pls kontrola logu asi trojan

Baron Prášil · Příspěvekod **Baron Prášil** » 03 črc 2007 12:27

sakiri píše:
Jinak ještě jsi neodpověděl na otázku.

sakiri píše:A kde ti Nod nahlásil ty viry?

asi ho budeme muset mučit!!

(sorry na log nemam čas)

Reklama

sakiri · Příspěvekod **sakiri** » 03 črc 2007 12:34

Stáhni si Avenger spusť ho pod účtem administrátora.

Zaškrtni volbu - Input script manually a klikni na ikonku lupy vyskočí prázdné okno kam zkopíruj ten tučně označený text:
Drivers to unload:
oreans32

Files to delete:
C:\WINDOWS\system32\svcost.exe
C:\WINDOWS\system32\drivers\oreans32.sys

Folders to delete:
C:\WINDOWS\AUTOLO~1

A klikni na Done.
Poté klikni na ikonku Semafory.

Vyskočí hláška kde odklikni Yes poté další hláška kde odklikni Yes.
PC se 2krát restartuje.Po těch 2 restartech by ti měl "vyběhnout" log z Avengeru tak ho sem zkopíruj.

Poté tě poprosím o tyto logy:
Stáhni si a spusť IceSword
Klikni vpravo na Kernel Module a poté nahoře klikni na tlačítko Log a uložíš ho a poté sem zkopíruješ celý obsah toho uloženého logu.

Stáhni si SilentRunners. Rozbal ho do vlastní složky. Poté ho spusť po tak 1 minutě se ukáže hláška o ukončení generování logu (na tu hlášku musíš počkat). A pak zkopíruj celý obsah toho logu sem.

+ samozřejmě nový log z Combofixu.

zao · Příspěvekod **zao** » 03 črc 2007 16:42

Avanger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bhewmmqy

*******************

Script file located at: \??\C:\asgpraba.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\svcost.exe not found!
Deletion of file C:\WINDOWS\system32\svcost.exe failed!

Could not process line:
C:\WINDOWS\system32\svcost.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\oreans32.sys deleted successfully.

Folder C:\WINDOWS\AUTOLO~1 not found!
Deletion of folder C:\WINDOWS\AUTOLO~1 failed!

Could not process line:
C:\WINDOWS\AUTOLO~1
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

zao · Příspěvekod **zao** » 03 črc 2007 16:48

IceSword:

Kernel Module:

\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
sptd.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SCSIPORT.SYS
ACPI.sys
pci.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
ejobedel.sys
sfsync03.sys
VolSnap.sys
atapi.sys
nvata.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
inspect.sys
\WINDOWS\System32\DRIVERS\NDIS.SYS
speedfan.sys
sfhlp02.sys
sfdrv01a.sys
sfdrv01.sys
Mup.sys
giveio.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\AmdK8.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\ALCXWDM.SYS
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\nvnetbus.sys
\SystemRoot\system32\DRIVERS\NVNRM.SYS
\SystemRoot\system32\DRIVERS\NVSNPU.SYS
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\Drivers\a5kqhfac.SYS
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\VMNetSrv.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\NVENETFD.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\cmdmon.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\??\C:\WINDOWS\system32\Drivers\vmm.sys
\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nod32drv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_nvata.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\drivers\amon.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\IsDrv120.sys
\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\giveio.sys
C:\WINDOWS\system32\speedfan.sys

