sakiri píše:
Stáhni si SDFix a spusť ho ,vybalí se do vlastní složky (bude asi na C:\SDfix).
Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.
Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj pokud by ti nevyběhne tak je umístěný ve své vlastní složce jako Report.txt (nezapomeň sem zkopírovat jeho obsah)
Kontrola logu HIjackthis -zpomalenej počítač Vyřešeno
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
tak zkus toto
-
jirka.habrun
- Level 1.5
- Příspěvky: 131
- Registrován: květen 07
- Pohlaví:
- Stav:
Offline
tak tady posilam ten log .......vsechni jsem udelal presne .Zda se mi ze po projeti tímhle nastrojem mym pc se to dost zrychlylo .............ale spousteni prohlizece je porad pomale ....ale vzdycky jenom to prvni .........tamty uz potom jdou ....
SDFix: Version 1.88
Run by Admin on po 02.07.2007 at 02:29
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\WINDOWS\SYSTEM32\SYS_DLL.DLL - Deleted
Removing Temp Files...
ADS Check:
Checking C:\WINDOWS
C:\WINDOWS
No streams found.
Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.
Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Listing Files with Hidden Attributes:
C:\WINDOWS\system32\bcae_s.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\msvcirt.dll
C:\WINDOWS\system32\msvcp50.dll
C:\WINDOWS\system32\msvcp60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\msvcrt20.dll
C:\WINDOWS\system32\msvcrt40.dll
C:\Generic.exe
C:\WINDOWS\system32\cleaner12.exe
C:\WINDOWS\system32\RO82EC.tmp.LOG
C:\WINDOWS\system32\RO82EF.tmp.LOG
C:\WINDOWS\system32\RO82F4.tmp.LOG
C:\WINDOWS\system32\RO82F7.tmp.LOG
C:\WINDOWS\system32\RO82FC.tmp.LOG
C:\WINDOWS\system32\RO82FF.tmp.LOG
C:\WINDOWS\system32\RO8304.tmp.LOG
C:\WINDOWS\system32\RO8307.tmp.LOG
C:\WINDOWS\system32\RO830C.tmp.LOG
C:\WINDOWS\system32\RO830F.tmp.LOG
C:\WINDOWS\system32\RO8314.tmp.LOG
C:\WINDOWS\system32\RO8317.tmp.LOG
C:\WINDOWS\system32\ROA283.tmp.LOG
C:\WINDOWS\system32\ROA288.tmp.LOG
C:\WINDOWS\system32\ROA28B.tmp.LOG
C:\WINDOWS\system32\ROA290.tmp.LOG
C:\WINDOWS\system32\ROA293.tmp.LOG
C:\WINDOWS\system32\ROA298.tmp.LOG
C:\WINDOWS\system32\ROA29B.tmp.LOG
C:\WINDOWS\system32\ROA2A0.tmp.LOG
C:\WINDOWS\system32\ROA2A3.tmp.LOG
C:\WINDOWS\system32\ROA2A8.tmp.LOG
C:\WINDOWS\system32\ROA2AB.tmp.LOG
C:\WINDOWS\system32\ROA2B0.tmp.LOG
C:\WINDOWS\system32\ROB45C.tmp.LOG
C:\WINDOWS\system32\ROB45F.tmp.LOG
C:\WINDOWS\system32\ROB464.tmp.LOG
C:\WINDOWS\system32\ROB467.tmp.LOG
C:\WINDOWS\system32\ROB46C.tmp.LOG
C:\WINDOWS\system32\ROB46F.tmp.LOG
C:\WINDOWS\system32\ROB474.tmp.LOG
C:\WINDOWS\system32\ROB477.tmp.LOG
C:\WINDOWS\system32\ROB47C.tmp.LOG
C:\WINDOWS\system32\ROB47F.tmp.LOG
C:\WINDOWS\system32\ROB484.tmp.LOG
C:\WINDOWS\system32\ROB487.tmp.LOG
C:\WINDOWS\system32\ROC8D0.tmp.LOG
C:\WINDOWS\system32\ROC8D3.tmp.LOG
C:\WINDOWS\system32\ROC8D8.tmp.LOG
C:\WINDOWS\system32\ROC8DB.tmp.LOG
C:\WINDOWS\system32\ROC8E0.tmp.LOG
C:\WINDOWS\system32\ROC8E3.tmp.LOG
C:\WINDOWS\system32\ROC8E8.tmp.LOG
C:\WINDOWS\system32\ROC8EB.tmp.LOG
C:\WINDOWS\system32\ROC8F0.tmp.LOG
C:\WINDOWS\system32\ROC8F3.tmp.LOG
C:\WINDOWS\system32\ROC8F8.tmp.LOG
C:\WINDOWS\system32\ROC8FB.tmp.LOG
C:\WINDOWS\system32\ROFA73.tmp.LOG
C:\WINDOWS\system32\ROFA78.tmp.LOG
C:\WINDOWS\system32\ROFA7B.tmp.LOG
C:\WINDOWS\system32\ROFA80.tmp.LOG
C:\WINDOWS\system32\ROFA83.tmp.LOG
C:\WINDOWS\system32\ROFA88.tmp.LOG
C:\WINDOWS\system32\ROFA8B.tmp.LOG
C:\WINDOWS\system32\ROFA90.tmp.LOG
C:\WINDOWS\system32\ROFA93.tmp.LOG
C:\WINDOWS\system32\ROFA98.tmp.LOG
C:\WINDOWS\system32\ROFA9B.tmp.LOG
C:\WINDOWS\system32\ROFAA0.tmp.LOG
C:\WINDOWS\system32\wybeg.tmp
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG
Listing User Accounts:
Admin Administrator Guest
HelpAssistant SUPPORT_388945a0
Pýˇkaz byl ŁspŘçnŘ dokonźen.
Finished
SDFix: Version 1.88
Run by Admin on po 02.07.2007 at 02:29
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\WINDOWS\SYSTEM32\SYS_DLL.DLL - Deleted
Removing Temp Files...
ADS Check:
Checking C:\WINDOWS
C:\WINDOWS
No streams found.
Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.
Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Listing Files with Hidden Attributes:
C:\WINDOWS\system32\bcae_s.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\msvcirt.dll
C:\WINDOWS\system32\msvcp50.dll
C:\WINDOWS\system32\msvcp60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\msvcrt20.dll
C:\WINDOWS\system32\msvcrt40.dll
C:\Generic.exe
C:\WINDOWS\system32\cleaner12.exe
C:\WINDOWS\system32\RO82EC.tmp.LOG
C:\WINDOWS\system32\RO82EF.tmp.LOG
C:\WINDOWS\system32\RO82F4.tmp.LOG
C:\WINDOWS\system32\RO82F7.tmp.LOG
C:\WINDOWS\system32\RO82FC.tmp.LOG
C:\WINDOWS\system32\RO82FF.tmp.LOG
C:\WINDOWS\system32\RO8304.tmp.LOG
C:\WINDOWS\system32\RO8307.tmp.LOG
C:\WINDOWS\system32\RO830C.tmp.LOG
C:\WINDOWS\system32\RO830F.tmp.LOG
C:\WINDOWS\system32\RO8314.tmp.LOG
C:\WINDOWS\system32\RO8317.tmp.LOG
C:\WINDOWS\system32\ROA283.tmp.LOG
C:\WINDOWS\system32\ROA288.tmp.LOG
C:\WINDOWS\system32\ROA28B.tmp.LOG
C:\WINDOWS\system32\ROA290.tmp.LOG
C:\WINDOWS\system32\ROA293.tmp.LOG
C:\WINDOWS\system32\ROA298.tmp.LOG
C:\WINDOWS\system32\ROA29B.tmp.LOG
C:\WINDOWS\system32\ROA2A0.tmp.LOG
C:\WINDOWS\system32\ROA2A3.tmp.LOG
C:\WINDOWS\system32\ROA2A8.tmp.LOG
C:\WINDOWS\system32\ROA2AB.tmp.LOG
C:\WINDOWS\system32\ROA2B0.tmp.LOG
C:\WINDOWS\system32\ROB45C.tmp.LOG
C:\WINDOWS\system32\ROB45F.tmp.LOG
C:\WINDOWS\system32\ROB464.tmp.LOG
C:\WINDOWS\system32\ROB467.tmp.LOG
C:\WINDOWS\system32\ROB46C.tmp.LOG
C:\WINDOWS\system32\ROB46F.tmp.LOG
C:\WINDOWS\system32\ROB474.tmp.LOG
C:\WINDOWS\system32\ROB477.tmp.LOG
C:\WINDOWS\system32\ROB47C.tmp.LOG
C:\WINDOWS\system32\ROB47F.tmp.LOG
C:\WINDOWS\system32\ROB484.tmp.LOG
C:\WINDOWS\system32\ROB487.tmp.LOG
C:\WINDOWS\system32\ROC8D0.tmp.LOG
C:\WINDOWS\system32\ROC8D3.tmp.LOG
C:\WINDOWS\system32\ROC8D8.tmp.LOG
C:\WINDOWS\system32\ROC8DB.tmp.LOG
C:\WINDOWS\system32\ROC8E0.tmp.LOG
C:\WINDOWS\system32\ROC8E3.tmp.LOG
C:\WINDOWS\system32\ROC8E8.tmp.LOG
C:\WINDOWS\system32\ROC8EB.tmp.LOG
C:\WINDOWS\system32\ROC8F0.tmp.LOG
C:\WINDOWS\system32\ROC8F3.tmp.LOG
C:\WINDOWS\system32\ROC8F8.tmp.LOG
C:\WINDOWS\system32\ROC8FB.tmp.LOG
C:\WINDOWS\system32\ROFA73.tmp.LOG
C:\WINDOWS\system32\ROFA78.tmp.LOG
C:\WINDOWS\system32\ROFA7B.tmp.LOG
C:\WINDOWS\system32\ROFA80.tmp.LOG
C:\WINDOWS\system32\ROFA83.tmp.LOG
C:\WINDOWS\system32\ROFA88.tmp.LOG
C:\WINDOWS\system32\ROFA8B.tmp.LOG
C:\WINDOWS\system32\ROFA90.tmp.LOG
C:\WINDOWS\system32\ROFA93.tmp.LOG
C:\WINDOWS\system32\ROFA98.tmp.LOG
C:\WINDOWS\system32\ROFA9B.tmp.LOG
C:\WINDOWS\system32\ROFAA0.tmp.LOG
C:\WINDOWS\system32\wybeg.tmp
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG
Listing User Accounts:
Admin Administrator Guest
HelpAssistant SUPPORT_388945a0
Pýˇkaz byl ŁspŘçnŘ dokonźen.
Finished
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
mě se pořád nelíbí toto
C:\WINDOWS\system32\bcae_s.dll
nech zkontrolovat ještě tady
http://virusscan.jotti.org/ a
http://scanner.virus.org/
a toto smaž
C:\WINDOWS\system32\wybeg.tmp
C:\WINDOWS\system32\bcae_s.dll
nech zkontrolovat ještě tady
http://virusscan.jotti.org/ a
http://scanner.virus.org/
a toto smaž
C:\WINDOWS\system32\wybeg.tmp
-
jirka.habrun
- Level 1.5
- Příspěvky: 131
- Registrován: květen 07
- Pohlaví:
- Stav:
Offline
Jinak k tomu IceSWord.
Klikni vpravo na Process a poté nahoře klikni na tlačítko Log a uložíš ho a poté sem zkopíruješ celý obsah toho uloženého logu.
Poté uděláš takto log z Kernel Module a ze StartUp
Kdyby to pořád nešlo udělat ty logy tak udělej toto:
Stáhni si SREng.
Rozbal archív do vlastní složky.
Spusť program a zvol možnost Smart Scan nech zaškrtnuty volby co jsou,+ zaškrtni Verify the digital signature of process modules a klikni na Scan.
Po dokončení scanování klikni na Save Reports a ulož log. Poté sem zkopíruj jeho obsah.
Tam ten soubor najdi a smaž.
