Zdravím z totálně zavitrovanýho PC a prosím o kontrolu logu, díky moc!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:05:45, on 17.7.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\ALWILS~1\AVAST32\avupdsvc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\PROGRA~1\SYSTEM~1\ucookw.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\PROGRA~1\ALWILS~1\AVAST32\avServer.exe
D:\PROGRA~1\MICROS~2\rapimgr.exe
D:\WINDOWS\system32\msiexec.exe
D:\WINDOWS\system32\MsiExec.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\DAP\DAP.EXE
D:\Documents and Settings\Hanz\Dokumenty\My Completed Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\shell.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2A8C2C57-93A7-0675-5A40-098909C6F6CC} - D:\Program Files\Ygmugouu\bjgkabwa.dll (file missing)
O2 - BHO: (no name) - {32D2EB7E-88C7-41FB-99A8-B3ADF6D9917B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {888D24AA-A448-4389-A038-EB979973A6B8} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - D:\WINDOWS\system32\leaeodwt.dll (file missing)
O2 - BHO: (no name) - {97A7B3C6-6BB1-44FF-A43A-B5F25D9BAE83} - D:\WINDOWS\system32\gebyw.dll (file missing)
O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - D:\WINDOWS\AutoUpdateWin31.dll (file missing)
O2 - BHO: (no name) - {BCC73622-F72D-4277-803C-D65565A0947F} - D:\WINDOWS\system32\wvurqol.dll (file missing)
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - D:\Program Files\E404 Helper\e404.v6.dll (file missing)
O2 - BHO: (no name) - {fa1f054f-1d44-4588-acfe-74c4d02bf45c} - D:\WINDOWS\system32\inetqcf.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WheelMouse] D:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [startdrv] D:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ydcdmpgj] rundll32.exe "D:\Program Files\ydcdmpgj\ongzsxup.dll",Init
O4 - HKLM\..\Run: [avp] D:\WINDOWS\TEMP\win1019.tmp.exe
O4 - HKLM\..\Run: [dobmlwpc] regsvr32 /u "D:\Documents and Settings\All Users\Data aplikací\dobmlwpc.dll"
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [Printer] D:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] D:\WINDOWS\system32\iexplore.exe
O4 - HKLM\..\Run: [Local Security Authority Service] D:\WINDOWS\system32\lssas.exe
O4 - HKLM\..\Run: [Avast32] D:\PROGRA~1\ALWILS~1\AVAST32\ASTART32.EXE /keepserver
O4 - HKLM\..\Run: [Secure] D:\WINDOWS\WindowsUpdates.exe
O4 - HKLM\..\Run: [SystemErrorFixer] D:\Program Files\SystemErrorFixer\SysRep.exe
O4 - HKLM\..\Run: [ucookw] "D:\PROGRA~1\SYSTEM~1\ucookw.exe" -start
O4 - HKLM\..\Run: [Salestart] "D:\Program Files\Common Files\SystemErrorFixer\strpmon.exe" dm=http://systemerrorfixer.com; ad=http://systemerrorfixer.com
O4 - HKLM\..\Run: [Windows Network Firewall] D:\WINDOWS\system32\firewall.exe
O4 - HKLM\..\Run: [Ultimate Defender] "D:\Program Files\Ultimate Defender\UltimateDefender.exe" hide
O4 - HKLM\..\Run: [286f5604] rundll32.exe "D:\WINDOWS\system32\rvpubnyi.dll",b
O4 - HKLM\..\Run: [Windows Explorer] D:\WINDOWS\system32\explorer.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] D:\WINDOWS\system32\spooIsv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Spoolsv] D:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [Ultimate Cleaner] "D:\Program Files\Ultimate Cleaner\UltimateCleaner.exe" hide
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] D:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4AC3F5F-8669-4A89-8441-6E5A35F1248D}: NameServer = 212.158.128.2,212.158.128.3
O20 - AppInit_DLLs: d:\windows\system32\vtsttqq.dll
O20 - Winlogon Notify: gebyw - D:\WINDOWS\system32\gebyw.dll (file missing)
O20 - Winlogon Notify: inetqcf - inetqcf.dll (file missing)
O20 - Winlogon Notify: winepi32 - winepi32.dll (file missing)
O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing)
O20 - Winlogon Notify: wvurqol - wvurqol.dll (file missing)
O20 - Winlogon Notify: xxywwxw - xxywwxw.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avast32 Start as Service - ALWIL Software - D:\Program Files\ALWIL Software\AVAST32\avserver.exe
O23 - Service: AvUpdSvc - ALWIL Software - D:\PROGRA~1\ALWILS~1\AVAST32\avupdsvc.exe
O23 - Service: DomainService - Unknown owner - D:\WINDOWS\system32\xtfyehye.exe (file missing)
O23 - Service: DVD-RAM_Service - Unknown owner - D:\WINDOWS\system32\DVDRAMSV.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - D:\WINDOWS\system32\HPZipm12.exe (file missing)
--
End of file - 9032 bytes
Prosím o kontrolu logu
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
jj,černý mor a černé neštovice 
zdá se že všechny bezpečnostní softy sežrali ty mrchy,co?
a nějaká ubohá utilitka od avastu to jako měla zachránit?
zkontroluj jestli běží firewall od windows
poté použij nejprve sdfix
Stáhni si SDFix
a spusť ho,vybalí se do vlastní složky (bude asi na C:\SDfix).
Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.
Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj. pokud ti nevyběhne tak je umístěný ve své vlastní složce jako Report.txt
a poté
COMBOFIX
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah+nový log z hijackthis
takže tři logy,pls
zdá se že všechny bezpečnostní softy sežrali ty mrchy,co?
a nějaká ubohá utilitka od avastu to jako měla zachránit?
zkontroluj jestli běží firewall od windows
poté použij nejprve sdfix
Stáhni si SDFix
a spusť ho,vybalí se do vlastní složky (bude asi na C:\SDfix).
Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.
Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj. pokud ti nevyběhne tak je umístěný ve své vlastní složce jako Report.txt
a poté
COMBOFIX
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah+nový log z hijackthis
takže tři logy,pls
ComboFix 08-03-04.2 - Soukup 2008-03-04 7:22:12.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.236 [GMT 1:00]
Running from: D:\Documents and Settings\Soukup\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Documents and Settings\Soukup\Oblíbené položky\Error Cleaner.url
D:\Documents and Settings\Soukup\Oblíbené položky\Privacy Protector.url
D:\Documents and Settings\Soukup\Oblíbené položky\Spyware&Malware Protection.url
.
((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.
2008-03-04 06:35 . 2008-03-04 07:19 <DIR> d-------- D:\SDFix
2008-02-28 16:34 . 2008-02-28 16:34 <DIR> d-------- D:\Program Files\Cenega Czech
2008-02-27 18:17 . 2008-02-27 20:16 <DIR> d-------- D:\Program Files\ICQToolbar
2008-02-27 18:15 . 2008-02-27 18:16 <DIR> d-------- D:\Program Files\hp LaserJet 1000
2008-02-27 18:12 . 2008-02-27 18:19 <DIR> d-------- D:\Program Files\ICQ6
2008-02-26 21:55 . 2008-02-26 21:55 51,253,788 --a------ D:\backreg.reg
2008-02-26 17:56 . 2008-02-26 17:56 <DIR> d-------- D:\Program Files\DivX
2008-02-26 17:24 . 2008-02-26 17:57 684 --a------ D:\WINDOWS\mozver.dat
2008-02-24 20:34 . 2008-02-24 20:34 <DIR> d-------- D:\Program Files\Sunbelt Software
2008-02-24 16:38 . 2008-02-24 16:38 241 --a------ D:\Documents and Settings\Soukup\SR.vbs
2008-02-24 10:51 . 2008-02-24 10:52 <DIR> d-------- D:\WINDOWS\ERUNT
2008-02-24 10:51 . 2008-03-04 07:01 <DIR> d-------- D:\Documents and Settings\Administrator\Plocha
2008-02-24 10:51 . 2004-07-17 01:29 <DIR> d--h----- D:\Documents and Settings\Administrator\Okolní tiskárny
2008-02-24 10:51 . 2004-07-17 01:29 <DIR> d--h----- D:\Documents and Settings\Administrator\Okolní síť
2008-02-24 10:51 . 2004-07-17 01:29 <DIR> d-------- D:\Documents and Settings\Administrator\Oblíbené položky
2008-02-24 10:51 . 2007-11-28 15:35 <DIR> d--h----- D:\Documents and Settings\Administrator\Šablony
2008-02-24 10:51 . 2004-07-17 01:29 <DIR> dr------- D:\Documents and Settings\Administrator\Nabídka Start
2008-02-24 10:51 . 2004-07-17 01:29 <DIR> d-------- D:\Documents and Settings\Administrator\Dokumenty
2008-02-24 10:51 . 2004-07-17 01:29 <DIR> dr-h----- D:\Documents and Settings\Administrator\Data aplikací
2008-02-21 03:05 . 2008-02-21 03:05 1,044,480 --a------ D:\WINDOWS\system32\libdivx.dll
2008-02-21 03:05 . 2008-02-21 03:05 200,704 --a------ D:\WINDOWS\system32\ssldivx.dll
2008-02-14 20:05 . 2008-02-16 12:38 <DIR> d-------- D:\Program Files\EA GAMES
2008-02-10 18:19 . 2008-02-13 19:01 <DIR> d-------- D:\Program Files\Valve
2008-02-07 21:07 . 2008-02-23 11:14 14,688 --a------ D:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-02-07 19:01 . 2008-02-07 18:42 20,458 --------- D:\WINDOWS\hpoins01.dat.temp
2008-02-07 19:01 . 2003-04-07 06:40 16,622 --------- D:\WINDOWS\hpomdl01.dat.temp
2008-02-07 18:29 . 2008-02-07 18:42 20,458 --------- D:\WINDOWS\hpoins01.dat
2008-02-07 18:29 . 2003-04-07 06:40 16,622 --------- D:\WINDOWS\hpomdl01.dat
2008-02-07 18:06 . 2008-02-07 18:26 <DIR> d-------- D:\WINDOWS\system32\NtmsData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 06:20 --------- d-----w D:\Documents and Settings\Soukup\Data aplikací\OpenOffice.org2
2008-03-04 05:59 328 ----a-w D:\WINDOWS\system32\drivers\fwdrv.err
2008-02-29 13:54 --------- d-----w D:\Documents and Settings\Soukup\Data aplikací\uTorrent
2008-02-27 18:38 --------- d-----w D:\Documents and Settings\Soukup\Data aplikací\ICQ
2008-02-24 15:44 --------- d---a-w D:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP
2008-02-23 10:15 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-02-23 10:02 --------- d-----w D:\Program Files\Hewlett-Packard
2008-02-20 05:32 118,784 ----a-w D:\WINDOWS\Web\Wallpaper\iWallpaper_cz dir\uninstall.exe
2008-01-28 19:04 --------- d-----w D:\Program Files\EasyPHP1-8
2008-01-27 10:33 --------- d-----w D:\Program Files\Alwil Software
2008-01-27 08:06 98,304 ----a-w D:\WINDOWS\system32\cscript.exe
2008-01-26 12:58 --------- d-----w D:\Program Files\rajce
2008-01-24 18:14 --------- d-----w D:\Documents and Settings\Soukup\Data aplikací\PSpad
2008-01-24 17:50 --------- d-----w D:\Program Files\PSPad editor