zao · Příspěvekod **zao** » 03 črc 2007 16:50

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"ICQ" = ""C:\Program Files\ICQ6\ICQ.exe" silent" ["ICQ, Inc."]
"OEXPRESS" = "(empty string)" [file not found]
"WEBTRAN" = "(empty string)" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"SpywareTerminator" = ""C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"" ["Crawler.com"]
"BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS]
"GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS]
"THGuard" = ""C:\Program Files\TrojanHunter 4.6\THGuard.exe"" ["Mischel Internet Security"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"amd_dc_opt" = "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" ["AMD"]
"COMODO Firewall Pro" = ""C:\Program Files\Comodo\Firewall\CPF.exe" /background" ["COMODO"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{055FD26D-3A88-4e15-963D-DC8493744B1D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "XTTBPos00 Class"
\InProcServer32\(Default) = "C:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Podpora odkazu pro Adobe PDF Reader"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}\(Default) = (no title provided)
-> {HKLM...CLSID} = "WebTransBHO Class"
\InProcServer32\(Default) = "C:\WINDOWS\WebIE.dll" [null data]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Megaupload Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Kwyshell MidpX"
\InProcServer32\(Default) = "C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll" ["Kwyshell G.Corp"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozšíření ikony programu HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{5E6AB780-7743-11CF-A12B-00AA004AE837}" = "Panel nástrojů Microsoft pro síť Internet"
-> {HKLM...CLSID} = "Panel nástrojů Microsoft pro síť Internet"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}" = "Stav stahování"
-> {HKLM...CLSID} = "Stav stahování"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}" = "Rozšířená složka prostředí"
-> {HKLM...CLSID} = "Rozšířená složka prostředí"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{6413BA2C-B461-11d1-A18A-080036B11A03}" = "Augmented Shell Folder 2"
-> {HKLM...CLSID} = "Augmented Shell Folder 2"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}" = "BandProxy"
-> {HKLM...CLSID} = "BandProxy"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}" = "Microsoft BrowserBand"
-> {HKLM...CLSID} = "Microsoft BrowserBand"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{30D02401-6A81-11d0-8274-00C04FD5AE38}" = "Search Band"
-> {HKLM...CLSID} = "Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}" = "Vyhledávat v podokně"
-> {HKLM...CLSID} = "Vyhledávat v podokně"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{07798131-AF23-11d1-9111-00A0C98BA67D}" = "Hledání na webu"
-> {HKLM...CLSID} = "Hledání na webu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}" = "Nástroj možností registrového stromu"
-> {HKLM...CLSID} = "Nástroj možností registrového stromu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}" = "&Adresa"
-> {HKLM...CLSID} = "&Adresa"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{A08C11D2-A228-11d0-825B-00AA005B4383}" = "Textové pole adresy"
-> {HKLM...CLSID} = "Textové pole adresy"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{00BB2763-6A77-11D0-A535-00C04FD7D062}" = "Automatické dokončování Microsoft"
-> {HKLM...CLSID} = "Automatické dokončování Microsoft"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{7376D660-C583-11d0-A3A5-00C04FD706EC}" = "TridentImageExtractor"
-> {HKLM...CLSID} = "TridentImageExtractor"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{6756A641-DE71-11d0-831B-00AA005B4383}" = "Automaticky dokončovaný seznam MRU"
-> {HKLM...CLSID} = "Automaticky dokončovaný seznam MRU"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}" = "Custom MRU AutoCompleted List"
-> {HKLM...CLSID} = "Custom MRU AutoCompleted List"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{7e653215-fa25-46bd-a339-34a2790f3cb7}" = "Přístupný"
-> {HKLM...CLSID} = "Přístupný"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{acf35015-526e-4230-9596-becbe19f0ac9}" = "Track Popup Bar"
-> {HKLM...CLSID} = "Track Popup Bar"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{00BB2764-6A77-11D0-A535-00C04FD7D062}" = "Automaticky dokončovaný seznam historie"
-> {HKLM...CLSID} = "Automaticky dokončovaný seznam historie"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{03C036F1-A186-11D0-824A-00AA005B4383}" = "Automaticky se doplňující seznam složky prostředí společnosti Microsoft"
-> {HKLM...CLSID} = "Automaticky se doplňující seznam složky prostředí společnosti Microsoft"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{00BB2765-6A77-11D0-A535-00C04FD7D062}" = "Kontejner automatického dokončování více seznamů"
-> {HKLM...CLSID} = "Kontejner automatického dokončování více seznamů"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}" = "Nabídka serveru pruhu prostředí"
-> {HKLM...CLSID} = "Nabídka serveru pruhu prostředí"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}" = "Panel plochy aplikací prostředí"
-> {HKLM...CLSID} = "Panel plochy aplikací prostředí"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}" = "Panel plochy prostředí"
-> {HKLM...CLSID} = "Panel plochy prostředí"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}" = "Shell Rebar BandSite"
-> {HKLM...CLSID} = "Shell Rebar BandSite"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}" = "Asistence uživatele"
-> {HKLM...CLSID} = "Asistence uživatele"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}" = "Globální nastavení složek"
-> {HKLM...CLSID} = "Globální nastavení složek"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{BD88A479-9623-4897-8546-BC62B9628F44}" = "SPTHandler"
-> {HKLM...CLSID} = "SPTHandler"
\InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]
"{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"
-> {HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll" ["Revenger inc."]
"{8932AEFE-9DB6-4f43-AFB2-5682F55E773A}" = "VPCHostCopyHook"
-> {HKCU...CLSID} = "VPCHostCopyHook"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Virtual PC\VPCShExH.DLL" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
-> {HKLM...CLSID} = "Groove Folder Synchronization"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
-> {HKLM...CLSID} = "Groove XML Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL" [MS]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" = "TrojanHunter Menu Shell Extension"
-> {HKLM...CLSID} = "TrojanHunter Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.6\contmenu.dll" [null data]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{0561EC90-CE54-4f0c-9C55-E226110A740C}" = "Haali Column Provider"
-> {HKLM...CLSID} = "Haali Column Provider"
\InProcServer32\(Default) = "C:\Program Files\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
<<!>> "{438755C2-A8BA-11D1-B96B-00A0C90312E1}" = "Browseui preloader"
-> {HKLM...CLSID} = "Browseui preloader"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
<<!>> "{8C7461EF-2B13-11d2-BE35-3078302C2030}" = "Proces mezipaměti kategorií součástí"
-> {HKLM...CLSID} = "Proces mezipaměti kategorií součástí"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"| [file not found]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{0561EC90-CE54-4f0c-9C55-E226110A740C}\(Default) = "Haali Column Provider"
-> {HKLM...CLSID} = "Haali Column Provider"
\InProcServer32\(Default) = "C:\Program Files\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll" [null data]
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AIMPClassic\(Default) = "{1F77B17B-F531-44DB-ACA4-76ABB5010A28}"
-> {HKLM...CLSID} = "AIMP Classic Shell"
\InProcServer32\(Default) = "C:\PROGRA~1\AIMPCL~1\System\AIMP_S~1.DLL" ["Artem Izmaylov"]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {HKLM...CLSID} = "TrojanHunter Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.6\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AIMPClassic\(Default) = "{1F77B17B-F531-44DB-ACA4-76ABB5010A28}"
-> {HKLM...CLSID} = "AIMP Classic Shell"
\InProcServer32\(Default) = "C:\PROGRA~1\AIMPCL~1\System\AIMP_S~1.DLL" ["Artem Izmaylov"]
CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"
-> {HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll" ["Revenger inc."]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {HKLM...CLSID} = "TrojanHunter Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.6\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {HKLM...CLSID} = "TrojanHunter Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.6\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}"
-> {HKLM...CLSID} = "SPTHandler"
\InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "%APPDATA%\Mozilla\Firefox\Pozadí plochy.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\AMD X2\Data aplikací\Mozilla\Firefox\Pozadí plochy.bmp"

