sys
2010-03-02 19:19 . 2007-05-02 10:11 83592 ----a-w- c:\windows\system32\drivers\ss_bus.sys
2010-03-02 19:19 . 2007-05-02 10:11 12424 ----a-w- c:\windows\system32\drivers\ss_cmnt.sys
2010-03-02 19:19 . 2007-05-02 10:11 12424 ----a-w- c:\windows\system32\drivers\ss_cm.sys
2010-03-02 19:19 . 2010-03-11 15:02 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-03-02 19:19 . 2006-07-24 15:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-03-01 20:17 . 2010-03-01 20:17 0 ----a-w- c:\windows\nsreg.dat
2010-02-24 14:57 . 2010-02-24 14:57 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-17 19:44 . 2008-10-31 06:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2010-02-17 19:44 . 2008-06-21 03:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-11 15:02 . 2010-01-11 20:20 -------- d-----w- c:\program files\trend micro
2010-03-08 12:55 . 2010-01-15 15:51 -------- d-----w- c:\program files\CCleaner
2010-03-04 22:35 . 2001-10-25 12:00 83562 ----a-w- c:\windows\system32\perfc005.dat
2010-03-04 22:35 . 2001-10-25 12:00 440812 ----a-w- c:\windows\system32\perfh005.dat
2010-03-02 21:10 . 2010-01-10 19:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-25 20:27 . 2010-01-10 19:31 -------- d-----w- c:\program files\Google
2010-02-24 13:15 . 2010-01-13 07:47 -------- d-----w- c:\program files\Electronic Arts
2010-02-15 20:34 . 2010-02-15 20:33 -------- d-----w- c:\program files\DivX
2010-02-15 20:33 . 2010-02-15 20:33 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-10 19:24 . 2010-02-03 16:51 -------- d-----w- c:\program files\Tolerance Data
2010-02-08 19:00 . 2010-02-08 19:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-02 20:37 . 2010-02-02 20:37 -------- d-----w- c:\program files\Common Files\Java
2010-02-02 20:36 . 2010-01-11 13:42 -------- d-----w- c:\program files\Java
2010-01-31 14:27 . 2010-01-13 17:36 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-31 14:27 . 2010-01-13 07:56 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-29 18:42 . 2010-01-23 09:51 -------- d-----w- c:\program files\QuickTime
2010-01-29 18:41 . 2010-01-29 18:41 -------- d-----w- c:\program files\Common Files\Apple
2010-01-29 18:41 . 2010-01-29 18:41 -------- d-----w- c:\program files\Apple Software Update
2010-01-29 15:17 . 2010-01-29 15:11 26074 ----a-w- c:\windows\War3Unin.dat
2010-01-29 15:11 . 2010-01-29 15:11 2829 ----a-w- c:\windows\War3Unin.pif
2010-01-29 15:11 . 2010-01-29 15:11 126976 ----a-w- c:\windows\War3Unin.exe
2010-01-22 18:19 . 2010-01-10 19:42 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-21 19:39 . 2010-01-21 19:39 -------- d-----w- c:\program files\Pet Soccer
2010-01-20 20:16 . 2010-01-11 16:11 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 19:43 . 2010-01-18 19:19 -------- d-----r- c:\program files\Rapget.RS_Public_v1.0.4.0_cz
2010-01-18 19:31 . 2010-01-18 19:31 -------- d-----w- c:\program files\Reference Assemblies
2010-01-16 21:18 . 2010-01-16 21:17 -------- d-----w- c:\program files\WinPcap
2010-01-16 21:17 . 2010-01-16 21:17 -------- d-----w- c:\program files\SaveTubeVideo.com
2010-01-16 08:11 . 2010-01-10 18:39 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-16 08:11 . 2010-01-10 18:39 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-01-16 08:11 . 2010-01-10 18:40 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-01-16 07:32 . 2010-01-16 07:32 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-15 17:44 . 2010-01-15 17:37 -------- d-----w- c:\program files\Canon
2010-01-15 17:41 . 2010-01-15 17:41 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-01-15 17:41 . 2010-01-15 17:41 -------- d-----w- c:\program files\ScanSoft
2010-01-15 17:38 . 2010-01-15 17:38 -------- d--h--w- c:\program files\CanonBJ
2010-01-15 16:04 . 2010-01-15 16:04 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-15 15:16 . 2010-01-12 20:20 -------- d-----w- c:\program files\Microsoft Works
2010-01-13 20:28 . 2010-01-13 20:28 -------- d-----w- c:\program files\Zoner
2010-01-13 17:36 . 2010-01-13 17:36 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-13 07:47 . 2010-01-13 07:47 1180 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-01-13 07:40 . 2010-01-13 07:40 -------- d-----w- c:\program files\EA Games
2010-01-12 20:20 . 2010-01-12 20:20 -------- d-----w- c:\program files\MSBuild