2008-01-20 14:25 30,208 ----a-w D:\WINDOWS\system32\dplaysvr.exe
2008-01-19 16:58 --------- d-----w D:\Documents and Settings\Soukup\Data aplikací\Winamp
2008-01-19 16:56 --------- d-----w D:\Program Files\Winamp Remote
2008-01-19 16:56 --------- d-----w D:\Program Files\Winamp
2008-01-19 16:56 --------- d-----w D:\Documents and Settings\All Users.WINDOWS\Data aplikací\OrbNetworks
2008-01-19 16:55 103,936 ----a-w D:\WINDOWS\system32\logagent.exe
2008-01-19 16:27 18,944 ----a-w D:\WINDOWS\system32\ping.exe
2008-01-12 15:51 --------- d-----w D:\Program Files\Plane Arcade
2008-01-12 14:28 8,192 ----a-w D:\WINDOWS\system32\control.exe
2008-01-05 11:37 100,864 ----a-w D:\WINDOWS\system32\verifier.exe
2008-01-05 10:40 39,424 ----a-w D:\WINDOWS\system32\grpconv.exe
2008-01-02 09:32 10,752 ----a-w D:\WINDOWS\system32\doskey.exe
2007-12-30 18:17 3,072 ----a-w D:\WINDOWS\system32\fixmapi.exe
2007-12-26 09:06 29,184 ----a-w D:\WINDOWS\system32\mshta.exe
2007-12-26 09:06 123,904 ----a-w D:\WINDOWS\system32\mplay32.exe
2007-12-26 09:06 114,688 ----a-w D:\WINDOWS\system32\wscript.exe
2007-12-26 09:06 103,424 ----a-w D:\WINDOWS\system32\clipbrd.exe
2007-12-17 16:38 58,368 ----a-w D:\WINDOWS\system32\packager.exe
2007-12-15 08:48 13,312 ----a-w D:\WINDOWS\system32\savedump.exe
2007-12-12 20:02 15,872 ----a-w D:\WINDOWS\system32\comp.exe
2007-12-12 19:40 10,752 ----a-w D:\WINDOWS\system32\dumprep.exe
2007-12-12 19:37 737,280 ----a-w D:\WINDOWS\iun6002.exe
2007-12-12 12:59 15,360 ----a-w D:\WINDOWS\system32\ctfmon.exe
2007-12-09 16:11 0 ---ha-w D:\Documents and Settings\Hanz\hpothb07.dat
2007-12-09 16:01 5,632 ----a-w D:\WINDOWS\system32\write.exe
2007-12-09 15:59 69,632 ----a-w D:\WINDOWS\NOTEPAD.EXE
2007-12-08 18:01 3,072 ----a-w D:\WINDOWS\system32\systray.exe
2007-12-08 17:53 65,024 ----a-w D:\WINDOWS\SOUNDMAN.EXE
2007-12-08 17:53 5,870,592 ----a-w D:\WINDOWS\system32\RTLCPL.EXE
2007-12-08 17:52 208,896 ------w D:\WINDOWS\alcupd.exe
2007-12-08 17:52 139,264 ------w D:\WINDOWS\alcrmv.exe
2007-12-08 06:54 23,040 ----a-w D:\WINDOWS\system32\fltmc.exe
2007-12-07 16:59 137,216 ----a-w D:\WINDOWS\system32\taskmgr.exe
2007-12-07 12:35 283,648 ----a-w D:\WINDOWS\winhlp32.exe
2007-12-07 01:08 660,480 ----a-w D:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w D:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w D:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w D:\WINDOWS\system32\AvastSS.scr
.
------- Sigcheck -------
dfba2915b0bf58abb288cd4c9318cb3f D:\WINDOWS\system32\svchost.exe
----a-w 14,336 2006-03-02 12:00:00 D:\WINDOWS\system32\svchost.exe
-c--a-w 14,336 2006-03-02 12:00:00 D:\WINDOWS\system32\dllcache\svchost.exe
43240b12d220f30c7c75ea69b2e806b0 D:\WINDOWS\system32\user32.dll
----a-w 577,024 2005-03-02 18:21:07 D:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
----a-w 578,048 2007-03-08 15:51:38 D:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
-c----w 577,024 2006-03-02 12:00:00 D:\WINDOWS\$NtUninstallKB890859$\user32.dll
-c----w 577,024 2005-03-02 18:18:13 D:\WINDOWS\$NtUninstallKB925902$\user32.dll
----a-w 577,536 2007-03-08 15:38:40 D:\WINDOWS\system32\user32.dll
-c--a-w 577,536 2007-03-08 15:38:40 D:\WINDOWS\system32\dllcache\user32.dll
382e9b87f1282e697c67af84e34e35e2 D:\WINDOWS\system32\ws2_32.dll
----a-w 82,944 2006-03-02 12:00:00 D:\WINDOWS\system32\ws2_32.dll
-c--a-w 82,944 2006-03-02 12:00:00 D:\WINDOWS\system32\dllcache\ws2_32.dll
221c29ae1b4cc61d11d8b27de78b2307 D:\WINDOWS\system32\winlogon.exe
----a-w 502,272 2006-03-02 12:00:00 D:\WINDOWS\system32\winlogon.exe
-c--a-w 502,272 2006-03-02 12:00:00 D:\WINDOWS\system32\dllcache\winlogon.exe
558635d3af1c7546d26067d5d9b6959e D:\WINDOWS\system32\drivers\ndis.sys
-c--a-w 182,912 2006-03-02 12:00:00 D:\WINDOWS\system32\dllcache\ndis.sys
----a-w 182,912 2006-03-02 12:00:00 D:\WINDOWS\system32\drivers\ndis.sys
4448006b6bc60e6c027932cfc38d6855 D:\WINDOWS\system32\drivers\ip6fw.sys
-c--a-w 29,056 2006-03-02 12:00:00 D:\WINDOWS\system32\dllcache\ip6fw.sys
----a-w 29,056 2006-03-02 12:00:00 D:\WINDOWS\system32\drivers\ip6fw.sys
6bfe34d49626ccf7bc24e345b364e28f D:\WINDOWS\explorer.exe
----a-w 1,033,728 2007-11-30 12:52:53 D:\WINDOWS\explorer.exe
----a-w 1,033,728 2007-11-30 12:52:53 D:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
-c----w 1,032,704 2007-11-29 19:50:35 D:\WINDOWS\$NtUninstallKB938828$\explorer.exe
