PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

suspenzor

https://pc-help.cnews.cz/viewtopic.php?f=47&t=23577

Stránka 1 z 2

suspenzor

Napsal: 31 led 2008 22:48
od psitlapa
dobrý večer,měl bych na vás prosbu podobného charakteru jako výše-dostal se mi do počítače mě to hází na suspenzorpc a vyhrožuje,že mi zničí počítač.jinak pc je děsivě pomalý a dělá si co chce-což já nechci.kdyby mi někdo poradil,byl bych opravdu rád,díky

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\bgsvcgen.exe
C:\Ahead\InCD\InCDsrv.exe
C:\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Winamp\winampa.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Kerio\Personal Firewall\persfw.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\ICQ\ICQ.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\FinePixViewer\QuickDCF2.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Documents and Settings\Michal\Plocha\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.cz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O2 - BHO: SXG Advisor - {EFA7CBC8-4CCD-4ACB-969D-007123ADF44A} - C:\WINDOWS\dntpkwodws.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: ekxdvft - {E5CBFDFA-6B88-4C04-AC4C-C6875D808503} - C:\WINDOWS\ekxdvft.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Winamp\winampa.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [ashMaiSv] C:\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\RunServices: [Windows logging] winlogd.exe
O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\RunServices: [Windows Compliant] nxfzrl.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.cz
O17 - HKLM\System\CCS\Services\Tcpip\..\{45C2CE5F-C7DC-405D-9094-4146A7DF3F4E}: NameServer = 194.228.41.65 194.228.41.113
O21 - SSODL: bgrlsmn - {6945B024-B939-41C7-BA7E-729D1E51FAC4} - C:\WINDOWS\bgrlsmn.dll
O21 - SSODL: adsoowf - {01E37D6D-9EA8-402B-8100-E7F8D53E89E3} - C:\WINDOWS\adsoowf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Ahead\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Kerio\Personal Firewall\persfw.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9058 bytes

Napsal: 31 led 2008 23:18
od Baron Prášil
vítej na fóru PC-HELP :bigups: a pamatuj-vlastní problém,vlastní téma :wink:

použij smitfraudfix
Stáhni si SmitFraudFix (by S!Ri)

Restartuj PC do nouzového režimu:
Spustíš SmitFraudFix - objeví se modrá obrazovka aplikace a stiskni libovolnou klávesu, tím se dostaneš do menu.
Zde zvol volbu číslo 2
Nechej proskenovat počítač.
Pokud budeš dotázán, zda povolíš čištění registrů (Do you want to clean the registry ?), stiskni klávesu Y (pozor na záměnu Y a Z na klávesnici)
Pokud budeš dotázán na odstranění zavirovaných souborů z počítače (Replace infected file ?), stiskneš opět klávesu Y.

Pak restartuj PC do normálního režimu, vlož sem z něho log který najdeš v souboru na C:\rapport.txt

a poté udělej a pošli log z COMBOFIXu
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

jeden antivir odinstaluj!

Napsal: 31 led 2008 23:45
od psitlapa
bezva,díky,hned na to vlítnu

suspenzor

Napsal: 01 úno 2008 00:47
od psitlapa
tak tydy je ten výpi,každopádně zatim to vypadá v pohodě,nic na mě neskáče,takže mockrát díky

C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\newdotnet
C:\Program Files\newdotnet\readme.txt
C:\WINDOWS\dat.txt

----- BITS: Possible infected sites -----

hxxp://onsafepro.com
.
((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02.01 )))))))))))))))))))))))))))))))
.

