Je tam vir a nemůžu se připojit na net.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:53, on 12.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\Aware.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\Marker.exe
C:\WINDOWS\system32\drivers\DllSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Učebna\c4m2m9o4vp9.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atcomp.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: Shell=Explorer.exe %windir%\system32\drivers\DllSrv.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.atcomp.cz
O23 - Service: DllSrv Service Controler - Unknown owner - C:\WINDOWS\system32\drivers\DllSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Služba SMART Board (SMART Board Service) - SMART Technologies - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
O23 - Service: SMART SNMP Agent Service - SMART Technologies ULC - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
O23 - Service: Webový server SMART (SMART Web Server) - Unknown owner - C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe
--
End of file - 5504 bytes
prosím o kontrolu, virus Vyřešeno
-
alenka_v_říši_divů
- Level 6
- Příspěvky: 3201
- Registrován: únor 09
- Bydliště: Brno
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu, virus
čus.... zkus otestovat na http://www.virustotal.com soubory DllSrv.exe a c4m2m9o4vp9.exe
Re: prosím o kontrolu, virus
Ale já se z toho PC na net nedostanu. Hlásí to něco, že chybí disk ve windows. A nejde to zničit
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43339
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu, virus
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: FixServices.bat
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Poklepej na soubor FixServices.bat . Okno se otevře a zavře, to je normální.
Restart PC.
*****************************************************************************************************************************************
V nouz. režimu smaž: C:\WINDOWS\system32\drivers\DllSrv.exe
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Ty jsi sice minule odinstaloval Symantec, ale jiný antivir sis nepořídil.
Pokud Ti pak půjde net( nebo dostaň fleškou, na CD):
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
@echo off
sc stop DllSrv
sc delete DllSrv
exitZvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: FixServices.bat
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Poklepej na soubor FixServices.bat . Okno se otevře a zavře, to je normální.
Restart PC.
*****************************************************************************************************************************************
V nouz. režimu smaž: C:\WINDOWS\system32\drivers\DllSrv.exe
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Kód: Vybrat vše
F2 - REG:system.ini: Shell=Explorer.exe %windir%\system32\drivers\DllSrv.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exeTy jsi sice minule odinstaloval Symantec, ale jiný antivir sis nepořídil.
Pokud Ti pak půjde net( nebo dostaň fleškou, na CD):
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosím o kontrolu, virus
To je krapet jiný počítač. Ten je den starý a než jsem tam antivir dal, dobrák mi tam dal flešku s trojákama.
Jdu na to.
Jdu na to.
Re: prosím o kontrolu, virus
To první jsem udělal, problém je, že to nejde spustit v nouzáku. Po F8 mi to hodí na výběr Boot device buď HDD nebo CDROM dávám první a vyzkoušel jsem všechny 3 možnosti Stavu nouze a vždy jen dlouhodobě černá obrazovka s blikajícvím kurzorem. Tento počítač na kterém toto píšu zase jede na netu tak 5 minut pak konec. Inu flashka s viry, chodím s ní sem tam. Budu pak potřebovat pročistit i tu tento:-(
edit: Zkusím ten Combofix provést v normálním režimu?
Ten symantec minule ani nešel odinstalovat (chtělo to heslo) je to v nějaké síti, aby s tím nešlo nic dělat, prý)
edit: Zkusím ten Combofix provést v normálním režimu?
Ten symantec minule ani nešel odinstalovat (chtělo to heslo) je to v nějaké síti, aby s tím nešlo nic dělat, prý)
Re: prosím o kontrolu, virus
ComboFix 09-03-10.03 - Učebna 2009-03-12 17:00:30.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2038.1655 [GMT 1:00]
Spuštěný z: c:\documents and settings\Učebna\Plocha\ComboFix.exe
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\x64
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-12 do 2009-03-12 )))))))))))))))))))))))))))))))
.
2009-03-12 16:20 . 2009-03-12 16:20 <DIR> d--hs---- C:\FOUND.000
2009-03-12 12:25 . 2009-03-12 12:25 <DIR> d-------- c:\program files\Trend Micro
2009-03-12 11:27 . 2009-03-12 16:17 744,960 --a------ c:\documents and settings\Učebna\c4m2m9o4vp9.exe
2009-03-12 11:27 . 2009-03-12 16:17 744,960 --a------ c:\documents and settings\Učebna\c4m2m9o4vp9.exe
2009-03-12 11:24 . 2009-03-12 11:24 744,960 -r-hs---- c:\windows\system32\drivers\DllSrv.exe
2009-03-12 11:23 . 2009-03-12 16:35 35,885 --a------ c:\documents and settings\Učebna\g6l5k37g5s7.exe
2009-03-12 11:23 . 2009-03-12 16:35 35,885 --a------ c:\documents and settings\Učebna\g6l5k37g5s7.exe
2009-03-12 11:22 . 2009-03-12 12:05 670,720 --a------ c:\documents and settings\Učebna\kz7r4h3l1z6h2.exe
2009-03-12 11:22 . 2009-03-12 12:05 670,720 --a------ c:\documents and settings\Učebna\kz7r4h3l1z6h2.exe
2009-03-12 11:21 . 2009-03-12 11:21 <DIR> dr-hs---- C:\RESTORE
2009-03-11 11:57 . 2009-03-11 12:14 69 --a------ c:\windows\NeroDigital.ini
2009-03-11 11:54 . 2008-04-14 00:15 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-03-11 11:54 . 2008-04-14 00:15 60,032 --a------ c:\windows\system32\dllcache\usbaudio.sys