Klikni vpravo na Process a poté nahoře klikni na tlačítko Log a uložíš ho a poté sem zkopíruješ celý obsah toho uloženého logu.
Poté uděláš takto log z Kernel Module a ze StartUp
Kdyby to pořád nešlo udělat ty logy tak udělej toto:
Stáhni si SREng.
Rozbal archív do vlastní složky.
Spusť program a zvol možnost Smart Scan nech zaškrtnuty volby co jsou,+ zaškrtni Verify the digital signature of process modules a klikni na Scan.
Po dokončení scanování klikni na Save Reports a ulož log. Poté sem zkopíruj jeho obsah.
Tam ten soubor najdi a smaž.
-
jirka.habrun
- Level 1.5
- Příspěvky: 131
- Registrován: květen 07
- Pohlaví:
- Stav:
Offline
-
jirka.habrun
- Level 1.5
- Příspěvky: 131
- Registrován: květen 07
- Pohlaví:
- Stav:
Offline
uz mi jde ten Ice sword .tak za hodku poslu logy z nej ....ale log nejde udelat u SSDT a tam mam cerveny veci .posilam log z toho SREng .a ten soubor C:\WINDOWS\system32\wybeg.tmp nemuzu najit ...poradte prosim
2007-07-02,20:41:44
System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed
Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<SpybotSD TeaTimer><C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe> [(Verified)Safer Networking Ltd.]
<BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"> [Nero AG]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE> [Eset ]
<LXBXCATS><rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
<UIHost><vistaui.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Publisher]
<WebCheck><%system%\webcheck.dll> [N/A]
<SysTray><C:\WINDOWS\system32\stobject.dll> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<Vlastní nastavení prohlížeče><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Aktualizace plochy systému Windows><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Publisher]
==================================
Startup Folders
N/A
==================================
Services
[Comodo Application Agent / CmdAgent][Running/Auto Start]
<C:\Program Files\Comodo\Firewall\cmdagent.exe><COMODO>
[FVJMK / FVJMK][Stopped/Manual Start]
<C:\DOCUME~1\ADMIN~1.HOM\LOCALS~1\Temp\FVJMK.exe><N/A>
[IZJEDYPNYZJSXADU / IZJEDYPNYZJSXADU][Stopped/Manual Start]
<C:\DOCUME~1\ADMIN~1.HOM\LOCALS~1\Temp\IZJEDYPNYZJSXADU.exe><N/A>
[lxbx_device / lxbx_device][Stopped/Manual Start]
<C:\WINDOWS\system32\lxbxcoms.exe -service><Lexmark International, Inc.>
[NOD32 Kernel Service / NOD32krn][Running/Auto Start]
<"C:\Program Files\Eset\nod32krn.exe"><Eset>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[O&O Defrag / O&O Defrag][Running/Auto Start]
<C:\WINDOWS\system32\oodag.exe><O&O Software GmbH>
[OpenVPN Service / OpenVPNService][Stopped/Manual Start]
<C:\Program Files\OpenVPN\bin\openvpnserv.exe><N/A>
[PC Tools Spyware Doctor / SDhelper][Stopped/Disabled]
<><N/A>
[SF FrontLine Drivers Auto Removal (v1) / sfrem01][Stopped/Auto Start]
<C:\WINDOWS\system32\sfrem01.exe svc><Protection Technology (StarForce)>
[SecuROM User Access Service (V7) / UserAccess7][Running/Auto Start]
<C:\WINDOWS\system32\UAService7.exe><Sony DADC Austria AG.>
==================================
Drivers
[AMON / AMON][Running/Auto Start]
<\SystemRoot\system32\drivers\amon.sys><Eset>
[AVG Anti-Rootkit / AVG Anti-Rootkit][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\avgarkt.sys><GRISOFT, s.r.o.>
[Avg Anti-Rootkit Clean Driver / AvgArCln][Running/System Start]
<System32\DRIVERS\AvgArCln.sys><GRISOFT, s.r.o.>
[Card Reader Filter / CardReaderFilter][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS><ICSI Technology Ltd.>
[Comodo Application Engine / CmdMon][Running/System Start]
<System32\DRIVERS\cmdmon.sys><Comodo Research Lab., Inc.>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
<system32\drivers\cmuda.sys><C-Media Inc>
[ENTECH / ENTECH][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys><EnTech Taiwan>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
<system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[FlyPCI / FlyPCI][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\FlyPCI.sys><N/A>
[gmer / gmer][Stopped/Manual Start]
<System32\DRIVERS\gmer.sys><GMER>
[Hamachi Network Interface / hamachi][Running/Manual Start]
<system32\DRIVERS\hamachi.sys><LogMeIn, Inc.>
[Hardlock / Hardlock][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\hardlock.sys><Aladdin Knowledge Systems>
[Comodo Network Engine / Inspect][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\inspect.sys><COMODO>
[Sony Ericsson 750 driver (WDM) / k750bus][Stopped/Manual Start]
<system32\DRIVERS\k750bus.sys><MCCI>
[Sony Ericsson 750 USB WMC Modem Filter / k750mdfl][Stopped/Manual Start]
<system32\DRIVERS\k750mdfl.sys><MCCI>
[Sony Ericsson 750 USB WMC Modem Drivers / k750mdm][Stopped/Manual Start]
<system32\DRIVERS\k750mdm.sys><MCCI>
[Sony Ericsson 750 USB WMC Device Management Drivers / k750mgmt][Stopped/Manual Start]
<system32\DRIVERS\k750mgmt.sys><MCCI>
[Sony Ericsson 750 USB WMC OBEX Interface Drivers / k750obex][Stopped/Manual Start]
<system32\DRIVERS\k750obex.sys><MCCI>
[TV Card Capture Driver / LVCap138][Running/Manual Start]
<system32\DRIVERS\lvcap138.sys><Philips>
[TV Card WDM TV Tuner / lvtuner][Running/Manual Start]
<system32\DRIVERS\lvtuner.sys><Philips>
[MEMSWEEP2 / MEMSWEEP2][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\507.tmp><N/A>
[nod32drv / nod32drv][Running/System Start]
<\SystemRoot\system32\drivers\nod32drv.sys><N/A>
[NTSIM / NTSIM][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\ntsim.sys><VIA Networking Technologies, Inc.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[StarForce Protection Environment Driver v6 / prodrv06][Running/System Start]
<\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start]
<\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start]
<\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Boot Tasks Driver / SAVRKBootTasks][Running/System Start]
<\??\C:\WINDOWS\system32\SAVRKBootTasks.sys><Sophos Plc>
[Secdrv / Secdrv][Running/Auto Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[StarForce Cure Driver (version 1.x) / sfcure01][Stopped/Manual Start]
<System32\drivers\sfcure01.sys><N/A>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]