-c--a-w 1,033,728 2007-11-30 12:52:53 D:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2007-12-12 13:59 15360]
"Orb"="D:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-19 17:56 495616]
"ICQ"="D:\Program Files\ICQ6\ICQ.exe" [2007-12-19 15:48 172280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2007-12-08 18:53 65024 D:\WINDOWS\SOUNDMAN.EXE]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2008-01-19 17:56 37376]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2007-12-12 13:59 15360]
D:\Documents and Settings\Soukup\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - D:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-09-11 05:43:54 393216]
D:\Documents and Settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-09 16:59:25 113664]
hp psc 1000 series.lnk - D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18 147456]
hpoddt01.exe.lnk - D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Counter Strike\\hl.exe"=
"D:\\totalcmd\\TOTALCMD.EXE"=
"D:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"D:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"D:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"D:\\Program Files\\ICQ6\\ICQ.exe"=
"D:\\Program Files\\Valve\\hl.exe"=
R1 fwdrv;Firewall Driver;D:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;D:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 SPF4;Sunbelt Personal Firewall 4;"D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R3 PSched;Plánovač paketů technologie QoS;D:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 13:00]
S0 UNPR;UNPR;D:\WINDOWS\system32\unpr.sys []
S1 epfwtdir;epfwtdir;D:\WINDOWS\system32\DRIVERS\epfwtdir.sys []
S3 SiS7012;Service for AC'97 Sample Driver (WDM);D:\WINDOWS\system32\drivers\sis7012.sys [2003-04-08 02:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-02-26 21:14:30 D:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1204060415.job"
- D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-03-04 05:43:49 D:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1204609396.job"
- D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 07:26:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-04 7:28:35
ComboFix-quarantined-files.txt 2008-03-04 06:28:29
.
2008-02-14 05:19:23 --- E O F ---
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.236 [GMT 1:00]
Running from: D:\Documents and Settings\Soukup\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Documents and Settings\Soukup\Oblíbené položky\Error Cleaner.url
D:\Documents and Settings\Soukup\Oblíbené položky\Privacy Protector.url
D:\Documents and Settings\Soukup\Oblíbené položky\Spyware&Malware Protection.url
.
((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.
2008-03-04 06:35 . 2008-03-04 07:19 <DIR> d-------- D:\SDFix
2008-02-28 16:34 . 2008-02-28 16:34 <DIR> d-------- D:\Program Files\Cenega Czech
2008-02-27 18:17 . 2008-02-27 20:16 <DIR> d-------- D:\Program Files\ICQToolbar
2008-02-27 18:15 . 2008-02-27 18:16 <DIR> d-------- D:\Program Files\hp LaserJet 1000
2008-02-27 18:12 . 2008-02-27 18:19 <DIR> d-------- D:\Program Files\ICQ6
2008-02-26 21:55 . 2008-02-26 21:55 51,253,788 --a------ D:\backreg.reg
2008-02-26 17:56 . 2008-02-26 17:56 <DIR> d-------- D:\Program Files\DivX
2008-02-26 17:24 . 2008-02-26 17:57 684 --a------ D:\WINDOWS\mozver.dat
2008-02-24 20:34 . 2008-02-24 20:34 <DIR> d-------- D:\Program Files\Sunbelt Software
2008-02-24 16:38 . 2008-02-24 16:38 241 --a------ D:\Documents and Settings\Soukup\SR.vbs
2008-02-24 10:51 . 2008-02-24 10:52 <DIR> d-------- D:\WINDOWS\ERUNT
2008-02-24 10:51 . 2008-03-04 07:01 <DIR> d-------- D:\Documents and Settings\Administrator\Plocha
2008-02-24 10:51 . 2004-07-17 01:29 <DIR> d--h----- D:\Documents and Settings\Administrator\Okolní tiskárny
2008-02-24 10:51 . 2004-07-17 01:29 <DIR> d--h----- D:\Documents and Settings\Administrator\Okolní síť
2008-02-24 10:51 . 2004-07-17 01:29 <DIR> d-------- D:\Documents and Settings\Administrator\Oblíbené položky
2008-02-24 10:51 . 2007-11-28 15:35 <DIR> d--h----- D:\Documents and Settings\Administrator\Šablony
2008-02-24 10:51 . 2004-07-17 01:29 <DIR> dr------- D:\Documents and Settings\Administrator\Nabídka Start
2008-02-24 10:51 . 2004-07-17 01:29 <DIR> d-------- D:\Documents and Settings\Administrator\Dokumenty
2008-02-24 10:51 . 2004-07-17 01:29 <DIR> dr-h----- D:\Documents and Settings\Administrator\Data aplikací