Startup items in "AMD X2" & "All Users" startup folders:
--------------------------------------------------------

C:\Documents and Settings\AMD X2\Nabídka Start\Programy\Po spuštění
"HDDlife" -> shortcut to: "C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe" ["BinarySense, Inc."]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Adobe Reader Synchronizer" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe" [null data]

Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 11
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 26
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}"
-> {HKLM...CLSID} = "Kwyshell MidpX"
\InProcServer32\(Default) = "C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll" ["Kwyshell G.Corp"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"
-> {HKLM...CLSID} = "Megaupload Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"]
"{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}"
-> {HKLM...CLSID} = "Kwyshell MidpX"
\InProcServer32\(Default) = "C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll" ["Kwyshell G.Corp"]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided)
-> {HKLM...CLSID} = "Megaupload Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"]
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = (no title provided)
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]
"{BFC32E1D-EE75-4A48-BC60-104E11EE2431}" = "WebTranslator"
-> {HKLM...CLSID} = "WebTranslator"
\InProcServer32\(Default) = "C:\WINDOWS\WebIE.dll" [null data]
"{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}" = "Kwyshell MidpX"
-> {HKLM...CLSID} = "Kwyshell MidpX"
\InProcServer32\(Default) = "C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll" ["Kwyshell G.Corp"]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Zdroje informací"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_01"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "Odeslat do aplikace OneNote"
"MenuText" = "Od&eslat do aplikace OneNote"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll" [MS]

{7E6A20FB-153F-402C-A84B-1A64E1955D3D}\
"ButtonText" = "WebTran"
"CLSIDExtension" = "{7E6A20FB-153F-402c-A84B-1A64E1955D3D}"
-> {HKLM...CLSID} = "ToolBarButton Class"
\InProcServer32\(Default) = "C:\WINDOWS\WebIE.dll" [null data]

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Program Files\ICQLite\ICQLite.exe" [file not found]