<\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology (StarForce)>
[StarForce Protection Helper Driver / sfhlp01][Running/Boot Start]
<\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology (StarForce)>
[StarForce Protection Synchronization Driver (version 2.x) / sfsync02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfsync02.sys><Protection Technology>
[StarForce Protection VFS Driver (version 2.x) / sfvfs02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfvfs02.sys><Protection Technology>
[StarCam Clip / SNPSTD3][Stopped/Manual Start]
<system32\DRIVERS\snpstd3.sys><Sonix Co. Ltd.>
[sojubus / sojubus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sojubus.sys><>
[sojuscsi / sojuscsi][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sojuscsi.sys><>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[TAP-Win32 Adapter / TAP][Running/Manual Start]
<system32\DRIVERS\tapdrvr.sys><The OpenVPN Project>
[TAP-Win32 Adapter V8 / tap0801][Stopped/Manual Start]
<system32\DRIVERS\tap0801.sys><The OpenVPN Project>
[Ovladač protokolu TCP/IP / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[VIA AGP Filter / viaagp1][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[viamraid / viamraid][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[Dálnopisný kodek světového standardu / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
==================================
Browser Add-ons
[XTTBPos00 Class]
{055FD26D-3A88-4e15-963D-DC8493744B1D} <C:\Program Files\ICQToolbar\toolbaru.dll, IE Toolbar>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[GetRight IE Download Helper]
{31FF080D-12A3-439A-A2EF-4BA95A3148E8} <C:\Program Files\GetRight\xx2gr.dll, Headlight Software, Inc.>
[Megaupload Toolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} <C:\PROGRA~1\MegauploadToolbar\MEGAUP~1.DLL, MEGAUPLOAD>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[&Zdroje informací]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[ICQ Lite]
{B863453A-26C3-4e1f-A54D-A2CD196348E9} <C:\Program Files\ICQLite\ICQLite.exe, ICQ Ltd.>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <, N/A>
[]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[ICQ6]
{E59EB121-F339-4851-A3BA-FE49C35617C2} <C:\Program Files\ICQ6\ICQ.exe, ICQ, Inc.>
[ICQ Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} <C:\Program Files\ICQToolbar\toolbaru.dll, IE Toolbar>
[Megaupload Toolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} <C:\PROGRA~1\MegauploadToolbar\MEGAUP~1.DLL, MEGAUPLOAD>
[Windows Live Safety Center Base Module]
{5ED80217-570B-4DA9-BF44-BE107C0EC166} <C:\WINDOWS\Downloaded Program Files\wlscBase.dll, Microsoft Corporation>
[PhotoUploader Control]
{5F509E42-537E-482B-B66C-145BC170054C} <C:\WINDOWS\DOWNLO~1\FotoStarPhotoUploader.dll, >
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <, N/A>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Computer, Inc.>
[XTTBPos00 Class]
{055FD26D-3A88-4E15-963D-DC8493744B1D} <C:\Program Files\ICQToolbar\toolbaru.dll, IE Toolbar>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\MSHTML.DLL, N/A>
[GetRight IE Download Helper]
{31FF080D-12A3-439A-A2EF-4BA95A3148E8} <C:\Program Files\GetRight\xx2gr.dll, Headlight Software, Inc.>
[Megaupload Toolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} <C:\PROGRA~1\MegauploadToolbar\MEGAUP~1.DLL, MEGAUPLOAD>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\SHDOCVW.DLL, N/A>
[Windows Live Safety Center Base Module]
{5ED80217-570B-4DA9-BF44-BE107C0EC166} <C:\WINDOWS\Downloaded Program Files\wlscBase.dll, Microsoft Corporation>
[PhotoUploader Control]
{5F509E42-537E-482B-B66C-145BC170054C} <C:\WINDOWS\DOWNLO~1\FotoStarPhotoUploader.dll, >
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[ICQ Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} <C:\Program Files\ICQToolbar\toolbaru.dll, IE Toolbar>
[Webový prohlížeč společnosti Microsoft]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\SHDOCVW.DLL, Microsoft Corporation>
[Windows Live Safety Center Control Module]
{8E5C8BEE-1887-414C-8AC9-7C3951F28476} <C:\Program Files\Windows Live Safety Center\wlscCtrl.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\SHDOCVW.DLL, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <, N/A>
[&Download All by FlashGet]
<8ED06-7D47-4AFC-AB38-6053ECDC0AD8}, N/A>
[&Download using FlashGet]
<, N/A>
[Download with GetRight Pro]
<C:\Program Files\GetRight\GRdownload.htm, N/A>
[E&xportovat do aplikace Microsoft Excel]
<res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000, N/A>
[Open with GetRight Pro Browser]
<C:\Program Files\GetRight\GRbrowse.htm, N/A>
==================================
Running Processes
[PID: 752][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 792][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1208][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\BROWSEUI.dll] [Společnost Microsoft, 6.00.2900.3086 (xpsp_sp2_gdr.070218-2314)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NETSHELL.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\stobject.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\GetRight\xx2gr.dll] [Headlight Software, Inc., 6.1a]
[C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll] [Nero AG, 2, 0, 0, 8]
[C:\Program Files\Common Files\Ahead\Lib\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.9.2006121800]
[C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0]
[C:\WINDOWS\system32\mydocs.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 608][C:\Program Files\Eset\nod32kui.exe] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\nod32rui.dll] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Eset\pu_amon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_amon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pu_dmon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_dmon.dll] [N/A, ]
[C:\Program Files\Eset\pu_emon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_emon.dll] [N/A, ]
[C:\Program Files\Eset\pu_imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\Program Files\Eset\pu_nod32.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pu_upd.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_upd.dll] [N/A, ]