2008-02-21 03:05 . 2008-02-21 03:05 1,044,480 --a------ D:\WINDOWS\system32\libdivx.dll
2008-02-21 03:05 . 2008-02-21 03:05 200,704 --a------ D:\WINDOWS\system32\ssldivx.dll
2008-02-14 20:05 . 2008-02-16 12:38 <DIR> d-------- D:\Program Files\EA GAMES
2008-02-10 18:19 . 2008-02-13 19:01 <DIR> d-------- D:\Program Files\Valve
2008-02-07 21:07 . 2008-02-23 11:14 14,688 --a------ D:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-02-07 19:01 . 2008-02-07 18:42 20,458 --------- D:\WINDOWS\hpoins01.dat.temp
2008-02-07 19:01 . 2003-04-07 06:40 16,622 --------- D:\WINDOWS\hpomdl01.dat.temp
2008-02-07 18:29 . 2008-02-07 18:42 20,458 --------- D:\WINDOWS\hpoins01.dat
2008-02-07 18:29 . 2003-04-07 06:40 16,622 --------- D:\WINDOWS\hpomdl01.dat
2008-02-07 18:06 . 2008-02-07 18:26 <DIR> d-------- D:\WINDOWS\system32\NtmsData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 06:20 --------- d-----w D:\Documents and Settings\Soukup\Data aplikací\OpenOffice.org2
2008-03-04 05:59 328 ----a-w D:\WINDOWS\system32\drivers\fwdrv.err
2008-02-29 13:54 --------- d-----w D:\Documents and Settings\Soukup\Data aplikací\uTorrent
2008-02-27 18:38 --------- d-----w D:\Documents and Settings\Soukup\Data aplikací\ICQ
2008-02-24 15:44 --------- d---a-w D:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP
2008-02-23 10:15 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-02-23 10:02 --------- d-----w D:\Program Files\Hewlett-Packard
2008-02-20 05:32 118,784 ----a-w D:\WINDOWS\Web\Wallpaper\iWallpaper_cz dir\uninstall.exe
2008-01-28 19:04 --------- d-----w D:\Program Files\EasyPHP1-8
2008-01-27 10:33 --------- d-----w D:\Program Files\Alwil Software
2008-01-27 08:06 98,304 ----a-w D:\WINDOWS\system32\cscript.exe
2008-01-26 12:58 --------- d-----w D:\Program Files\rajce
2008-01-24 18:14 --------- d-----w D:\Documents and Settings\Soukup\Data aplikací\PSpad
2008-01-24 17:50 --------- d-----w D:\Program Files\PSPad editor
2008-01-20 14:25 30,208 ----a-w D:\WINDOWS\system32\dplaysvr.exe
2008-01-19 16:58 --------- d-----w D:\Documents and Settings\Soukup\Data aplikací\Winamp
2008-01-19 16:56 --------- d-----w D:\Program Files\Winamp Remote
2008-01-19 16:56 --------- d-----w D:\Program Files\Winamp
2008-01-19 16:56 --------- d-----w D:\Documents and Settings\All Users.WINDOWS\Data aplikací\OrbNetworks
2008-01-19 16:55 103,936 ----a-w D:\WINDOWS\system32\logagent.exe
2008-01-19 16:27 18,944 ----a-w D:\WINDOWS\system32\ping.exe
2008-01-12 15:51 --------- d-----w D:\Program Files\Plane Arcade
2008-01-12 14:28 8,192 ----a-w D:\WINDOWS\system32\control.exe
2008-01-05 11:37 100,864 ----a-w D:\WINDOWS\system32\verifier.exe
2008-01-05 10:40 39,424 ----a-w D:\WINDOWS\system32\grpconv.exe
2008-01-02 09:32 10,752 ----a-w D:\WINDOWS\system32\doskey.exe
2007-12-30 18:17 3,072 ----a-w D:\WINDOWS\system32\fixmapi.exe
2007-12-26 09:06 29,184 ----a-w D:\WINDOWS\system32\mshta.exe
2007-12-26 09:06 123,904 ----a-w D:\WINDOWS\system32\mplay32.exe
2007-12-26 09:06 114,688 ----a-w D:\WINDOWS\system32\wscript.exe
2007-12-26 09:06 103,424 ----a-w D:\WINDOWS\system32\clipbrd.exe
2007-12-17 16:38 58,368 ----a-w D:\WINDOWS\system32\packager.exe
2007-12-15 08:48 13,312 ----a-w D:\WINDOWS\system32\savedump.exe
2007-12-12 20:02 15,872 ----a-w D:\WINDOWS\system32\comp.exe
2007-12-12 19:40 10,752 ----a-w D:\WINDOWS\system32\dumprep.exe
2007-12-12 19:37 737,280 ----a-w D:\WINDOWS\iun6002.exe
2007-12-12 12:59 15,360 ----a-w D:\WINDOWS\system32\ctfmon.exe
2007-12-09 16:11 0 ---ha-w D:\Documents and Settings\Hanz\hpothb07.dat
2007-12-09 16:01 5,632 ----a-w D:\WINDOWS\system32\write.exe
2007-12-09 15:59 69,632 ----a-w D:\WINDOWS\NOTEPAD.EXE
2007-12-08 18:01 3,072 ----a-w D:\WINDOWS\system32\systray.exe
2007-12-08 17:53 65,024 ----a-w D:\WINDOWS\SOUNDMAN.EXE
2007-12-08 17:53 5,870,592 ----a-w D:\WINDOWS\system32\RTLCPL.EXE
2007-12-08 17:52 208,896 ------w D:\WINDOWS\alcupd.exe
2007-12-08 17:52 139,264 ------w D:\WINDOWS\alcrmv.exe
2007-12-08 06:54 23,040 ----a-w D:\WINDOWS\system32\fltmc.exe
2007-12-07 16:59 137,216 ----a-w D:\WINDOWS\system32\taskmgr.exe
2007-12-07 12:35 283,648 ----a-w D:\WINDOWS\winhlp32.exe
2007-12-07 01:08 660,480 ----a-w D:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w D:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w D:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w D:\WINDOWS\system32\AvastSS.scr
.