{BFC32E1D-EE75-4A48-BC60-104E11EE2431}\

{CC963627-B1DC-40E0-B52A-CF21EE748449}\
"MenuText" = "&Nastavit překladač"
"CLSIDExtension" = "{CC963627-B1DC-40E0-B52A-CF21EE748449}"
-> {HKLM...CLSID} = "MenuItem3 Class"
\InProcServer32\(Default) = "C:\WINDOWS\WebIE.dll" [null data]

{CC963627-B1DC-40E0-B52A-CF21EE748450}\
"MenuText" = "&Slovník"
"CLSIDExtension" = "{CC963627-B1DC-40E0-B52A-CF21EE748450}"
-> {HKLM...CLSID} = "MenuItem4 Class"
\InProcServer32\(Default) = "C:\WINDOWS\WebIE.dll" [null data]

{CC963627-B1DC-40E0-B52A-CF21EE748451}\
"MenuText" = "Přeložit &označený text"
"CLSIDExtension" = "{CC963627-B1DC-40E0-B52A-CF21EE748451}"
-> {HKLM...CLSID} = "MenuItem2 Class"
\InProcServer32\(Default) = "C:\WINDOWS\WebIE.dll" [null data]

{CC963627-B1DC-40E0-B52A-CF21EE748452}\
"MenuText" = "Přeložit &stránku"
"CLSIDExtension" = "{CC963627-B1DC-40E0-B52A-CF21EE748452}"
-> {HKLM...CLSID} = "MenuItem1 Class"
\InProcServer32\(Default) = "C:\WINDOWS\WebIE.dll" [null data]

{E59EB121-F339-4851-A3BA-FE49C35617C2}\
"ButtonText" = "ICQ6"
"MenuText" = "ICQ6"
"Exec" = "C:\Program Files\ICQ6\ICQ.exe" ["ICQ, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{855F3B16-6D32-4fe6-8A56-BBB695989046}" = (no title provided)
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]
<<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "*x" (unwritable string)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}
Comodo Application Agent, CmdAgent, "C:\Program Files\Comodo\Firewall\cmdagent.exe" ["COMODO"]
HDDlife HDD Access service, HDDlife HDD Access service, ""C:\Program Files\BinarySense\HDDlife 3\hldasvc.exe"" ["BinarySense, Inc."]
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Spyware Terminator Realtime Shield Service, sp_rssrv, "C:\Program Files\Spyware Terminator\sp_rsser.exe" ["Crawler.com"]

----------
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 36 seconds, including 5 seconds for message boxes)

zao · Příspěvekod **zao** » 03 črc 2007 16:54

ComboFix:

"AMD X2" - 2007-07-03 16:52:11 Service Pack 2
ComboFix 07-05.07.3.V - Running from: "C:\Documents and Settings\AMD X2\Plocha\Odźervĺovaźe\"

((((((((((((((((((((((((((((((( Files Created from 2007-06-03 to 2007-07-03 ))))))))))))))))))))))))))))))))))

2007-07-03 16:41 <DIR> d-------- C:\avenger
2007-07-03 11:43 <DIR> d-------- C:\WINDOWS\Performance
2007-07-03 11:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Microsoft Corporation
2007-07-03 11:29 <DIR> d-------- C:\Program Files\NovaTech Network
2007-07-03 11:24 <DIR> d-------- C:\Program Files\BinarySense
2007-07-03 11:24 <DIR> d-------- C:\DOCUME~1\AMDX2~1\DATAAP~1\BinarySense
2007-07-01 10:25 <DIR> d-------- C:\DOCUME~1\AMDX2~1\DATAAP~1\Comodo
2007-07-01 10:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Comodo
2007-07-01 10:23 <DIR> d-------- C:\Program Files\Comodo
2007-07-01 09:49 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-06-27 20:21 33,280 --a------ C:\WINDOWS\system32\drivers\AmdLLD.sys
2007-06-22 13:55 <DIR> d-------- C:\Program Files\SpeedFan
2007-06-18 17:06 <DIR> d-------- C:\Program Files\AIMP Classic
2007-06-12 19:42 <DIR> d-------- C:\Program Files\WinAVIVideoConverter
2007-06-10 20:04 <DIR> d-------- C:\Program Files\ICQ6
2007-06-10 18:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Yahoo! Companion
2007-06-10 18:36 <DIR> d-------- C:\Program Files\RegCleaner
2007-06-09 22:05 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-06-09 22:04 <DIR> d-------- C:\Program Files\Avi2Dvd
2007-06-09 21:34 <DIR> d-------- C:\Program Files\Free Windows Registry Cleaner
2007-06-09 21:34 <DIR> d-------- C:\Program Files\Error Repair Pro
2007-06-09 21:29 <DIR> d-------- C:\Program Files\Yahoo!
2007-06-09 21:29 <DIR> d-------- C:\Program Files\CCleaner
2007-06-03 18:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\nView_Profiles
2007-06-03 16:53 <DIR> d-------- C:\DOCUME~1\AMDX2~1\DATAAP~1\Nokia Multimedia Player