[PID: 648][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 704][C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] [Safer Networking Limited, 1, 4, 0, 2]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Spybot - Search & Destroy\advcheck.dll] [Safer Networking Limited, 1, 5, 3, 0]
[PID: 1632][C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe] [Nero AG, 1, 5, 0, 18]
[C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Common Files\Ahead\Lib\AdvrCntr2.dll] [Nero AG, 5,10,1, 8600]
[C:\WINDOWS\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll] [Nero AG, 1, 5, 0, 18]
[C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll] [Nero AG, 1, 5, 0, 18]
[PID: 2080][C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe] [Nero AG, 1, 5, 0, 18]
[C:\Program Files\Common Files\Ahead\Lib\NMSQLDB.dll] [Nero AG, 1, 5, 0, 18]
[C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Common Files\Ahead\Lib\NMLogCxx.dll] [Nero AG, 1, 5, 0, 18]
[C:\Program Files\Common Files\Ahead\Lib\log4cxx.dll] [Nero AG, 1, 0, 0, 0]
[C:\WINDOWS\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Common Files\Ahead\Lib\NMCoFoundation.dll] [Nero AG, 1, 5, 0, 18]
[C:\Program Files\Common Files\Ahead\Lib\NMPluginBase.dll] [Nero AG, 1, 5, 0, 18]
[C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll] [Nero AG, 1, 5, 0, 18]
[C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll] [Nero AG, 1, 5, 0, 18]
[PID: 3076][C:\Documents and Settings\Admin.HOME\Plocha\Udržba počitače\NESPOUSTEJ !!!\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\WINDOWS\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /s]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS Error. [NOTEPAD.EXE %1]
.JS Error. [NOTEPAD.EXE %1]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock Provider
NOD32 protected [MSAFD Tcpip [TCP/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [UDP/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [RAW/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP UDP Service Provider]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP TCP Service Provider]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
==================================
Autorun.Inf
N/A
==================================
HOSTS File
127.0.0.1 localhost
==================================
API HOOK
N/A
==================================
Hidden Process
N/A
==================================
2007-07-02,20:41:44
System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed
Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<SpybotSD TeaTimer><C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe> [(Verified)Safer Networking Ltd.]
<BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"> [Nero AG]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE> [Eset ]
<LXBXCATS><rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
<UIHost><vistaui.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Publisher]
<WebCheck><%system%\webcheck.dll> [N/A]
<SysTray><C:\WINDOWS\system32\stobject.dll> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<Vlastní nastavení prohlížeče><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Aktualizace plochy systému Windows><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Publisher]
==================================
Startup Folders
N/A
==================================
Services
[Comodo Application Agent / CmdAgent][Running/Auto Start]
<C:\Program Files\Comodo\Firewall\cmdagent.exe><COMODO>
[FVJMK / FVJMK][Stopped/Manual Start]
<C:\DOCUME~1\ADMIN~1.HOM\LOCALS~1\Temp\FVJMK.exe><N/A>
[IZJEDYPNYZJSXADU / IZJEDYPNYZJSXADU][Stopped/Manual Start]
<C:\DOCUME~1\ADMIN~1.HOM\LOCALS~1\Temp\IZJEDYPNYZJSXADU.exe><N/A>
[lxbx_device / lxbx_device][Stopped/Manual Start]
<C:\WINDOWS\system32\lxbxcoms.exe -service><Lexmark International, Inc.>
[NOD32 Kernel Service / NOD32krn][Running/Auto Start]
<"C:\Program Files\Eset\nod32krn.exe"><Eset>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[O&O Defrag / O&O Defrag][Running/Auto Start]
<C:\WINDOWS\system32\oodag.exe><O&O Software GmbH>
[OpenVPN Service / OpenVPNService][Stopped/Manual Start]
<C:\Program Files\OpenVPN\bin\openvpnserv.exe><N/A>
[PC Tools Spyware Doctor / SDhelper][Stopped/Disabled]
<><N/A>
[SF FrontLine Drivers Auto Removal (v1) / sfrem01][Stopped/Auto Start]
<C:\WINDOWS\system32\sfrem01.exe svc><Protection Technology (StarForce)>
[SecuROM User Access Service (V7) / UserAccess7][Running/Auto Start]
<C:\WINDOWS\system32\UAService7.exe><Sony DADC Austria AG.>
==================================
Drivers
[AMON / AMON][Running/Auto Start]
<\SystemRoot\system32\drivers\amon.sys><Eset>
[AVG Anti-Rootkit / AVG Anti-Rootkit][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\avgarkt.sys><GRISOFT, s.r.o.>
[Avg Anti-Rootkit Clean Driver / AvgArCln][Running/System Start]
<System32\DRIVERS\AvgArCln.sys><GRISOFT, s.r.o.>
[Card Reader Filter / CardReaderFilter][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS><ICSI Technology Ltd.>
[Comodo Application Engine / CmdMon][Running/System Start]
<System32\DRIVERS\cmdmon.sys><Comodo Research Lab., Inc.>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
<system32\drivers\cmuda.sys><C-Media Inc>
[ENTECH / ENTECH][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys><EnTech Taiwan>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
<system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[FlyPCI / FlyPCI][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\FlyPCI.sys><N/A>
[gmer / gmer][Stopped/Manual Start]
<System32\DRIVERS\gmer.sys><GMER>
[Hamachi Network Interface / hamachi][Running/Manual Start]
<system32\DRIVERS\hamachi.sys><LogMeIn, Inc.>
[Hardlock / Hardlock][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\hardlock.sys><Aladdin Knowledge Systems>
[Comodo Network Engine / Inspect][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\inspect.sys><COMODO>
[Sony Ericsson 750 driver (WDM) / k750bus][Stopped/Manual Start]
<system32\DRIVERS\k750bus.sys><MCCI>
[Sony Ericsson 750 USB WMC Modem Filter / k750mdfl][Stopped/Manual Start]
<system32\DRIVERS\k750mdfl.sys><MCCI>