------- Sigcheck -------
dfba2915b0bf58abb288cd4c9318cb3f D:\WINDOWS\system32\svchost.exe
----a-w 14,336 2006-03-02 12:00:00 D:\WINDOWS\system32\svchost.exe
-c--a-w 14,336 2006-03-02 12:00:00 D:\WINDOWS\system32\dllcache\svchost.exe
43240b12d220f30c7c75ea69b2e806b0 D:\WINDOWS\system32\user32.dll
----a-w 577,024 2005-03-02 18:21:07 D:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
----a-w 578,048 2007-03-08 15:51:38 D:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
-c----w 577,024 2006-03-02 12:00:00 D:\WINDOWS\$NtUninstallKB890859$\user32.dll
-c----w 577,024 2005-03-02 18:18:13 D:\WINDOWS\$NtUninstallKB925902$\user32.dll
----a-w 577,536 2007-03-08 15:38:40 D:\WINDOWS\system32\user32.dll
-c--a-w 577,536 2007-03-08 15:38:40 D:\WINDOWS\system32\dllcache\user32.dll
382e9b87f1282e697c67af84e34e35e2 D:\WINDOWS\system32\ws2_32.dll
----a-w 82,944 2006-03-02 12:00:00 D:\WINDOWS\system32\ws2_32.dll
-c--a-w 82,944 2006-03-02 12:00:00 D:\WINDOWS\system32\dllcache\ws2_32.dll
221c29ae1b4cc61d11d8b27de78b2307 D:\WINDOWS\system32\winlogon.exe
----a-w 502,272 2006-03-02 12:00:00 D:\WINDOWS\system32\winlogon.exe
-c--a-w 502,272 2006-03-02 12:00:00 D:\WINDOWS\system32\dllcache\winlogon.exe
558635d3af1c7546d26067d5d9b6959e D:\WINDOWS\system32\drivers\ndis.sys
-c--a-w 182,912 2006-03-02 12:00:00 D:\WINDOWS\system32\dllcache\ndis.sys
----a-w 182,912 2006-03-02 12:00:00 D:\WINDOWS\system32\drivers\ndis.sys
4448006b6bc60e6c027932cfc38d6855 D:\WINDOWS\system32\drivers\ip6fw.sys
-c--a-w 29,056 2006-03-02 12:00:00 D:\WINDOWS\system32\dllcache\ip6fw.sys
----a-w 29,056 2006-03-02 12:00:00 D:\WINDOWS\system32\drivers\ip6fw.sys
6bfe34d49626ccf7bc24e345b364e28f D:\WINDOWS\explorer.exe
----a-w 1,033,728 2007-11-30 12:52:53 D:\WINDOWS\explorer.exe
----a-w 1,033,728 2007-11-30 12:52:53 D:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
-c----w 1,032,704 2007-11-29 19:50:35 D:\WINDOWS\$NtUninstallKB938828$\explorer.exe
-c--a-w 1,033,728 2007-11-30 12:52:53 D:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2007-12-12 13:59 15360]
"Orb"="D:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-19 17:56 495616]
"ICQ"="D:\Program Files\ICQ6\ICQ.exe" [2007-12-19 15:48 172280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2007-12-08 18:53 65024 D:\WINDOWS\SOUNDMAN.EXE]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2008-01-19 17:56 37376]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2007-12-12 13:59 15360]
D:\Documents and Settings\Soukup\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - D:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-09-11 05:43:54 393216]
D:\Documents and Settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-09 16:59:25 113664]
hp psc 1000 series.lnk - D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18 147456]
hpoddt01.exe.lnk - D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Counter Strike\\hl.exe"=
"D:\\totalcmd\\TOTALCMD.EXE"=
"D:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"D:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"D:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"D:\\Program Files\\ICQ6\\ICQ.exe"=
"D:\\Program Files\\Valve\\hl.exe"=
R1 fwdrv;Firewall Driver;D:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;D:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 SPF4;Sunbelt Personal Firewall 4;"D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R3 PSched;Plánovač paketů technologie QoS;D:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 13:00]
S0 UNPR;UNPR;D:\WINDOWS\system32\unpr.sys []
S1 epfwtdir;epfwtdir;D:\WINDOWS\system32\DRIVERS\epfwtdir.sys []
S3 SiS7012;Service for AC'97 Sample Driver (WDM);D:\WINDOWS\system32\drivers\sis7012.sys [2003-04-08 02:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-02-26 21:14:30 D:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1204060415.job"
- D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-03-04 05:43:49 D:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1204609396.job"
- D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 07:26:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-04 7:28:35
ComboFix-quarantined-files.txt 2008-03-04 06:28:29
.
2008-02-14 05:19:23 --- E O F ---
SDFix: Version 1.152
Run by Administrator on Łt 04.03.2008 at 07:02
Microsoft Windows XP [Verze 5.1.2600]
Running From: D:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 07:16:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
IPC error: 2 Systém nemůže nalézt uvedený soubor.