2009-03-11 11:53 . 2008-04-14 00:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-03-11 11:53 . 2008-04-14 00:15 32,128 --a------ c:\windows\system32\dllcache\usbccgp.sys
2009-03-11 11:43 . 2009-03-11 11:43 <DIR> d-------- c:\documents and settings\Učebna\Data aplikací\SMART Technologies Inc
2009-03-11 11:43 . 2009-03-11 11:43 <DIR> d-------- c:\documents and settings\Učebna\Data aplikací\SMART Technologies
2009-03-11 11:43 . 2003-02-14 19:14 110,592 --a------ c:\windows\system32\tsccvid.dll
2009-03-11 11:42 . 2009-03-11 11:42 <DIR> d-------- c:\program files\SMART Technologies
2009-03-11 11:42 . 2009-03-11 11:42 <DIR> d-------- c:\program files\Common Files\SMART Technologies
2009-03-11 11:42 . 2009-03-11 11:42 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\SMART Technologies
2009-03-11 11:33 . 2009-03-11 11:33 <DIR> d-------- c:\program files\Common Files\snpstd3
2009-03-11 11:32 . 2009-03-11 11:33 <DIR> d-------- c:\documents and settings\Učebna\Data aplikací\InstallShield
2009-03-11 11:24 . 2009-03-05 14:46 <DIR> d-------- c:\windows\system32\config\systemprofile\Data aplikací\Nero
2009-03-11 11:24 . 2009-03-05 14:46 <DIR> d-------- c:\windows\system32\config\systemprofile\Data aplikací\Nero
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d-------- c:\documents and settings\Učebna\Plocha
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d-------- c:\documents and settings\Učebna\Plocha
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d--h----- c:\documents and settings\Učebna\Okolní tiskárny
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d--h----- c:\documents and settings\Učebna\Okolní tiskárny
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d--h----- c:\documents and settings\Učebna\Okolní síť
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d--h----- c:\documents and settings\Učebna\Okolní síť
2009-03-11 11:24 . 2009-03-11 11:25 <DIR> dr------- c:\documents and settings\Učebna\Oblíbené položky
2009-03-11 11:24 . 2009-03-11 11:25 <DIR> dr------- c:\documents and settings\Učebna\Oblíbené položky
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d--h----- c:\documents and settings\Učebna\Šablony
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d--h----- c:\documents and settings\Učebna\Šablony
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> dr------- c:\documents and settings\Učebna\Nabídka Start
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> dr------- c:\documents and settings\Učebna\Nabídka Start
2009-03-11 11:24 . 2009-03-11 11:25 <DIR> dr------- c:\documents and settings\Učebna\Dokumenty
2009-03-11 11:24 . 2009-03-11 11:25 <DIR> dr------- c:\documents and settings\Učebna\Dokumenty
2009-03-11 11:24 . 2009-03-05 14:46 <DIR> d-------- c:\documents and settings\Učebna\Data aplikací\Nero
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> dr-h----- c:\documents and settings\Učebna\Data aplikací
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> dr-h----- c:\documents and settings\Učebna\Data aplikací
2009-03-11 11:24 . 2009-03-11 11:24 <DIR> d-------- c:\documents and settings\Učebna
2009-03-11 11:20 . 2009-03-11 11:20 8,192 --a------ c:\windows\REGLOCS.OLD
2009-03-05 14:56 . 2009-03-05 14:56 <DIR> d--hs---- C:\Recycled
2009-03-05 14:56 . 2009-03-05 14:56 333 --a------ c:\windows\system32\$ncsp$.inf
2009-03-05 14:56 . 2009-03-05 14:56 61 --a------ c:\windows\smscfg.ini
2009-03-05 14:53 . 2001-10-24 11:54 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-03-05 14:53 . 2001-10-24 11:54 12,160 --a------ c:\windows\system32\dllcache\mouhid.sys
2009-03-05 14:53 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2009-03-05 14:53 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\dllcache\hidusb.sys
2009-03-05 14:48 . 2009-03-05 14:48 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2009-03-05 14:48 . 2009-03-05 14:48 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2009-03-05 14:46 . 2009-03-05 14:46 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Nero
2009-03-05 14:45 . 2009-03-05 14:45 <DIR> d-------- c:\program files\Nero
2009-03-05 14:45 . 2009-03-05 14:45 <DIR> d-------- c:\program files\Common Files\Nero
2009-03-05 14:45 . 2009-03-05 14:45 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Nero
2009-03-05 14:41 . 2009-03-05 14:41 <DIR> d-------- c:\program files\Realtek
2009-03-05 14:41 . 2009-03-05 14:41 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-03-05 14:40 . 2009-03-05 14:40 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-03-05 14:40 . 2008-08-25 16:17 528,384 --a------ c:\windows\RtlExUpd.dll
2009-03-05 13:26 . 2008-04-14 08:52 75,264 --a------ c:\windows\system32\usbui.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-05 11:54 --------- d-----w c:\program files\Reference Assemblies
2009-03-05 11:54 --------- d-----w c:\program files\MSBuild
2009-03-05 11:46 --------- d-----w c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2009-03-05 11:46 --------- d-----w c:\documents and settings\All Users\Data aplikací\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2009-03-05 11:43 --------- d-----w c:\program files\Microsoft Works
2009-03-05 11:42 --------- d-----w c:\program files\Microsoft.NET
2009-03-05 11:41 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-03-05 11:36 --------- d-----w c:\program files\microsoft frontpage
2009-03-05 11:36 --------- d-----w c:\program files\Digimax
2009-03-05 11:36 --------- d-----w c:\program files\Common Files\Adobe