2008-01-31 23:29 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-31 23:29 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-31 23:29 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-31 23:29 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-31 23:29 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-31 23:29 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-31 23:29 . 2008-01-31 23:29 3,572 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-29 20:00 . 2008-01-29 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2008-01-27 12:59 . 2008-01-27 12:59 <DIR> d-------- C:\Program Files\MediaEntertainmentCodec
2008-01-23 18:39 . 2008-01-31 19:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-23 18:39 . 2008-01-23 18:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-20 17:25 . 2004-05-25 16:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.cpl
2008-01-20 17:25 . 2003-03-25 05:49 152,064 --a------ C:\WINDOWS\system32\unrar.dll
2008-01-15 19:25 . 2003-04-16 17:39 136,192 --a------ C:\WINDOWS\system32\3ivx.dll
2008-01-15 19:25 . 2003-05-15 00:38 27,136 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll
2008-01-15 19:25 . 2003-05-16 00:12 318 --a------ C:\WINDOWS\system32\3ivx.ico
2008-01-13 22:19 . 2007-02-02 16:40 71,040 --a------ C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-01-13 12:34 . 2003-05-03 01:07 154,112 --a------ C:\WINDOWS\system32\iviaudio.ax
2008-01-13 10:41 . 2008-01-31 23:27 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-01-13 10:24 . 2008-01-13 10:24 <DIR> d-------- C:\Documents and Settings\Michal\Data aplikací\Bitdefender
2008-01-12 23:59 . 2008-01-29 19:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-12 23:48 . 2008-01-12 23:48 <DIR> d-------- C:\EVEREST Home Edition
2008-01-12 23:41 . 2008-01-12 23:41 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\BitDefender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 20:49 --------- d-----w C:\Program Files\GetRight
2008-01-16 00:11 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-01-16 00:09 --------- d-----w C:\Program Files\EA SPORTS
2008-01-12 22:39 --------- d-----w C:\Documents and Settings\Michal\Data aplikací\Lavasoft
2008-01-07 14:47 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-12-25 14:03 --------- d-----w C:\Documents and Settings\Michal\Data aplikací\Sony Ericsson
2007-12-25 13:56 --------- d-----w C:\Program Files\Sony Ericsson
2007-12-24 14:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-21 18:38 232,033 ----a-w C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_8859.exe
2007-12-21 18:38 --------- d-----w C:\Program Files\Burn4Free Toolbar
2007-12-21 18:04 --------- d-----w C:\Documents and Settings\Michal\Data aplikací\Acoustica
2007-12-20 20:37 --------- d-----w C:\Documents and Settings\Michal\Data aplikací\Zoner
2007-12-04 16:36 90,112 ----a-w C:\npqtplugin5.dll
2007-12-04 16:36 90,112 ----a-w C:\npqtplugin4.dll
2007-12-04 16:36 90,112 ----a-w C:\npqtplugin3.dll
2007-12-04 16:36 90,112 ----a-w C:\npqtplugin2.dll
2007-12-04 16:36 90,112 ----a-w C:\npqtplugin.dll
2007-11-14 04:57 223,744 ----a-w C:\WINDOWS\system32\b4fm.dll
2007-02-26 16:36 448 ----a-w C:\Program Files\INSTALL.LOG
2006-02-06 13:47 19,552 ----a-w C:\Documents and Settings\Michal\Data aplikací\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2007-12-21 19:38 806912 --a------ C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EFA7CBC8-4CCD-4ACB-969D-007123ADF44A}]
C:\WINDOWS\dntpkwodws.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467}
{855F3B16-6D32-4FE6-8A56-BBB695989046}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}
{E5CBFDFA-6B88-4C04-AC4C-C6875D808503}

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CLASSES_ROOT\clsid\{e5cbfdfa-6b88-4c04-ac4c-c6875d808503}]
[HKEY_CLASSES_ROOT\ekxdvft.1]
[HKEY_CLASSES_ROOT\TypeLib\{0F9D5910-A1D2-489F-BE36-8C3260B8AE76}]
[HKEY_CLASSES_ROOT\ekxdvft]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll [2007-12-21 19:38 806912]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 18:05 13312]
"NVIEW"="nview.dll" [2003-01-01 02:18 823365 C:\WINDOWS\system32\nview.dll]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 16:18 1670144]
"BitComet"="C:\BitComet\BitComet.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-01-01 02:18 4493312]
"nwiz"="nwiz.exe" [2003-01-01 02:18 323584 C:\WINDOWS\system32\nwiz.exe]
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 07:33 45056]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 10:50 155648]
"InCD"="C:\Ahead\InCD\InCD.exe" [2003-06-03 10:54 1130546]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 09:08 172032]
"HPHUPD05"="C:\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-04-01 15:51 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2004-05-05 06:15 491520]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 11:40 49152]
"DeviceDiscovery"="C:\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 20:56 40960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2004-12-06 20:31 36975]
"WinampAgent"="C:\Winamp\winampa.exe" [2006-03-10 18:45 35328]
"Mirabilis ICQ"="C:\ICQ\ICQNet.exe" [2003-10-14 17:36 38984]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2006-11-21 15:58 286720]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2006-10-11 17:22 49152]
"ashMaiSv"="C:\ALWILS~1\Avast4\ashmaisv.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windows logging"="winlogd.exe" []
"ATI VIDEO REGKEY"="ati2vid.exe" []
"Windows Compliant"="nxfzrl.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 18:05 13312]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-24 01:26:55 113664]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-11-12 22:02:28 962663]
Exif Launcher 2.lnk - C:\FinePixViewer\QuickDCF2.exe [2007-07-03 10:50:34 294912]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GetRight - Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\GetRight - Tray Icon.lnk
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 2004-07-20 12:48 3210752 C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\System32\Drivers\fwdrv.sys [2002-04-15 12:28]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 01:35]
S0 msdscprv;msdscprv;C:\WINDOWS\System32\drivers\njmhsvng.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\System32\DRIVERS\w200bus.sys [2006-11-07 09:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\w200mdfl.sys [2006-11-07 09:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\w200mdm.sys [2006-11-07 09:42]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-31 19:59:07 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 23:50:11
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
.