[Sony Ericsson 750 USB WMC Modem Drivers / k750mdm][Stopped/Manual Start]
<system32\DRIVERS\k750mdm.sys><MCCI>
[Sony Ericsson 750 USB WMC Device Management Drivers / k750mgmt][Stopped/Manual Start]
<system32\DRIVERS\k750mgmt.sys><MCCI>
[Sony Ericsson 750 USB WMC OBEX Interface Drivers / k750obex][Stopped/Manual Start]
<system32\DRIVERS\k750obex.sys><MCCI>
[TV Card Capture Driver / LVCap138][Running/Manual Start]
<system32\DRIVERS\lvcap138.sys><Philips>
[TV Card WDM TV Tuner / lvtuner][Running/Manual Start]
<system32\DRIVERS\lvtuner.sys><Philips>
[MEMSWEEP2 / MEMSWEEP2][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\507.tmp><N/A>
[nod32drv / nod32drv][Running/System Start]
<\SystemRoot\system32\drivers\nod32drv.sys><N/A>
[NTSIM / NTSIM][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\ntsim.sys><VIA Networking Technologies, Inc.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[StarForce Protection Environment Driver v6 / prodrv06][Running/System Start]
<\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start]
<\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start]
<\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Boot Tasks Driver / SAVRKBootTasks][Running/System Start]
<\??\C:\WINDOWS\system32\SAVRKBootTasks.sys><Sophos Plc>
[Secdrv / Secdrv][Running/Auto Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[StarForce Cure Driver (version 1.x) / sfcure01][Stopped/Manual Start]
<System32\drivers\sfcure01.sys><N/A>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]
<\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology (StarForce)>
[StarForce Protection Helper Driver / sfhlp01][Running/Boot Start]
<\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology (StarForce)>
[StarForce Protection Synchronization Driver (version 2.x) / sfsync02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfsync02.sys><Protection Technology>
[StarForce Protection VFS Driver (version 2.x) / sfvfs02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfvfs02.sys><Protection Technology>
[StarCam Clip / SNPSTD3][Stopped/Manual Start]
<system32\DRIVERS\snpstd3.sys><Sonix Co. Ltd.>
[sojubus / sojubus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sojubus.sys><>
[sojuscsi / sojuscsi][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sojuscsi.sys><>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[TAP-Win32 Adapter / TAP][Running/Manual Start]
<system32\DRIVERS\tapdrvr.sys><The OpenVPN Project>
[TAP-Win32 Adapter V8 / tap0801][Stopped/Manual Start]
<system32\DRIVERS\tap0801.sys><The OpenVPN Project>
[Ovladač protokolu TCP/IP / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[VIA AGP Filter / viaagp1][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[viamraid / viamraid][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[Dálnopisný kodek světového standardu / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
==================================
Browser Add-ons
[XTTBPos00 Class]
{055FD26D-3A88-4e15-963D-DC8493744B1D} <C:\Program Files\ICQToolbar\toolbaru.dll, IE Toolbar>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[GetRight IE Download Helper]
{31FF080D-12A3-439A-A2EF-4BA95A3148E8} <C:\Program Files\GetRight\xx2gr.dll, Headlight Software, Inc.>
[Megaupload Toolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} <C:\PROGRA~1\MegauploadToolbar\MEGAUP~1.DLL, MEGAUPLOAD>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[&Zdroje informací]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[ICQ Lite]
{B863453A-26C3-4e1f-A54D-A2CD196348E9} <C:\Program Files\ICQLite\ICQLite.exe, ICQ Ltd.>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <, N/A>
[]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[ICQ6]
{E59EB121-F339-4851-A3BA-FE49C35617C2} <C:\Program Files\ICQ6\ICQ.exe, ICQ, Inc.>
[ICQ Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} <C:\Program Files\ICQToolbar\toolbaru.dll, IE Toolbar>
[Megaupload Toolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} <C:\PROGRA~1\MegauploadToolbar\MEGAUP~1.DLL, MEGAUPLOAD>
[Windows Live Safety Center Base Module]
{5ED80217-570B-4DA9-BF44-BE107C0EC166} <C:\WINDOWS\Downloaded Program Files\wlscBase.dll, Microsoft Corporation>
[PhotoUploader Control]
{5F509E42-537E-482B-B66C-145BC170054C} <C:\WINDOWS\DOWNLO~1\FotoStarPhotoUploader.dll, >
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <, N/A>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Computer, Inc.>
[XTTBPos00 Class]
{055FD26D-3A88-4E15-963D-DC8493744B1D} <C:\Program Files\ICQToolbar\toolbaru.dll, IE Toolbar>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\MSHTML.DLL, N/A>
[GetRight IE Download Helper]
{31FF080D-12A3-439A-A2EF-4BA95A3148E8} <C:\Program Files\GetRight\xx2gr.dll, Headlight Software, Inc.>
[Megaupload Toolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} <C:\PROGRA~1\MegauploadToolbar\MEGAUP~1.DLL, MEGAUPLOAD>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\SHDOCVW.DLL, N/A>
[Windows Live Safety Center Base Module]
{5ED80217-570B-4DA9-BF44-BE107C0EC166} <C:\WINDOWS\Downloaded Program Files\wlscBase.dll, Microsoft Corporation>
[PhotoUploader Control]
{5F509E42-537E-482B-B66C-145BC170054C} <C:\WINDOWS\DOWNLO~1\FotoStarPhotoUploader.dll, >
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[ICQ Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} <C:\Program Files\ICQToolbar\toolbaru.dll, IE Toolbar>
[Webový prohlížeč společnosti Microsoft]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\SHDOCVW.DLL, Microsoft Corporation>
[Windows Live Safety Center Control Module]
{8E5C8BEE-1887-414C-8AC9-7C3951F28476} <C:\Program Files\Windows Live Safety Center\wlscCtrl.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\SHDOCVW.DLL, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <, N/A>
[&Download All by FlashGet]
<8ED06-7D47-4AFC-AB38-6053ECDC0AD8}, N/A>
[&Download using FlashGet]
<, N/A>
[Download with GetRight Pro]
<C:\Program Files\GetRight\GRdownload.htm, N/A>
[E&xportovat do aplikace Microsoft Excel]
<res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000, N/A>
[Open with GetRight Pro Browser]
<C:\Program Files\GetRight\GRbrowse.htm, N/A>