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-03 14:53:17 -------- d-----w C:\DOCUME~1\AMDX2~1\DATAAP~1.\Skype
2007-07-03 09:47:00 -------- d-----w C:\Program Files\ICQToolbar
2007-07-03 09:24:18 -------- d-----w C:\DOCUME~1\AMDX2~1\DATAAP~1.\BinarySense
2007-07-03 08:22:04 -------- d-----w C:\Program Files\Spyware Terminator
2007-07-02 08:03:13 -------- d-----w C:\DOCUME~1\AMDX2~1\DATAAP~1.\Nokia Multimedia Player
2007-07-01 08:25:12 -------- d-----w C:\DOCUME~1\AMDX2~1\DATAAP~1.\Comodo
2007-06-29 19:12:40 -------- d-----w C:\DOCUME~1\AMDX2~1\DATAAP~1.\Hamachi
2007-06-28 11:54:06 -------- d-----w C:\Program Files\Counter-Strike 1.6
2007-06-27 18:21:01 -------- d-----w C:\Program Files\AMD
2007-06-27 16:10:14 -------- d-----w C:\DOCUME~1\AMDX2~1\DATAAP~1.\Azureus
2007-06-26 17:01:35 -------- d-----w C:\Program Files\WinClamAVShield
2007-06-20 18:28:09 -------- d-----w C:\DOCUME~1\AMDX2~1\DATAAP~1.\Nokia
2007-06-15 11:29:08 63,864 ----a-w C:\WINDOWS\system32\perfc005.dat
2007-06-15 11:29:08 384,224 ----a-w C:\WINDOWS\system32\perfh005.dat
2007-06-10 18:05:27 -------- d-----w C:\Program Files\ICQLite
2007-06-10 18:05:05 -------- d-----w C:\DOCUME~1\AMDX2~1\DATAAP~1.\ICQ
2007-06-09 19:10:38 -------- d-----w C:\Program Files\Codemasters
2007-06-02 20:58:59 -------- d-----w C:\Program Files\Common Files\Symbian
2007-06-02 20:58:58 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-02 20:58:58 -------- d-----w C:\Program Files\Symbian OS Tools
2007-06-01 18:46:25 -------- d-----w C:\DOCUME~1\AMDX2~1\DATAAP~1.\Datalayer
2007-06-01 18:44:51 -------- d-----w C:\Program Files\Nokia
2007-06-01 18:41:02 -------- d-----w C:\Program Files\DIFX
2007-06-01 18:40:46 -------- d-----w C:\Program Files\Common Files\PCSuite
2007-06-01 18:40:46 -------- d-----w C:\Program Files\Common Files\Nokia
2007-06-01 18:40:33 -------- d-----w C:\DOCUME~1\AMDX2~1\DATAAP~1.\PC Suite
2007-06-01 12:02:59 -------- d-----w C:\Program Files\Kwyshell
2007-05-29 12:32:17 -------- d-----w C:\DOCUME~1\AMDX2~1\DATAAP~1.\Help
2007-05-17 15:23:43 -------- d-----w C:\Program Files\URUSoft
2007-05-16 19:14:04 -------- d-----w C:\Program Files\Odigo
2007-05-12 20:31:12 -------- d-----w C:\Program Files\Kerio
2007-05-12 18:00:27 -------- d-----w C:\DOCUME~1\AMDX2~1\DATAAP~1.\Kerio
2007-05-10 10:10:39 -------- d-----w C:\Program Files\Skype
2007-05-10 10:10:38 -------- d-----w C:\Program Files\Common Files\Skype
2007-05-07 08:36:07 491,520 ----a-w C:\WINDOWS\WebIE.dll
2007-05-07 08:36:07 299,008 ----a-w C:\WINDOWS\TrnWord.dll
2007-05-07 08:36:06 352,256 ----a-w C:\WINDOWS\TrnOutl.dll
2007-05-07 08:35:56 189,952 ----a-w C:\WINDOWS\UN32.EXE
2007-05-07 08:06:09 45,056 ----a-w C:\WINDOWS\TRNOEH.DLL
2007-05-07 08:06:09 26,624 ----a-w C:\WINDOWS\OETRN.EXE
2007-05-07 08:06:09 200,704 ----a-w C:\WINDOWS\TRNOET.DLL
2007-05-07 07:27:57 -------- d-----w C:\Program Files\thriXXX
2007-05-06 19:26:07 -------- d-----w C:\Program Files\Azureus
2007-05-05 20:07:11 -------- d-----w C:\Program Files\Common Files\NSV
2007-05-04 12:10:31 -------- d-----w C:\DOCUME~1\AMDX2~1\DATAAP~1.\Ulead Systems
2007-05-04 12:02:15 -------- d-----w C:\Program Files\SmartSound Software
2007-05-04 12:01:35 -------- d-----w C:\Program Files\Windows Media Components
2007-05-04 12:00:49 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-05-03 10:17:29 -------- d-----w C:\DOCUME~1\AMDX2~1\DATAAP~1.\Ahead
2007-05-02 15:44:39 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-19 11:26:00 888,832 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-04-19 11:26:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-04-19 11:26:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-04-19 11:26:00 794,624 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-04-19 11:26:00 7,700,480 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-04-19 11:26:00 581,632 ----a-w C:\WINDOWS\system32\nvhwvid.dll