2009-03-05 11:32 --------- d-----w c:\program files\Windows Media Connect 2
2009-03-05 11:31 --------- d-----w c:\program files\Intel
2008-12-13 06:39 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-10 20480]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-10 270336]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 c:\windows\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe [2008-07-31 9618728]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
R2 DllSrv Service Controler;DllSrv Service Controler;c:\windows\system32\drivers\DllSrv.exe [2009-03-12 744960]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [1980-01-01 69120]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe [2008-07-31 1037608]
S3 SMART Web Server;Webový server SMART;c:\program files\SMART Technologies\SMART Board Drivers\WebServer.exe [2008-07-31 1205544]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed37473d-0ed2-11de-b431-002215dbeaca}]
\Shell\AutoRun\command - i:\restore\k-1-3542-4232123213-7676767-8888886\AMGR.exe
\Shell\open\command - i:\restore\k-1-3542-4232123213-7676767-8888886\AMGR.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed37473e-0ed2-11de-b431-002215dbeaca}]
\Shell\AutoRun\command - i:\restore\k-1-3542-4232123213-7676767-8888886\RanDll.exe
\Shell\open\command - i:\restore\k-1-3542-4232123213-7676767-8888886\RanDll.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-00WE-AAX5-77EF1D187563}]
c:\restore\k-1-3542-4232123213-7676767-8888886\RanDll.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atcomp.cz
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-12 17:01:04
Windows 5.1.2600 Service Pack 3 FAT NTAPI
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2009-03-12 17:01:32
ComboFix-quarantined-files.txt 2009-03-12 16:01:32
Před spuštěním: Volných bajtů: 229,048,057,856
Po spuštění: Volných bajtů: 229,623,627,776
156 --- E O F --- 2009-03-12 12:45:46
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2038.1655 [GMT 1:00]
Spuštěný z: c:\documents and settings\Učebna\Plocha\ComboFix.exe
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\x64
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-12 do 2009-03-12 )))))))))))))))))))))))))))))))
.
2009-03-12 16:20 . 2009-03-12 16:20 <DIR> d--hs---- C:\FOUND.000
2009-03-12 12:25 . 2009-03-12 12:25 <DIR> d-------- c:\program files\Trend Micro
2009-03-12 11:27 . 2009-03-12 16:17 744,960 --a------ c:\documents and settings\Učebna\c4m2m9o4vp9.exe
2009-03-12 11:27 . 2009-03-12 16:17 744,960 --a------ c:\documents and settings\Učebna\c4m2m9o4vp9.exe
2009-03-12 11:24 . 2009-03-12 11:24 744,960 -r-hs---- c:\windows\system32\drivers\DllSrv.exe
2009-03-12 11:23 . 2009-03-12 16:35 35,885 --a------ c:\documents and settings\Učebna\g6l5k37g5s7.exe
2009-03-12 11:23 . 2009-03-12 16:35 35,885 --a------ c:\documents and settings\Učebna\g6l5k37g5s7.exe
2009-03-12 11:22 . 2009-03-12 12:05 670,720 --a------ c:\documents and settings\Učebna\kz7r4h3l1z6h2.exe
2009-03-12 11:22 . 2009-03-12 12:05 670,720 --a------ c:\documents and settings\Učebna\kz7r4h3l1z6h2.exe
2009-03-12 11:21 . 2009-03-12 11:21 <DIR> dr-hs---- C:\RESTORE
2009-03-11 11:57 . 2009-03-11 12:14 69 --a------ c:\windows\NeroDigital.ini
2009-03-11 11:54 . 2008-04-14 00:15 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-03-11 11:54 . 2008-04-14 00:15 60,032 --a------ c:\windows\system32\dllcache\usbaudio.sys
2009-03-11 11:53 . 2008-04-14 00:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-03-11 11:53 . 2008-04-14 00:15 32,128 --a------ c:\windows\system32\dllcache\usbccgp.sys
2009-03-11 11:43 . 2009-03-11 11:43 <DIR> d-------- c:\documents and settings\Učebna\Data aplikací\SMART Technologies Inc
2009-03-11 11:43 . 2009-03-11 11:43 <DIR> d-------- c:\documents and settings\Učebna\Data aplikací\SMART Technologies
2009-03-11 11:43 . 2003-02-14 19:14 110,592 --a------ c:\windows\system32\tsccvid.dll
2009-03-11 11:42 . 2009-03-11 11:42 <DIR> d-------- c:\program files\SMART Technologies
2009-03-11 11:42 . 2009-03-11 11:42 <DIR> d-------- c:\program files\Common Files\SMART Technologies
2009-03-11 11:42 . 2009-03-11 11:42 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\SMART Technologies
2009-03-11 11:33 . 2009-03-11 11:33 <DIR> d-------- c:\program files\Common Files\snpstd3
2009-03-11 11:32 . 2009-03-11 11:33 <DIR> d-------- c:\documents and settings\Učebna\Data aplikací\InstallShield
2009-03-11 11:24 . 2009-03-05 14:46 <DIR> d-------- c:\windows\system32\config\systemprofile\Data aplikací\Nero
2009-03-11 11:24 . 2009-03-05 14:46 <DIR> d-------- c:\windows\system32\config\systemprofile\Data aplikací\Nero
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d-------- c:\documents and settings\Učebna\Plocha
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d-------- c:\documents and settings\Učebna\Plocha
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d--h----- c:\documents and settings\Učebna\Okolní tiskárny
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d--h----- c:\documents and settings\Učebna\Okolní tiskárny
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d--h----- c:\documents and settings\Učebna\Okolní síť
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d--h----- c:\documents and settings\Učebna\Okolní síť
2009-03-11 11:24 . 2009-03-11 11:25 <DIR> dr------- c:\documents and settings\Učebna\Oblíbené položky
2009-03-11 11:24 . 2009-03-11 11:25 <DIR> dr------- c:\documents and settings\Učebna\Oblíbené položky
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d--h----- c:\documents and settings\Učebna\Šablony