Napsal: 01 úno 2008 01:21
od Baron Prášil
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\Process.exe

Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EFA7CBC8-4CCD-4ACB-969D-007123ADF44A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windows logging"=-
"ATI VIDEO REGKEY"=-
"Windows Compliant"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
Obrázek
- Automaticky se spustí ComboFix
-------------------------------------------
jestli je to ok a bude to ok,tak už log z comba neposílej,ale pošli ještě log z hijackthis

suspenzor

Napsal: 01 úno 2008 02:19
od psitlapa
tak se to zdá v pohodě,zachránils mě.zejtra za tebe asi oůjdu zapálit svíčku:).ne fakt,díky

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Ahead\InCD\InCDsrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Winamp\winampa.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\FinePixViewer\QuickDCF2.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\ICQ\ICQ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Michal\Plocha\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O2 - BHO: SXG Advisor - {EFA7CBC8-4CCD-4ACB-969D-007123ADF44A} - C:\WINDOWS\dntpkwodws.dll (file missing)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: ekxdvft - {E5CBFDFA-6B88-4C04-AC4C-C6875D808503} - C:\WINDOWS\ekxdvft.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Winamp\winampa.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [ashMaiSv] C:\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\RunServices: [Windows logging] winlogd.exe
O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\RunServices: [Windows Compliant] nxfzrl.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.cz
O17 - HKLM\System\CCS\Services\Tcpip\..\{45C2CE5F-C7DC-405D-9094-4146A7DF3F4E}: NameServer = 194.228.41.65 194.228.41.113
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Ahead\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Kerio\Personal Firewall\persfw.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 8222 bytes

Napsal: 01 úno 2008 02:28
od Baron Prášil
fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
O2 - BHO: SXG Advisor - {EFA7CBC8-4CCD-4ACB-969D-007123ADF44A} - C:\WINDOWS\dntpkwodws.dll (file missing)
O3 - Toolbar: ekxdvft - {E5CBFDFA-6B88-4C04-AC4C-C6875D808503} - C:\WINDOWS\ekxdvft.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\RunServices: [Windows logging] winlogd.exe
O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\RunServices: [Windows Compliant] nxfzrl.exe

je třeba odinstalovat jeden antivir!

poté ještě jeden log z hijackthis,pls

Napsal: 01 úno 2008 02:36
od psitlapa
tak odfixováno,akorát toho antiviru se nemůžu zbavit,avast bych si asi nechal a bitdefender už sem zkoušel vyhodit mnohokrát a furt z něj zbejvaj nějaký torza..

Napsal: 01 úno 2008 02:38
od psitlapa
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Ahead\InCD\InCDsrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Winamp\winampa.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\FinePixViewer\QuickDCF2.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\ICQ\ICQ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Vypínač na dobrou noc\Vypnout.exe
C:\Documents and Settings\Michal\Plocha\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Winamp\winampa.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [ashMaiSv] C:\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.cz
O17 - HKLM\System\CCS\Services\Tcpip\..\{45C2CE5F-C7DC-405D-9094-4146A7DF3F4E}: NameServer = 194.228.41.65 194.228.41.113
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Ahead\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Kerio\Personal Firewall\persfw.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7856 bytes

Napsal: 01 úno 2008 02:46
od Baron Prášil
Bitdefender Uninstal Tool

log je bez šmejdů :wink:

Napsal: 01 úno 2008 02:49
od psitlapa
ještě poslední věc,myslíš že avast je v pohodě nebo se vyplatí stáhnout něco účinnějšího?třeba nod

Napsal: 01 úno 2008 02:52
od Baron Prášil
použil jsi ten uninstall tool?

k tomu nodu
http://www.pc-help.cz/viewtopic.php?p=135231#135231
Časové pásmo: UTC+02:00
Stránka 1 z 2
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/