2010-01-12 20:19 . 2010-01-12 20:19 -------- d-----w- c:\program files\Microsoft.NET
2010-01-12 19:07 . 2010-01-12 19:07 -------- d-----w- c:\program files\MSXML 4.0
2010-01-12 19:05 . 2010-01-12 19:05 -------- d-----w- c:\program files\APC
2010-01-12 14:52 . 2010-01-12 14:47 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-12 14:52 . 2010-01-12 14:52 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-12 11:03 . 2010-01-11 16:31 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-12 11:03 . 2010-01-11 16:31 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-12 11:03 . 2010-01-10 19:11 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-12 11:03 . 2010-01-10 19:10 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 11:03 . 2010-01-10 19:10 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 11:03 . 2010-01-10 19:10 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 11:03 . 2010-01-10 19:10 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 11:03 . 2010-01-10 19:10 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 11:03 . 2009-06-10 17:33 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-12 11:03 . 2009-06-10 17:33 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-12 11:03 . 2009-06-10 17:33 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-11 21:17 . 2010-01-11 21:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-11 21:17 . 2010-01-11 21:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-11 21:17 . 2010-01-11 21:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-11 21:17 . 2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 21:17 . 2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-11 21:17 . 2010-01-11 21:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-01-11 20:32 . 2010-01-11 20:32 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-01-11 20:31 . 2010-01-11 20:32 737280 ----a-w- c:\windows\iun6002.exe
2010-01-11 20:27 . 2010-01-11 20:25 -------- d-----w- c:\program files\ICQ6.5
2010-01-11 20:20 . 2010-01-11 20:20 781909 ----a-w- C:\RSIT.exe
2010-01-11 20:14 . 2010-01-11 20:13 -------- d-----w- c:\program files\Common Files\Nero
2010-01-11 20:13 . 2010-01-11 20:13 -------- d-----w- c:\program files\Nero
2010-01-11 16:48 . 2010-01-11 16:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-11 13:10 . 2010-01-10 19:15 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-11 13:10 . 2010-01-10 19:15 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-11 13:10 . 2010-01-10 19:15 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-11 13:10 . 2010-01-10 19:15 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-11 13:10 . 2010-01-10 19:15 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-01-10 18:37 . 2010-01-10 18:37 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-07 15:07 . 2010-02-08 19:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2010-02-08 19:00 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 09:58 . 2008-08-08 15:43 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2008-08-08 15:43 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2008-08-08 15:43 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2008-04-13 22:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 16:14 . 2010-01-11 13:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-17 07:42 . 2010-01-10 18:36 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2008-04-14 06:51 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
------- Sigcheck -------
[-] 2008-08-08 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-02-08 2343632]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-06-19 262144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-10 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-01-11 2043160]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"ConMet"="c:\program files\ConMet\ConMet.exe" [2010-03-09 4095488]
"nwiz"="nwiz.exe" [BU]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-1-12 221247]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\ovladače\Obrázky přihlašovací obrazovka\ms_rainbow_li\ms-rainbow\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-11 13:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"d:\\Program Files\\Warcraft III\\Warcraft III\\Warcraft III.exe"=