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d--h----- c:\documents and settings\Učebna\Šablony
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> dr------- c:\documents and settings\Učebna\Nabídka Start
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> dr------- c:\documents and settings\Učebna\Nabídka Start
2009-03-11 11:24 . 2009-03-11 11:25 <DIR> dr------- c:\documents and settings\Učebna\Dokumenty
2009-03-11 11:24 . 2009-03-11 11:25 <DIR> dr------- c:\documents and settings\Učebna\Dokumenty
2009-03-11 11:24 . 2009-03-05 14:46 <DIR> d-------- c:\documents and settings\Učebna\Data aplikací\Nero
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> dr-h----- c:\documents and settings\Učebna\Data aplikací
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> dr-h----- c:\documents and settings\Učebna\Data aplikací
2009-03-11 11:24 . 2009-03-11 11:24 <DIR> d-------- c:\documents and settings\Učebna
2009-03-11 11:20 . 2009-03-11 11:20 8,192 --a------ c:\windows\REGLOCS.OLD
2009-03-05 14:56 . 2009-03-05 14:56 <DIR> d--hs---- C:\Recycled
2009-03-05 14:56 . 2009-03-05 14:56 333 --a------ c:\windows\system32\$ncsp$.inf
2009-03-05 14:56 . 2009-03-05 14:56 61 --a------ c:\windows\smscfg.ini
2009-03-05 14:53 . 2001-10-24 11:54 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-03-05 14:53 . 2001-10-24 11:54 12,160 --a------ c:\windows\system32\dllcache\mouhid.sys
2009-03-05 14:53 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2009-03-05 14:53 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\dllcache\hidusb.sys
2009-03-05 14:48 . 2009-03-05 14:48 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2009-03-05 14:48 . 2009-03-05 14:48 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2009-03-05 14:46 . 2009-03-05 14:46 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Nero
2009-03-05 14:45 . 2009-03-05 14:45 <DIR> d-------- c:\program files\Nero
2009-03-05 14:45 . 2009-03-05 14:45 <DIR> d-------- c:\program files\Common Files\Nero
2009-03-05 14:45 . 2009-03-05 14:45 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Nero
2009-03-05 14:41 . 2009-03-05 14:41 <DIR> d-------- c:\program files\Realtek
2009-03-05 14:41 . 2009-03-05 14:41 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-03-05 14:40 . 2009-03-05 14:40 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-03-05 14:40 . 2008-08-25 16:17 528,384 --a------ c:\windows\RtlExUpd.dll
2009-03-05 13:26 . 2008-04-14 08:52 75,264 --a------ c:\windows\system32\usbui.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-05 11:54 --------- d-----w c:\program files\Reference Assemblies
2009-03-05 11:54 --------- d-----w c:\program files\MSBuild
2009-03-05 11:46 --------- d-----w c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2009-03-05 11:46 --------- d-----w c:\documents and settings\All Users\Data aplikací\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2009-03-05 11:43 --------- d-----w c:\program files\Microsoft Works
2009-03-05 11:42 --------- d-----w c:\program files\Microsoft.NET
2009-03-05 11:41 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-03-05 11:36 --------- d-----w c:\program files\microsoft frontpage
2009-03-05 11:36 --------- d-----w c:\program files\Digimax
2009-03-05 11:36 --------- d-----w c:\program files\Common Files\Adobe
2009-03-05 11:32 --------- d-----w c:\program files\Windows Media Connect 2
2009-03-05 11:31 --------- d-----w c:\program files\Intel
2008-12-13 06:39 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-10 20480]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-10 270336]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 c:\windows\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe [2008-07-31 9618728]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
R2 DllSrv Service Controler;DllSrv Service Controler;c:\windows\system32\drivers\DllSrv.exe [2009-03-12 744960]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [1980-01-01 69120]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe [2008-07-31 1037608]
S3 SMART Web Server;Webový server SMART;c:\program files\SMART Technologies\SMART Board Drivers\WebServer.exe [2008-07-31 1205544]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed37473d-0ed2-11de-b431-002215dbeaca}]
\Shell\AutoRun\command - i:\restore\k-1-3542-4232123213-7676767-8888886\AMGR.exe
\Shell\open\command - i:\restore\k-1-3542-4232123213-7676767-8888886\AMGR.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed37473e-0ed2-11de-b431-002215dbeaca}]
\Shell\AutoRun\command - i:\restore\k-1-3542-4232123213-7676767-8888886\RanDll.exe
\Shell\open\command - i:\restore\k-1-3542-4232123213-7676767-8888886\RanDll.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-00WE-AAX5-77EF1D187563}]
c:\restore\k-1-3542-4232123213-7676767-8888886\RanDll.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atcomp.cz
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-12 17:01:04
Windows 5.1.2600 Service Pack 3 FAT NTAPI
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2009-03-12 17:01:32
ComboFix-quarantined-files.txt 2009-03-12 16:01:32
Před spuštěním: Volných bajtů: 229,048,057,856
Po spuštění: Volných bajtů: 229,623,627,776
156 --- E O F --- 2009-03-12 12:45:46
Re: prosím o kontrolu, virus
pořád to hází tuto hlášku, ale nyní se mi podařilo porestartu dostat na net. Doufám, že ne jen na 5 minut:-)
- Přílohy
-
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43339
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu, virus
S tím dobrákem bych udělal rychlej proces....