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="D:\WINDOWS\cursors\arrow_r.cur,D:\WINDOWS\cursors\help_r.cur,D:\WINDOWS\cursors\wait_r.cur,D:\WINDOWS\cursors\busy_r.cur,D:\WINDOWS\cursors\cross_r.cur,D:\WINDOWS\cursors\beam_r.cur,D:\WINDOWS\cursors\pen_r.cur,D:\WINDOWS\cursors\no_r.cur,D:\WINDOWS\cursors\size4_r.cur,D:\WINDOWS\cursors\size3_r.cur,D:\WINDOWS\cursors\size2_r.cur,D:\WINDOWS\cursors\size1_r.cur,D:\WINDOWS\cursors\move_r.cur,D:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="D:\WINDOWS\cursors\arrow_rm.cur,D:\WINDOWS\cursors\help_rm.cur,D:\WINDOWS\cursors\wait_rm.cur,D:\WINDOWS\cursors\busy_rm.cur,D:\WINDOWS\cursors\cross_rm.cur,D:\WINDOWS\cursors\beam_rm.cur,D:\WINDOWS\cursors\pen_rm.cur,D:\WINDOWS\cursors\no_rm.cur,D:\WINDOWS\cursors\size4_rm.cur,D:\WINDOWS\cursors\size3_rm.cur,D:\WINDOWS\cursors\size2_rm.cur,D:\WINDOWS\cursors\size1_rm.cur,D:\WINDOWS\cursors\move_rm.cur,D:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="D:\WINDOWS\cursors\arrow_rl.cur,D:\WINDOWS\cursors\help_rl.cur,D:\WINDOWS\cursors\wait_rl.cur,D:\WINDOWS\cursors\busy_rl.cur,D:\WINDOWS\cursors\cross_rl.cur,D:\WINDOWS\cursors\beam_rl.cur,D:\WINDOWS\cursors\pen_rl.cur,D:\WINDOWS\cursors\no_rl.cur,D:\WINDOWS\cursors\size4_rl.cur,D:\WINDOWS\cursors\size3_rl.cur,D:\WINDOWS\cursors\size2_rl.cur,D:\WINDOWS\cursors\size1_rl.cur,D:\WINDOWS\cursors\move_rl.cur,D:\WINDOWS\cursors\up_rl.cur"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"\\??\\D:\\WINDOWS\\system32\\winlogon.exe"="\\??\\D:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1"
"D:\\Counter Strike\\hl.exe"="D:\\Counter Strike\\hl.exe:*:Enabled:Half-Life Launcher"
"D:\\totalcmd\\TOTALCMD.EXE"="D:\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="D:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"D:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="D:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"D:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="D:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"D:\\Program Files\\ICQ6\\ICQ.exe"="D:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ Library"
"D:\\Program Files\\uTorrent\\uTorrent.exe"="D:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"D:\\Program Files\\Valve\\hl.exe"="D:\\Program Files\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"
"D:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"="D:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe:*:Disabled:Medal of Honor Pacific Assault(tm)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
Files with Hidden Attributes :
Thu 24 Jan 2008 85,946 A..H. --- "D:\Documents and Settings\Soukup\Local Settings\Temp\BIT1.tmp"
Thu 24 Jan 2008 85,946 A..H. --- "D:\Documents and Settings\Soukup\Local Settings\Temp\BIT2.tmp"
Mon 28 Jan 2008 0 A..H. --- "D:\Documents and Settings\Soukup\Local Settings\Temp\BIT65.tmp"
Sun 27 Jan 2008 0 A..H. --- "D:\Documents and Settings\Soukup\Local Settings\Temp\BIT865.tmp"
Thu 24 Jan 2008 85,946 A..H. --- "D:\Documents and Settings\Soukup\Local Settings\Temp\BIT87B.tmp"
Finished!
Run by Administrator on Łt 04.03.2008 at 07:02
Microsoft Windows XP [Verze 5.1.2600]
Running From: D:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 07:16:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
IPC error: 2 Systém nemůže nalézt uvedený soubor.
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="D:\WINDOWS\cursors\arrow_r.cur,D:\WINDOWS\cursors\help_r.cur,D:\WINDOWS\cursors\wait_r.cur,D:\WINDOWS\cursors\busy_r.cur,D:\WINDOWS\cursors\cross_r.cur,D:\WINDOWS\cursors\beam_r.cur,D:\WINDOWS\cursors\pen_r.cur,D:\WINDOWS\cursors\no_r.cur,D:\WINDOWS\cursors\size4_r.cur,D:\WINDOWS\cursors\size3_r.cur,D:\WINDOWS\cursors\size2_r.cur,D:\WINDOWS\cursors\size1_r.cur,D:\WINDOWS\cursors\move_r.cur,D:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="D:\WINDOWS\cursors\arrow_rm.cur,D:\WINDOWS\cursors\help_rm.cur,D:\WINDOWS\cursors\wait_rm.cur,D:\WINDOWS\cursors\busy_rm.cur,D:\WINDOWS\cursors\cross_rm.cur,D:\WINDOWS\cursors\beam_rm.cur,D:\WINDOWS\cursors\pen_rm.cur,D:\WINDOWS\cursors\no_rm.cur,D:\WINDOWS\cursors\size4_rm.cur,D:\WINDOWS\cursors\size3_rm.cur,D:\WINDOWS\cursors\size2_rm.cur,D:\WINDOWS\cursors\size1_rm.cur,D:\WINDOWS\cursors\move_rm.cur,D:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="D:\WINDOWS\cursors\arrow_rl.cur,D:\WINDOWS\cursors\help_rl.cur,D:\WINDOWS\cursors\wait_rl.cur,D:\WINDOWS\cursors\busy_rl.cur,D:\WINDOWS\cursors\cross_rl.cur,D:\WINDOWS\cursors\beam_rl.cur,D:\WINDOWS\cursors\pen_rl.cur,D:\WINDOWS\cursors\no_rl.cur,D:\WINDOWS\cursors\size4_rl.cur,D:\WINDOWS\cursors\size3_rl.cur,D:\WINDOWS\cursors\size2_rl.cur,D:\WINDOWS\cursors\size1_rl.cur,D:\WINDOWS\cursors\move_rl.cur,D:\WINDOWS\cursors\up_rl.cur"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"\\??\\D:\\WINDOWS\\system32\\winlogon.exe"="\\??\\D:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1"
"D:\\Counter Strike\\hl.exe"="D:\\Counter Strike\\hl.exe:*:Enabled:Half-Life Launcher"
"D:\\totalcmd\\TOTALCMD.EXE"="D:\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="D:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"D:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="D:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"D:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="D:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"D:\\Program Files\\ICQ6\\ICQ.exe"="D:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ Library"
"D:\\Program Files\\uTorrent\\uTorrent.exe"="D:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"D:\\Program Files\\Valve\\hl.exe"="D:\\Program Files\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"
"D:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"="D:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe:*:Disabled:Medal of Honor Pacific Assault(tm)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
Files with Hidden Attributes :
Thu 24 Jan 2008 85,946 A..H. --- "D:\Documents and Settings\Soukup\Local Settings\Temp\BIT1.tmp"