"d:\\Program Files\\Counter Strike 1.6 HD NonSteam\\hl.exe"=
"c:\\Program Files\\SaveTubeVideo.com\\SaveTubeVideo\\downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10.1.2010 20:15 12552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.1.2010 15:52 691696]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10.1.2010 20:15 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10.1.2010 20:15 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11.1.2010 14:10 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11.1.2010 14:10 297752]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [17.2.2010 20:44 65576]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29.1.2010 12:32 135664]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 21:22 34064]
S3 TVICHW32;TVICHW32;\??\c:\windows\system32\DRIVERS\TVICHW32.SYS --> c:\windows\system32\DRIVERS\TVICHW32.SYS [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-03-12 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-01-11 13:11]
2010-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 11:32]
2010-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 11:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {0631F743-D27D-44E8-9921-33739151F79E} = 192.168.1.1,0.0.0.0
FF - ProfilePath - c:\documents and settings\Administrátor Petr\Data aplikací\Mozilla\Firefox\Profiles\kp4wlv32.default\
FF - component: c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\components\swslib.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
Toolbar-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-12 20:53
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89BE91F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80fcf28
\Driver\ACPI -> ACPI.sys @ 0xb7e74cb8
\Driver\atapi -> atapi.sys @ 0xb7e09b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb7d12bb0
PacketIndicateHandler -> NDIS.sys @ 0xb7d1fa21
SendHandler -> NDIS.sys @ 0xb7cfd87b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1004336348-1993962763-1417001333-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:57,73,aa,95,fa,bb,fd,09,8c,38,1b,7c,5d,49,8f,53,bb,ba,e6,14,78,b0,50,
84,d5,d8,43,97,a3,7f,db,e8,9d,ef,23,7e,f2,ca,20,71,eb,79,eb,cf,d2,7c,31,62,\
"??"=hex:59,e0,69,9d,02,82,e7,3d,1c,88,17,20,57,71,d4,cd
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2156)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-03-12 20:57:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-12 19:57
ComboFix2.txt 2010-03-09 20:57
ComboFix3.txt 2010-03-09 15:09
Před spuštěním: Volných bajtů: 416 570 863 616
Po spuštění: Volných bajtů: 416 542 310 400
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - AC4FC734674CBE42C2790580A05E9BDA
- Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Díky za kontrolu


- Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
- zvolte možnost Uninstall a restartujte PC.


- Vyskočí okénko, zkopírujte do něj:
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -t
- Klikněte na OK
- Vytvoří se log s názvem mbr.log, vložte ho sem.

Re: Díky za kontrolu
Po odinstalování Daemon tools a stažení SPTD mi to hodí tuto chybu
---------------------------
C:\Documents and Settings\Administrátor Petr\Plocha\SPTDinst-v162-x86.exe
---------------------------
C:\Documents and Settings\Administrátor Petr\Plocha\SPTDinst-v162-x86.exe není platná aplikace typu Win32.
---------------------------
OK
---------------------------
---------------------------
C:\Documents and Settings\Administrátor Petr\Plocha\SPTDinst-v162-x86.exe
---------------------------
C:\Documents and Settings\Administrátor Petr\Plocha\SPTDinst-v162-x86.exe není platná aplikace typu Win32.
---------------------------
OK
---------------------------
- Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Díky za kontrolu
SPTD vynechte a použijte následující program. Další kroky jsou stejné.
Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

- Klikněte na "Disable" a restartujte PC.
Re: Díky za kontrolu
teď nevím zda jsem to udělal dobře stáhl jsem ten poslední program co jste mi dal
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:49 on 14/03/2010 (Administrátor Petr)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:49 on 14/03/2010 (Administrátor Petr)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-