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Potom zkus opravit nouzový režim:
Stáhni si SafeBootKeyRepair
- stačí jen spustit, popřípadě potvrdit výzvy programu.
Toto otestuj na Virustotal
c:\documents and settings\Učebna\c4m2m9o4vp9.exe
c:\documents and settings\Učebna\g6l5k37g5s7.exe
c:\documents and settings\Učebna\kz7r4h3l1z6h2.exe
i:\restore\k-1-3542-4232123213-7676767-8888886\RanDll.exe
Vlož sem pak odkazy výsledků.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
Folder::
C:\FOUND.000
File::
c:\windows\system32\drivers\DllSrv.exe
Driver::
DllSrv
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Potom zkus opravit nouzový režim:
Stáhni si SafeBootKeyRepair
- stačí jen spustit, popřípadě potvrdit výzvy programu.
Toto otestuj na Virustotal
c:\documents and settings\Učebna\c4m2m9o4vp9.exe
c:\documents and settings\Učebna\g6l5k37g5s7.exe
c:\documents and settings\Učebna\kz7r4h3l1z6h2.exe
i:\restore\k-1-3542-4232123213-7676767-8888886\RanDll.exe
Vlož sem pak odkazy výsledků.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosím o kontrolu, virus
Log z Combofixu:
ComboFix 09-03-10.03 - Učebna 2009-03-13 6:48:14.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2038.1665 [GMT 1:00]
Spuštěný z: c:\documents and settings\Učebna\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Učebna\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
c:\windows\system32\drivers\DllSrv.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\FOUND.000
c:\found.000\FILE0000.CHK
c:\windows\system32\drivers\DllSrv.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-13 do 2009-03-13 )))))))))))))))))))))))))))))))
.
2009-03-12 12:25 . 2009-03-12 12:25 <DIR> d-------- c:\program files\Trend Micro
2009-03-12 11:27 . 2009-03-12 17:19 744,960 --a------ c:\documents and settings\Učebna\c4m2m9o4vp9.exe
2009-03-12 11:27 . 2009-03-12 17:19 744,960 --a------ c:\documents and settings\Učebna\c4m2m9o4vp9.exe
2009-03-12 11:23 . 2009-03-13 06:40 35,885 --a------ c:\documents and settings\Učebna\g6l5k37g5s7.exe
2009-03-12 11:23 . 2009-03-13 06:40 35,885 --a------ c:\documents and settings\Učebna\g6l5k37g5s7.exe
2009-03-12 11:22 . 2009-03-12 12:05 670,720 --a------ c:\documents and settings\Učebna\kz7r4h3l1z6h2.exe
2009-03-12 11:22 . 2009-03-12 12:05 670,720 --a------ c:\documents and settings\Učebna\kz7r4h3l1z6h2.exe
2009-03-12 11:21 . 2009-03-12 11:21 <DIR> dr-hs---- C:\RESTORE
2009-03-11 11:57 . 2009-03-11 12:14 69 --a------ c:\windows\NeroDigital.ini
2009-03-11 11:54 . 2008-04-14 00:15 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-03-11 11:54 . 2008-04-14 00:15 60,032 --a------ c:\windows\system32\dllcache\usbaudio.sys
2009-03-11 11:53 . 2008-04-14 00:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-03-11 11:53 . 2008-04-14 00:15 32,128 --a------ c:\windows\system32\dllcache\usbccgp.sys
2009-03-11 11:43 . 2009-03-11 11:43 <DIR> d-------- c:\documents and settings\Učebna\Data aplikací\SMART Technologies Inc
2009-03-11 11:43 . 2009-03-11 11:43 <DIR> d-------- c:\documents and settings\Učebna\Data aplikací\SMART Technologies
2009-03-11 11:43 . 2003-02-14 19:14 110,592 --a------ c:\windows\system32\tsccvid.dll
2009-03-11 11:42 . 2009-03-11 11:42 <DIR> d-------- c:\program files\SMART Technologies
2009-03-11 11:42 . 2009-03-11 11:42 <DIR> d-------- c:\program files\Common Files\SMART Technologies
2009-03-11 11:42 . 2009-03-11 11:42 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\SMART Technologies
2009-03-11 11:33 . 2009-03-11 11:33 <DIR> d-------- c:\program files\Common Files\snpstd3
2009-03-11 11:32 . 2009-03-11 11:33 <DIR> d-------- c:\documents and settings\Učebna\Data aplikací\InstallShield
2009-03-11 11:24 . 2009-03-05 14:46 <DIR> d-------- c:\windows\system32\config\systemprofile\Data aplikací\Nero
2009-03-11 11:24 . 2009-03-05 14:46 <DIR> d-------- c:\windows\system32\config\systemprofile\Data aplikací\Nero
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d-------- c:\documents and settings\Učebna\Plocha
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d-------- c:\documents and settings\Učebna\Plocha
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d--h----- c:\documents and settings\Učebna\Okolní tiskárny
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d--h----- c:\documents and settings\Učebna\Okolní tiskárny
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d--h----- c:\documents and settings\Učebna\Okolní síť
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d--h----- c:\documents and settings\Učebna\Okolní síť
2009-03-11 11:24 . 2009-03-11 11:25 <DIR> dr------- c:\documents and settings\Učebna\Oblíbené položky
2009-03-11 11:24 . 2009-03-11 11:25 <DIR> dr------- c:\documents and settings\Učebna\Oblíbené položky
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d--h----- c:\documents and settings\Učebna\Šablony
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d--h----- c:\documents and settings\Učebna\Šablony
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> dr------- c:\documents and settings\Učebna\Nabídka Start
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> dr------- c:\documents and settings\Učebna\Nabídka Start
2009-03-11 11:24 . 2009-03-11 11:25 <DIR> dr------- c:\documents and settings\Učebna\Dokumenty