==================================
Running Processes
[PID: 752][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 792][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1208][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\BROWSEUI.dll] [Společnost Microsoft, 6.00.2900.3086 (xpsp_sp2_gdr.070218-2314)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NETSHELL.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\stobject.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\GetRight\xx2gr.dll] [Headlight Software, Inc., 6.1a]
[C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll] [Nero AG, 2, 0, 0, 8]
[C:\Program Files\Common Files\Ahead\Lib\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.9.2006121800]
[C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0]
[C:\WINDOWS\system32\mydocs.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 608][C:\Program Files\Eset\nod32kui.exe] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\nod32rui.dll] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Eset\pu_amon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_amon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pu_dmon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_dmon.dll] [N/A, ]
[C:\Program Files\Eset\pu_emon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_emon.dll] [N/A, ]
[C:\Program Files\Eset\pu_imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\Program Files\Eset\pu_nod32.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pu_upd.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_upd.dll] [N/A, ]
[PID: 648][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 704][C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] [Safer Networking Limited, 1, 4, 0, 2]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Spybot - Search & Destroy\advcheck.dll] [Safer Networking Limited, 1, 5, 3, 0]
[PID: 1632][C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe] [Nero AG, 1, 5, 0, 18]
[C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Common Files\Ahead\Lib\AdvrCntr2.dll] [Nero AG, 5,10,1, 8600]
[C:\WINDOWS\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll] [Nero AG, 1, 5, 0, 18]
[C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll] [Nero AG, 1, 5, 0, 18]
[PID: 2080][C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe] [Nero AG, 1, 5, 0, 18]
[C:\Program Files\Common Files\Ahead\Lib\NMSQLDB.dll] [Nero AG, 1, 5, 0, 18]
[C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Common Files\Ahead\Lib\NMLogCxx.dll] [Nero AG, 1, 5, 0, 18]
[C:\Program Files\Common Files\Ahead\Lib\log4cxx.dll] [Nero AG, 1, 0, 0, 0]
[C:\WINDOWS\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Common Files\Ahead\Lib\NMCoFoundation.dll] [Nero AG, 1, 5, 0, 18]
[C:\Program Files\Common Files\Ahead\Lib\NMPluginBase.dll] [Nero AG, 1, 5, 0, 18]
[C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll] [Nero AG, 1, 5, 0, 18]
[C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll] [Nero AG, 1, 5, 0, 18]
[PID: 3076][C:\Documents and Settings\Admin.HOME\Plocha\Udržba počitače\NESPOUSTEJ !!!\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\WINDOWS\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /s]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS Error. [NOTEPAD.EXE %1]
.JS Error. [NOTEPAD.EXE %1]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock Provider
NOD32 protected [MSAFD Tcpip [TCP/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [UDP/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [RAW/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP UDP Service Provider]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP TCP Service Provider]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
==================================
Autorun.Inf
N/A
==================================
HOSTS File
127.0.0.1 localhost
==================================
API HOOK
N/A
==================================
Hidden Process
N/A
==================================
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
-
jirka.habrun
- Level 1.5
- Příspěvky: 131
- Registrován: květen 07
- Pohlaví:
- Stav:
Offline
tady posilam log z process z ice swordu
Process:
System Idle Process
System
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ESET\nod32kui.exe
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\alg.exe
C:\Documents and Settings\Admin.HOME\Plocha\Udr§ba poźitaźe\NESPOUSTEJ !!!\ice sword\IceSword.exe
a tady z kernel module
Kernel Module:
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
sptd.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SPTDDRV1.SYS
ACPI.sys
pci.sys
isapnp.sys
avgarkt.sys
sojubus.sys
viaide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
sfsync02.sys
VolSnap.sys
viamraid.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
sojuscsi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
inspect.sys
\WINDOWS\System32\DRIVERS\NDIS.SYS
viaagp1.sys
sfvfs02.sys
sfhlp02.sys
sfhlp01.sys
sfdrv01.sys
prosync1.sys
prohlp02.sys
Mup.sys
gagp30kx.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\lvcap138.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\irsir.sys
\SystemRoot\system32\DRIVERS\irenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\gameenum.sys
\SystemRoot\system32\drivers\msmpu401.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\drivers\cmuda.sys
\SystemRoot\system32\DRIVERS\fetnd5b.sys
\SystemRoot\System32\Drivers\aepztcdw.SYS
\SystemRoot\system32\DRIVERS\AmdK8.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\rasirda.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\tapdrvr.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\lvtuner.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\DRIVERS\AvgArCln.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\DRIVERS\cmdmon.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\WINDOWS\system32\SAVRKBootTasks.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\System32\drivers\prodrv06.sys
\SystemRoot\system32\drivers\nod32drv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\system32\DRIVERS\irda.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\drivers\amon.sys