Thu 24 Jan 2008 85,946 A..H. --- "D:\Documents and Settings\Soukup\Local Settings\Temp\BIT2.tmp"
Mon 28 Jan 2008 0 A..H. --- "D:\Documents and Settings\Soukup\Local Settings\Temp\BIT65.tmp"
Sun 27 Jan 2008 0 A..H. --- "D:\Documents and Settings\Soukup\Local Settings\Temp\BIT865.tmp"
Thu 24 Jan 2008 85,946 A..H. --- "D:\Documents and Settings\Soukup\Local Settings\Temp\BIT87B.tmp"
Finished!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:30:41, on 4.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\WINDOWS\system32\notepad.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Winamp\winampa.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Winamp Remote\bin\OrbTray.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Program Files\OpenOffice.org 2.3\program\soffice.exe
D:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
D:\PROGRA~1\ICQ6\ICQ.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
D:\WINDOWS\system32\notepad.exe
D:\WINDOWS\explorer.exe
C:\Documents and Settings\Hanz\Dokumenty\My Completed Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "D:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [ICQ] "D:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = D:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8727F33D-39B0-4413-83F7-34F74770603C}: NameServer = 212.158.128.2,212.158.128.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{8727F33D-39B0-4413-83F7-34F74770603C}: NameServer = 212.158.128.2,212.158.128.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{8727F33D-39B0-4413-83F7-34F74770603C}: NameServer = 212.158.128.2,212.158.128.3
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - D:\WINDOWS\system32\wdfmgr.exe (file missing)
--
End of file - 5567 bytes
Scan saved at 7:30:41, on 4.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\WINDOWS\system32\notepad.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Winamp\winampa.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Winamp Remote\bin\OrbTray.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Program Files\OpenOffice.org 2.3\program\soffice.exe
D:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
D:\PROGRA~1\ICQ6\ICQ.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
D:\WINDOWS\system32\notepad.exe
D:\WINDOWS\explorer.exe
C:\Documents and Settings\Hanz\Dokumenty\My Completed Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "D:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [ICQ] "D:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = D:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8727F33D-39B0-4413-83F7-34F74770603C}: NameServer = 212.158.128.2,212.158.128.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{8727F33D-39B0-4413-83F7-34F74770603C}: NameServer = 212.158.128.2,212.158.128.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{8727F33D-39B0-4413-83F7-34F74770603C}: NameServer = 212.158.128.2,212.158.128.3
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - D:\WINDOWS\system32\wdfmgr.exe (file missing)
--
End of file - 5567 bytes
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
No tak dobrý, tak nejdřív ti pošlu ten míň zavirovanej. propojený asi nejsou nijak, prostě jsem instaloval na každej disk samostatně xpčka a přepínám je při spouštění systému.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:39:59, on 5.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Winamp\winampa.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Winamp Remote\bin\OrbTray.exe
D:\Program Files\ICQ6\ICQ.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Program Files\OpenOffice.org 2.3\program\soffice.exe
D:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Hanz\Dokumenty\My Completed Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "D:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [ICQ] "D:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = D:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8727F33D-39B0-4413-83F7-34F74770603C}: NameServer = 212.158.128.2,212.158.128.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{8727F33D-39B0-4413-83F7-34F74770603C}: NameServer = 212.158.128.2,212.158.128.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{8727F33D-39B0-4413-83F7-34F74770603C}: NameServer = 212.158.128.2,212.158.128.3
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - D:\WINDOWS\system32\wdfmgr.exe (file missing)
--
End of file - 5553 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:39:59, on 5.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Winamp\winampa.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Winamp Remote\bin\OrbTray.exe
D:\Program Files\ICQ6\ICQ.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Program Files\OpenOffice.org 2.3\program\soffice.exe
D:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Hanz\Dokumenty\My Completed Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "D:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [ICQ] "D:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = D:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8727F33D-39B0-4413-83F7-34F74770603C}: NameServer = 212.158.128.2,212.158.128.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{8727F33D-39B0-4413-83F7-34F74770603C}: NameServer = 212.158.128.2,212.158.128.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{8727F33D-39B0-4413-83F7-34F74770603C}: NameServer = 212.158.128.2,212.158.128.3
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - D:\WINDOWS\system32\wdfmgr.exe (file missing)
--
End of file - 5553 bytes
Tenhle systém mi nenaběhnul ani v nouzovým režimu, když jsem zakázal restartování při nepovedeném spuštění systému, objevila se chybová hláška: unmoutable_boot_volume a dále mě to nepustilo, že prej aby nedošlo ke zničení počítače. Tak jsem spustil druhý systém, něco sem tam poblbnul a po restartu už mi naběhl ten první v pohodě...
Kdo je online
Uživatelé prohlížející si toto fórum: Google [Bot] a 96 hostů