2009-03-11 11:24 . 2009-03-11 11:25 <DIR> dr------- c:\documents and settings\Učebna\Dokumenty
2009-03-11 11:24 . 2009-03-05 14:46 <DIR> d-------- c:\documents and settings\Učebna\Data aplikací\Nero
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> dr-h----- c:\documents and settings\Učebna\Data aplikací
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> dr-h----- c:\documents and settings\Učebna\Data aplikací
2009-03-11 11:24 . 2009-03-11 11:24 <DIR> d-------- c:\documents and settings\Učebna
2009-03-11 11:20 . 2009-03-11 11:20 8,192 --a------ c:\windows\REGLOCS.OLD
2009-03-05 14:56 . 2009-03-05 14:56 <DIR> d--hs---- C:\Recycled
2009-03-05 14:56 . 2009-03-05 14:56 333 --a------ c:\windows\system32\$ncsp$.inf
2009-03-05 14:56 . 2009-03-05 14:56 61 --a------ c:\windows\smscfg.ini
2009-03-05 14:53 . 2001-10-24 11:54 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-03-05 14:53 . 2001-10-24 11:54 12,160 --a------ c:\windows\system32\dllcache\mouhid.sys
2009-03-05 14:53 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2009-03-05 14:53 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\dllcache\hidusb.sys
2009-03-05 14:48 . 2009-03-05 14:48 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2009-03-05 14:48 . 2009-03-05 14:48 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2009-03-05 14:46 . 2009-03-05 14:46 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Nero
2009-03-05 14:45 . 2009-03-05 14:45 <DIR> d-------- c:\program files\Nero
2009-03-05 14:45 . 2009-03-05 14:45 <DIR> d-------- c:\program files\Common Files\Nero
2009-03-05 14:45 . 2009-03-05 14:45 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Nero
2009-03-05 14:41 . 2009-03-05 14:41 <DIR> d-------- c:\program files\Realtek
2009-03-05 14:41 . 2009-03-05 14:41 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-03-05 14:40 . 2009-03-05 14:40 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-03-05 14:40 . 2008-08-25 16:17 528,384 --a------ c:\windows\RtlExUpd.dll
2009-03-05 13:26 . 2008-04-14 08:52 75,264 --a------ c:\windows\system32\usbui.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-05 11:54 --------- d-----w c:\program files\Reference Assemblies
2009-03-05 11:54 --------- d-----w c:\program files\MSBuild
2009-03-05 11:46 --------- d-----w c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2009-03-05 11:46 --------- d-----w c:\documents and settings\All Users\Data aplikací\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2009-03-05 11:43 --------- d-----w c:\program files\Microsoft Works
2009-03-05 11:42 --------- d-----w c:\program files\Microsoft.NET
2009-03-05 11:41 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-03-05 11:36 --------- d-----w c:\program files\microsoft frontpage
2009-03-05 11:36 --------- d-----w c:\program files\Digimax
2009-03-05 11:36 --------- d-----w c:\program files\Common Files\Adobe
2009-03-05 11:32 --------- d-----w c:\program files\Windows Media Connect 2
2009-03-05 11:31 --------- d-----w c:\program files\Intel
2008-12-13 06:39 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-10 20480]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-10 270336]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 c:\windows\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe [2008-07-31 9618728]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [1980-01-01 69120]
S2 DllSrv Service Controler;DllSrv Service Controler;"c:\windows\system32\drivers\DllSrv.exe" --> c:\windows\system32\drivers\DllSrv.exe [?]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe [2008-07-31 1037608]
S3 SMART Web Server;Webový server SMART;c:\program files\SMART Technologies\SMART Board Drivers\WebServer.exe [2008-07-31 1205544]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed37473d-0ed2-11de-b431-002215dbeaca}]
\Shell\AutoRun\command - i:\restore\k-1-3542-4232123213-7676767-8888886\AMGR.exe
\Shell\open\command - i:\restore\k-1-3542-4232123213-7676767-8888886\AMGR.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed37473e-0ed2-11de-b431-002215dbeaca}]
\Shell\AutoRun\command - i:\restore\k-1-3542-4232123213-7676767-8888886\RanDll.exe
\Shell\open\command - i:\restore\k-1-3542-4232123213-7676767-8888886\RanDll.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-00WE-AAX5-77EF1D187563}]
c:\restore\k-1-3542-4232123213-7676767-8888886\RanDll.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atcomp.cz
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-13 06:48:48
Windows 5.1.2600 Service Pack 3 FAT NTAPI
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2009-03-13 6:49:17
ComboFix-quarantined-files.txt 2009-03-13 05:49:16
ComboFix2.txt 2009-03-12 16:01:34
Před spuštěním: Volných bajtů: 229 569 495 040
Po spuštění: Volných bajtů: 229,570,445,312
156 --- E O F --- 2009-03-12 12:45:46
ComboFix 09-03-10.03 - Učebna 2009-03-13 6:48:14.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2038.1665 [GMT 1:00]
Spuštěný z: c:\documents and settings\Učebna\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Učebna\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
c:\windows\system32\drivers\DllSrv.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\FOUND.000
c:\found.000\FILE0000.CHK
c:\windows\system32\drivers\DllSrv.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-13 do 2009-03-13 )))))))))))))))))))))))))))))))
.
