prosim o kontrolu logu....dekuji

[petrsev]

naskakuje mi hlaska chyba v aplikaci drwtsn32.exe musim tu aplikaci zavrit pres spravce uloh a pote se mi komp znovu rozjede jinak se uplne sekne nevite nekdo co s tim mam delat dekuji

zde prikladam svuj log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:51:25, on 23.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Comodo\Comodo AntiSpam\CAS32.exe
C:\Documents and Settings\SERP\Plocha\programs\killbox\KillBox.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\SERP\Plocha\HiJackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/ ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.quick.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Comodo AntiSpam.lnk = C:\Program Files\Comodo\Comodo AntiSpam\CAS32.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A59BAA3-0ABE-4728-B0DB-C42FDBC99959}: NameServer = 194.228.41.65 194.228.41.113
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 3925 bytes

[Reklama]

[Jakub SAFE]

Dobry den,
fixnete v Hijacku toto:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru

pote spuste SLUZBY (start-ovladaci panely-nastroje pro spravu-sluzby) tam najdete aplikaci drwtsn32.exe kliknete na ni pravym tlacitkem mysi a dejte vlastnosti,tam nastavte typ spousteni zakano!!!!Potom stahnete vsechyn aktualizace(windows.antivr,spyware,java atd.).Pote stahnete combo fix a udelejte s nim scan http://download.bleepingcomputer.com/sUBs/ComboFix.exe 1.nainstalujte
2.udeljete scan(restartuje se pc)
3.po naskoceni pc se ukaze log z Combofixu,nebo
ulozeny na disku C:
tento log vlozte sem.Nakonec vycistete pc CCleanerem http://www.stahuj.centrum.cz/utility_a_ ... ownload/?g[hledano]=ccleaner&g[oz]=2.03.532
a projedte pc anitivirakem
HODNe STESTI

[petrsev]

zdarec dik za odpoved delal sem vse podle tvojich instrukci ale nenasel sem ve sluzbach aplikaci drwtsn32 tedka mi to haze jinou hlasku ale jenom kdyz najedu do slozky kde mam stahnute filmy pres ftp od kamose je mozne ze tam je nejaky vir testoval sem tuslozku nodem a ale nic to nenaslo tak nevim

nynejsi hlaska :

v aplikaci explorer.exe doslo k problemu a je ji treba zavrit

oznaceni chyby:
AppName: explorer.exe AppVer: 6.0.2900.2180 ModName: xvid.dll
ModVer: 0.0.0.0 Offset: 00048ec8

zde je log z combofixu:

ComboFix 07-12-21.4 - SERP 2007-12-23 23:21:28.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.696 [GMT 1:00]
Running from: C:\Documents and Settings\SERP\Plocha\ComboFix.exe
.
The following files were disabled during the run:
C:\WINDOWS\system32\vorbis.dll
C:\WINDOWS\system32\ogg.dll


((((((((((((((((((((((((( Files Created from 2007-11-23 to 2007-12-23 )))))))))))))))))))))))))))))))
.

2007-12-23 17:00 . 2007-12-23 17:00 <DIR> d-------- C:\Program Files\CCleaner
2007-12-22 19:52 . 2007-12-22 19:52 <DIR> d-------- C:\Program Files\Trustix
2007-12-22 19:52 . 2007-12-22 19:52 <DIR> d-------- C:\Documents and Settings\SERP\Data aplikací\Comodo
2007-12-22 19:40 . 2007-12-22 19:40 <DIR> d-------- C:\Program Files\Comodo
2007-12-22 13:47 . 2007-12-22 13:47 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-12-21 12:06 . 2007-12-21 12:05 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-12-13 21:59 . 2007-12-13 21:59 <DIR> d-------- C:\Program Files\iTunes
2007-12-13 21:59 . 2007-12-13 21:59 <DIR> d-------- C:\Program Files\iPod
2007-12-13 21:59 . 2007-12-20 06:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-13 21:59 . 2007-12-13 21:59 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-13 21:58 . 2007-12-13 21:58 <DIR> d-------- C:\Program Files\QuickTime
2007-12-13 21:56 . 2007-12-13 21:56 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-06 00:22 . 2007-12-06 00:22 <DIR> d-------- C:\Documents and Settings\SERP\Data aplikací\Yahoo!
2007-12-06 00:21 . 2007-12-21 11:58 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-06 00:21 . 2007-12-13 20:42 <DIR> d-------- C:\Program Files\DivX
2007-12-04 22:36 . 2007-12-04 22:36 <DIR> d-------- C:\Program Files\SAGEM
2007-12-04 22:26 . 2007-12-04 22:26 <DIR> d-------- C:\Documents and Settings\SERP\Data aplikací\MSN6
2007-12-04 22:26 . 2007-12-04 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\MSN6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-23 20:14 --------- d-----w C:\Program Files\Spyware Terminator
2007-12-21 11:05 274,432 ----a-w C:\WINDOWS\system32\imon.dll
2007-12-18 06:10 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-18 06:10 --------- d-----w C:\Program Files\AdVantage
2007-12-17 20:05 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2007-12-15 15:12 --------- d-----w C:\Documents and Settings\SERP\Data aplikací\Bioshock
2007-12-10 15:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 21:36 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2007-12-02 16:50 --------- d-----w C:\Program Files\X-Trader 4 XTB
2007-12-02 16:48 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-19 07:53 --------- d-----w C:\Program Files\Common Files\DirectX
2007-11-19 07:27 --------- d-----w C:\Program Files\THQ
2007-11-09 11:49 --------- d-----w C:\Program Files\id Software
2007-11-08 08:27 --------- d-----w C:\Program Files\Google
2007-11-06 19:57 --------- d-----w C:\Program Files\Stardock
2007-11-06 19:57 --------- d-----w C:\Program Files\Common Files\Stardock
2007-11-06 16:40 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2007-11-06 16:18 --------- d-----w C:\Program Files\Valve
2007-11-06 16:05 --------- d-----w C:\Program Files\Skype
2007-10-30 21:41 --------- d-----w C:\Documents and Settings\SERP\Data aplikací\AdobeUM
2007-10-29 10:32 --------- d-----w C:\Program Files\AC3Filter
2007-10-23 11:19 --------- d-----w C:\Program Files\2kgames12
2007-10-23 11:14 --------- d-----w C:\Documents and Settings\SERP\Data aplikací\InstallShield Installation Information
2007-10-08 08:20 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-21 12:05]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 14:49]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEXPRESS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WEBTRAN]