2007-04-19 11:26:00 5,644,288 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-04-19 11:26:00 5,619,712 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-04-19 11:26:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-04-19 11:26:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-04-19 11:26:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-04-19 11:26:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-04-19 11:26:00 4,543,616 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-04-19 11:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-04-19 11:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-04-19 11:26:00 311,296 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-04-19 11:26:00 3,035,136 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-04-19 11:26:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-04-19 11:26:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-04-19 11:26:00 212,992 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-04-19 11:26:00 2,924,544 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-04-19 11:26:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-04-19 11:26:00 159,810 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-04-19 11:26:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-04-19 11:26:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-04-19 11:26:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-04-19 11:26:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-04-19 11:26:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-04-19 11:26:00 1,236,992 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-04-19 11:26:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-04-19 11:26:00 1,011,712 ----a-w C:\WINDOWS\system32\nvcpluir.dll
2007-04-04 16:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll
2007-04-04 16:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"="C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
"{055FD26D-3A88-4e15-963D-DC8493744B1D}"="C:\PROGRA~1\ICQTOO~1\toolbaru.dll"
"{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}"="C:\WINDOWS\WebIE.dll"
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"="C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL"
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"="C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}"="C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"SoundMan"="SOUNDMAN.EXE"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"SpywareTerminator"="\"C:\\Program Files\\Spyware Terminator\\SpywareTerminatorShield.exe\""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.6\\THGuard.exe\""
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"amd_dc_opt"="C:\\Program Files\\AMD\\Dual-Core Optimizer\\amd_dc_opt.exe"
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"ICQ"="\"C:\\Program Files\\ICQ6\\ICQ.exe\" silent"
"OEXPRESS"=""
"WEBTRAN"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daemon tools
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
WudfServiceGroup WUDFSvc\0\0
bthsvcs BthServ\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ISDRV120

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-03 16:54:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\Documents and Settings\AMD X2\Dokumenty\ICQ\295578141\ReceivedFiles\293196136 Ondra.....\registrace.txt 88 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1

********************************************************************

Completion time: 2007-07-03 16:54:16
C:\ComboFix-quarantined-files.txt ... 2007-07-03 16:54
C:\ComboFix2.txt ... 2007-07-03 11:41
C:\ComboFix3.txt ... 2007-05-08 18:21

zao · Příspěvekod **zao** » 03 črc 2007 16:57

NOD32 mě našel vir v C:/DOCUME~1/AMD~LOCALS~1/TEMP/svdhost.exe

sakiri · Příspěvekod **sakiri** » 04 črc 2007 21:12

Takže log ze SilentRunners je čistý.A log z ComboFixu je taky čistý.

Tyto soubory nechej zkontrolovat na Virustotalu:
%SystemRoot%\System32\Drivers\a5kqhfac.SYS
ejobedel.sys - tento soubor budeš muset najít.

Pro lepší nalezení si zapni - Zobrazovat skryté a systémové soubory.
a zkopíruj sem výsledky.

Také pročisti systém CCleanerem

pls kontrola logu asi trojan

Kdo je online