2009-03-12 12:25 . 2009-03-12 12:25 <DIR> d-------- c:\program files\Trend Micro
2009-03-12 11:27 . 2009-03-12 17:19 744,960 --a------ c:\documents and settings\Učebna\c4m2m9o4vp9.exe
2009-03-12 11:27 . 2009-03-12 17:19 744,960 --a------ c:\documents and settings\Učebna\c4m2m9o4vp9.exe
2009-03-12 11:23 . 2009-03-13 06:40 35,885 --a------ c:\documents and settings\Učebna\g6l5k37g5s7.exe
2009-03-12 11:23 . 2009-03-13 06:40 35,885 --a------ c:\documents and settings\Učebna\g6l5k37g5s7.exe
2009-03-12 11:22 . 2009-03-12 12:05 670,720 --a------ c:\documents and settings\Učebna\kz7r4h3l1z6h2.exe
2009-03-12 11:22 . 2009-03-12 12:05 670,720 --a------ c:\documents and settings\Učebna\kz7r4h3l1z6h2.exe
2009-03-12 11:21 . 2009-03-12 11:21 <DIR> dr-hs---- C:\RESTORE
2009-03-11 11:57 . 2009-03-11 12:14 69 --a------ c:\windows\NeroDigital.ini
2009-03-11 11:54 . 2008-04-14 00:15 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-03-11 11:54 . 2008-04-14 00:15 60,032 --a------ c:\windows\system32\dllcache\usbaudio.sys
2009-03-11 11:53 . 2008-04-14 00:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-03-11 11:53 . 2008-04-14 00:15 32,128 --a------ c:\windows\system32\dllcache\usbccgp.sys
2009-03-11 11:43 . 2009-03-11 11:43 <DIR> d-------- c:\documents and settings\Učebna\Data aplikací\SMART Technologies Inc
2009-03-11 11:43 . 2009-03-11 11:43 <DIR> d-------- c:\documents and settings\Učebna\Data aplikací\SMART Technologies
2009-03-11 11:43 . 2003-02-14 19:14 110,592 --a------ c:\windows\system32\tsccvid.dll
2009-03-11 11:42 . 2009-03-11 11:42 <DIR> d-------- c:\program files\SMART Technologies
2009-03-11 11:42 . 2009-03-11 11:42 <DIR> d-------- c:\program files\Common Files\SMART Technologies
2009-03-11 11:42 . 2009-03-11 11:42 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\SMART Technologies
2009-03-11 11:33 . 2009-03-11 11:33 <DIR> d-------- c:\program files\Common Files\snpstd3
2009-03-11 11:32 . 2009-03-11 11:33 <DIR> d-------- c:\documents and settings\Učebna\Data aplikací\InstallShield
2009-03-11 11:24 . 2009-03-05 14:46 <DIR> d-------- c:\windows\system32\config\systemprofile\Data aplikací\Nero
2009-03-11 11:24 . 2009-03-05 14:46 <DIR> d-------- c:\windows\system32\config\systemprofile\Data aplikací\Nero
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d-------- c:\documents and settings\Učebna\Plocha
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d-------- c:\documents and settings\Učebna\Plocha
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d--h----- c:\documents and settings\Učebna\Okolní tiskárny
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d--h----- c:\documents and settings\Učebna\Okolní tiskárny
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d--h----- c:\documents and settings\Učebna\Okolní síť
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d--h----- c:\documents and settings\Učebna\Okolní síť
2009-03-11 11:24 . 2009-03-11 11:25 <DIR> dr------- c:\documents and settings\Učebna\Oblíbené položky
2009-03-11 11:24 . 2009-03-11 11:25 <DIR> dr------- c:\documents and settings\Učebna\Oblíbené položky
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d--h----- c:\documents and settings\Učebna\Šablony
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> d--h----- c:\documents and settings\Učebna\Šablony
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> dr------- c:\documents and settings\Učebna\Nabídka Start
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> dr------- c:\documents and settings\Učebna\Nabídka Start
2009-03-11 11:24 . 2009-03-11 11:25 <DIR> dr------- c:\documents and settings\Učebna\Dokumenty
2009-03-11 11:24 . 2009-03-11 11:25 <DIR> dr------- c:\documents and settings\Učebna\Dokumenty
2009-03-11 11:24 . 2009-03-05 14:46 <DIR> d-------- c:\documents and settings\Učebna\Data aplikací\Nero
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> dr-h----- c:\documents and settings\Učebna\Data aplikací
2009-03-11 11:24 . 2009-03-05 12:25 <DIR> dr-h----- c:\documents and settings\Učebna\Data aplikací
2009-03-11 11:24 . 2009-03-11 11:24 <DIR> d-------- c:\documents and settings\Učebna
2009-03-11 11:20 . 2009-03-11 11:20 8,192 --a------ c:\windows\REGLOCS.OLD
2009-03-05 14:56 . 2009-03-05 14:56 <DIR> d--hs---- C:\Recycled
2009-03-05 14:56 . 2009-03-05 14:56 333 --a------ c:\windows\system32\$ncsp$.inf
2009-03-05 14:56 . 2009-03-05 14:56 61 --a------ c:\windows\smscfg.ini
2009-03-05 14:53 . 2001-10-24 11:54 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-03-05 14:53 . 2001-10-24 11:54 12,160 --a------ c:\windows\system32\dllcache\mouhid.sys
2009-03-05 14:53 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2009-03-05 14:53 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\dllcache\hidusb.sys
2009-03-05 14:48 . 2009-03-05 14:48 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2009-03-05 14:48 . 2009-03-05 14:48 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2009-03-05 14:46 . 2009-03-05 14:46 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Nero
2009-03-05 14:45 . 2009-03-05 14:45 <DIR> d-------- c:\program files\Nero
2009-03-05 14:45 . 2009-03-05 14:45 <DIR> d-------- c:\program files\Common Files\Nero
2009-03-05 14:45 . 2009-03-05 14:45 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Nero
2009-03-05 14:41 . 2009-03-05 14:41 <DIR> d-------- c:\program files\Realtek