R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 22:08]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
S3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52fb04c3-eda9-11db-a1de-806d6172696f}]
\shell\play\Command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"

.
Contents of the 'Scheduled Tasks' folder
"2007-12-13 20:39:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-23 23:22:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\vorbis.dll
-> C:\WINDOWS\system32\ogg.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\vorbis.dll
-> C:\WINDOWS\system32\ogg.dll
.
Completion time: 2007-12-23 23:22:53
C:\ComboFix2.txt ... 2007-12-23 23:09

[Jakub SAFE]

Neraď uživateli aby odstraňoval soubor, který patří k systému. fredik.

[Jakub SAFE]

Ok a omlouvam se.Diky za upozoreni!!!!!!

Tak si stahni SDFix a projed nim pocitac http://www.viry.cz/forum/viewtopic.php?t=40395

podle tohoto navodu..........


Log hod sem.....

[fredik]

Tvůj problém není problém virový.

Mrkni se sem: XviD.dll freezes/crashes and causes Windows Explorer to close

[petrsev]

stahl sem nejnovejsi xvid a nainstaloval ale porad to haze tu hlasku jo dik za rady a stastne vesele

zde je log z sdfix:


SDFix: Version 1.119

Run by SERP on po 24.12.2007 at 16:18

Microsoft Windows XP [Verze 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 16:21:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ae,df,f9,c4,53,b7,57,6c,8e,1a,03,05,37,d5,e5,c0,3b,1d,b1,e4,5a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:81,a3,bf,d9,be,88,bb,6d,0a,a5,78,b4,36,ba,d8,26,3f,8b,11,ba,d8,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7e,3e,79,c0,37,8b,e0,86,ea,7e,60,73,fe,6e,c1,ac,f0,..
"khjeh"=hex:c0,78,a1,17,90,0b,04,e0,03,02,4c,77,04,ff,e0,46,a3,a7,e7,f4,08,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a6,3d,67,7e,46,ff,30,10,cd,e5,e6,12,eb,72,24,00,2c,88,a6,d2,23,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:81,a3,bf,d9,be,88,bb,6d,0a,a5,78,b4,36,ba,d8,26,3f,8b,11,ba,d8,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7e,3e,79,c0,37,8b,e0,86,ea,7e,60,73,fe,6e,c1,ac,f0,..
"khjeh"=hex:7b,ae,a7,50,32,85,02,89,37,6d,d1,a9,fb,f6,fb,81,b9,d1,4a,ef,40,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:cb,df,b1,45,14,cc,d6,94,c8,65,26,f4,71,df,9e,d9,8a,80,48,cc,39,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:07,f0,dc,ee,54,39,bf,71,fd,4a,e0,91,06,76,67,c1,cc,12,43,a9,d6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:81,a3,bf,d9,be,88,bb,6d,0a,a5,78,b4,36,ba,d8,26,3f,8b,11,ba,d8,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7e,3e,79,c0,37,8b,e0,86,ea,7e,60,73,fe,6e,c1,ac,f0,..
"khjeh"=hex:7b,ae,a7,50,32,85,02,89,37,6d,d1,a9,fb,f6,fb,81,b9,d1,4a,ef,40,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:cb,df,b1,45,14,cc,d6,94,c8,65,26,f4,71,df,9e,d9,8a,80,48,cc,39,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:07,f0,dc,ee,54,39,bf,71,fd,4a,e0,91,06,76,67,c1,cc,12,43,a9,d6,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\QIP\\qip.exe"="C:\\Program Files\\QIP\\qip.exe:*:Disabled:Quiet Internet Pager"
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe:*:Enabled:pes6.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Tue 7 Aug 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 15 Dec 2007 8,961 ...HR --- "C:\Documents and Settings\SERP\Data aplikacˇ\SecuROM\UserData\securom_v7_01.bak"
Tue 7 Aug 2007 4,348 ...H. --- "C:\Documents and Settings\SERP\Plocha\hudba\Nov slo§ka\Nov slo§ka\License Backup\drmv1key.bak"
Tue 7 Aug 2007 20 A..H. --- "C:\Documents and Settings\SERP\Plocha\hudba\Nov slo§ka\Nov slo§ka\License Backup\drmv1lic.bak"
Mon 23 Apr 2007 312 A.SH. --- "C:\Documents and Settings\SERP\Plocha\hudba\Nov slo§ka\Nov slo§ka\License Backup\drmv2key.bak"

Finished!

[Jakub SAFE]

Tak promin ale jinak newim.....

[zlobyl]

Jedná se o diagnostický program pro shromažďování informací o chybách, ale jako běžný uživatel ho ztěží využiješ, a tak bys ho mohl i zakázat.

http://support.microsoft.com/kb/188296/cs