\??\C:\WINDOWS\system32\drivers\hardlock.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\secdrv.sys
\SystemRoot\System32\Drivers\IsDrv120.sys
\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\DRIVERS\atapi.sys
a ze start up
Startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
nod32kui
"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LXBXCATS
rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
SpybotSD TeaTimer
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
desktop.ini
C:\Documents and Settings\Admin.HOME\Nabídka Start\Programy\Po spuštění
desktop.ini
poradte co s tim C:\WINDOWS\system32\wybeg.tmp
nemuzu ho najit
sem nechazzkontrolovat na http://virusscan.jotti.org/ a http://scanner.virus.org/ C:\DOCUME~1\ADMIN~1.HOM\LOCALS~1\Temp\FVJMK.exe
C:\DOCUME~1\ADMIN~1.HOM\LOCALS~1\Temp\IZJEDYPNYZJSXADU.exe
a pisou mi ze ten soubor ma 0 bite a ze neexistuje
Process:
System Idle Process
System
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ESET\nod32kui.exe
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\alg.exe
C:\Documents and Settings\Admin.HOME\Plocha\Udr§ba poźitaźe\NESPOUSTEJ !!!\ice sword\IceSword.exe
a tady z kernel module
Kernel Module:
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
sptd.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SPTDDRV1.SYS
ACPI.sys
pci.sys
isapnp.sys
avgarkt.sys
sojubus.sys
viaide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
sfsync02.sys
VolSnap.sys
viamraid.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
sojuscsi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
inspect.sys
\WINDOWS\System32\DRIVERS\NDIS.SYS
viaagp1.sys
sfvfs02.sys
sfhlp02.sys
sfhlp01.sys
sfdrv01.sys
prosync1.sys
prohlp02.sys
Mup.sys
gagp30kx.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\lvcap138.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\irsir.sys
\SystemRoot\system32\DRIVERS\irenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\gameenum.sys
\SystemRoot\system32\drivers\msmpu401.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\drivers\cmuda.sys
\SystemRoot\system32\DRIVERS\fetnd5b.sys
\SystemRoot\System32\Drivers\aepztcdw.SYS
\SystemRoot\system32\DRIVERS\AmdK8.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\rasirda.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\tapdrvr.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\lvtuner.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\DRIVERS\AvgArCln.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\DRIVERS\cmdmon.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\WINDOWS\system32\SAVRKBootTasks.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\System32\drivers\prodrv06.sys
\SystemRoot\system32\drivers\nod32drv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\system32\DRIVERS\irda.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\drivers\amon.sys
\??\C:\WINDOWS\system32\drivers\hardlock.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\secdrv.sys
\SystemRoot\System32\Drivers\IsDrv120.sys
\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\DRIVERS\atapi.sys
a ze start up
Startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
nod32kui
"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LXBXCATS
rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
SpybotSD TeaTimer
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
desktop.ini
C:\Documents and Settings\Admin.HOME\Nabídka Start\Programy\Po spuštění
desktop.ini
poradte co s tim C:\WINDOWS\system32\wybeg.tmp
nemuzu ho najit
sem nechazzkontrolovat na http://virusscan.jotti.org/ a http://scanner.virus.org/ C:\DOCUME~1\ADMIN~1.HOM\LOCALS~1\Temp\FVJMK.exe
C:\DOCUME~1\ADMIN~1.HOM\LOCALS~1\Temp\IZJEDYPNYZJSXADU.exe
a pisou mi ze ten soubor ma 0 bite a ze neexistuje
Tentokrát si stáhni OTMoveIt a spusť ho.
Do levého sloupce zkopíruj tento tučně označený text:
C:\DOCUME~1\ADMIN~1.HOM\LOCALS~1\Temp\FVJMK.exe
C:\DOCUME~1\ADMIN~1.HOM\LOCALS~1\Temp\IZJEDYPNYZJSXADU.exe
C:\WINDOWS\system32\wybeg.tmp
Poté až to zkopíruješ tak klikni na MoveIt!
Je možné, že bude nutné restartovat PC. Pokud si to program vyžádá tak potvrď restart.
Poté sem zkopíruj log ze složky _OTMoveIt.
Toto nechej zkontrolovat na Virustotalu:
%SystemRoot%\System32\Drivers\aepztcdw.SYS
A zkopíruj sem výsledky.
Jinak souhlasím s Baronem Prášilem tato knihovna se mi také nelíbí:
C:\WINDOWS\system32\bcae_s.dll
Do levého sloupce zkopíruj tento tučně označený text:
C:\DOCUME~1\ADMIN~1.HOM\LOCALS~1\Temp\FVJMK.exe
C:\DOCUME~1\ADMIN~1.HOM\LOCALS~1\Temp\IZJEDYPNYZJSXADU.exe
C:\WINDOWS\system32\wybeg.tmp
Poté až to zkopíruješ tak klikni na MoveIt!
Je možné, že bude nutné restartovat PC. Pokud si to program vyžádá tak potvrď restart.
Poté sem zkopíruj log ze složky _OTMoveIt.
Toto nechej zkontrolovat na Virustotalu:
%SystemRoot%\System32\Drivers\aepztcdw.SYS
A zkopíruj sem výsledky.
Jinak souhlasím s Baronem Prášilem tato knihovna se mi také nelíbí:
C:\WINDOWS\system32\bcae_s.dll
-
jirka.habrun
- Level 1.5
- Příspěvky: 131
- Registrován: květen 07
- Pohlaví:
- Stav:
Offline
takze .....tady je log z move it
File/Folder C:\DOCUME~1\ADMIN~1.HOM\LOCALS~1\Temp\FVJMK.exe not found.
File/Folder C:\DOCUME~1\ADMIN~1.HOM\LOCALS~1\Temp\IZJEDYPNYZJSXADU.exe not found.
C:\WINDOWS\system32\wybeg.tmp moved successfully.
Created on 07.03.2007 09:54:27
%SystemRoot%\System32\Drivers\aepztcdw.SYS jsem nechal zkontrolovat na http://www.virustotal.com/en/indexf.html
a napsalo to 0 bytes size received / Se ha recibido un archivo vacio
a co mam teda delat s C:\WINDOWS\system32\bcae_s.dll?
File/Folder C:\DOCUME~1\ADMIN~1.HOM\LOCALS~1\Temp\FVJMK.exe not found.
File/Folder C:\DOCUME~1\ADMIN~1.HOM\LOCALS~1\Temp\IZJEDYPNYZJSXADU.exe not found.
C:\WINDOWS\system32\wybeg.tmp moved successfully.
Created on 07.03.2007 09:54:27
%SystemRoot%\System32\Drivers\aepztcdw.SYS jsem nechal zkontrolovat na http://www.virustotal.com/en/indexf.html
a napsalo to 0 bytes size received / Se ha recibido un archivo vacio
a co mam teda delat s C:\WINDOWS\system32\bcae_s.dll?
-
jirka.habrun
- Level 1.5
- Příspěvky: 131
- Registrován: květen 07
- Pohlaví:
- Stav:
Offline
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 6 hostů