2009-03-05 14:41 . 2009-03-05 14:41 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-03-05 14:40 . 2009-03-05 14:40 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-03-05 14:40 . 2008-08-25 16:17 528,384 --a------ c:\windows\RtlExUpd.dll
2009-03-05 13:26 . 2008-04-14 08:52 75,264 --a------ c:\windows\system32\usbui.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-05 11:54 --------- d-----w c:\program files\Reference Assemblies
2009-03-05 11:54 --------- d-----w c:\program files\MSBuild
2009-03-05 11:46 --------- d-----w c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2009-03-05 11:46 --------- d-----w c:\documents and settings\All Users\Data aplikací\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2009-03-05 11:43 --------- d-----w c:\program files\Microsoft Works
2009-03-05 11:42 --------- d-----w c:\program files\Microsoft.NET
2009-03-05 11:41 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-03-05 11:36 --------- d-----w c:\program files\microsoft frontpage
2009-03-05 11:36 --------- d-----w c:\program files\Digimax
2009-03-05 11:36 --------- d-----w c:\program files\Common Files\Adobe
2009-03-05 11:32 --------- d-----w c:\program files\Windows Media Connect 2
2009-03-05 11:31 --------- d-----w c:\program files\Intel
2008-12-13 06:39 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-10 20480]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-10 270336]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 c:\windows\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe [2008-07-31 9618728]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [1980-01-01 69120]
S2 DllSrv Service Controler;DllSrv Service Controler;"c:\windows\system32\drivers\DllSrv.exe" --> c:\windows\system32\drivers\DllSrv.exe [?]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe [2008-07-31 1037608]
S3 SMART Web Server;Webový server SMART;c:\program files\SMART Technologies\SMART Board Drivers\WebServer.exe [2008-07-31 1205544]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed37473d-0ed2-11de-b431-002215dbeaca}]
\Shell\AutoRun\command - i:\restore\k-1-3542-4232123213-7676767-8888886\AMGR.exe
\Shell\open\command - i:\restore\k-1-3542-4232123213-7676767-8888886\AMGR.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed37473e-0ed2-11de-b431-002215dbeaca}]
\Shell\AutoRun\command - i:\restore\k-1-3542-4232123213-7676767-8888886\RanDll.exe
\Shell\open\command - i:\restore\k-1-3542-4232123213-7676767-8888886\RanDll.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-00WE-AAX5-77EF1D187563}]
c:\restore\k-1-3542-4232123213-7676767-8888886\RanDll.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atcomp.cz
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-13 06:48:48
Windows 5.1.2600 Service Pack 3 FAT NTAPI
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2009-03-13 6:49:17
ComboFix-quarantined-files.txt 2009-03-13 05:49:16
ComboFix2.txt 2009-03-12 16:01:34
Před spuštěním: Volných bajtů: 229 569 495 040
Po spuštění: Volných bajtů: 229,570,445,312
156 --- E O F --- 2009-03-12 12:45:46
Re: prosím o kontrolu, virus
Log z HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:01, on 13.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atcomp.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.atcomp.cz
O23 - Service: DllSrv Service Controler - Unknown owner - C:\WINDOWS\system32\drivers\DllSrv.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Služba SMART Board (SMART Board Service) - SMART Technologies - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
O23 - Service: SMART SNMP Agent Service - SMART Technologies ULC - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
O23 - Service: Webový server SMART (SMART Web Server) - Unknown owner - C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe
--
End of file - 4689 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:01, on 13.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atcomp.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.atcomp.cz
O23 - Service: DllSrv Service Controler - Unknown owner - C:\WINDOWS\system32\drivers\DllSrv.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Služba SMART Board (SMART Board Service) - SMART Technologies - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
O23 - Service: SMART SNMP Agent Service - SMART Technologies ULC - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
O23 - Service: Webový server SMART (SMART Web Server) - Unknown owner - C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe
--
End of file - 4689 bytes
Re: prosím o kontrolu, virus
Tu je log z toho SafeBootu. Nic jiného mi to nenabídlo, tak nevím, jestli to je spravené:-(
Reg export of SafeBoot key after repair:
========================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\procexp90.Sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\procexp90.Sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"
========================
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\procexp90.Sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PSEXESVC
Reg export of SafeBoot key after repair:
========================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\procexp90.Sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\procexp90.Sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"
========================
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\procexp90.Sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PSEXESVC
Kdo je online
Uživatelé prohlížející si toto fórum: Google [Bot] a 3 hosti