Prosím pomožte mi moj Notebook nepracuje ako by mal
Logfile of random's system information tool 1.06 (written by random/random)
Run by Ja at 2010-05-05 16:49:57
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 20 GB (24%) free of 86 GB
Total RAM: 1014 MB (46% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:48, on 5.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\Anton - Krkos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Anton - Krkos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Anton - Krkos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Anton - Krkos\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Anton - Krkos.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://flvdirect.iamwired.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: everyflv - {731b27c2-b765-3637-12c8-14738668792a} - C:\WINDOWS\system32\5-K8CAgA3b.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [svchosts.exe] C:\Documents and Settings\Anton - Krkos\Application Data\Microsoft\svchosts.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Rychlý začátek s aplikací HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002 Cz\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://C:\Program Files\AutoCAD 2002 Cz\AcDcToday.ocx
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Cz\InstBanr.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD 2002 Cz\AcPreview.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
--
End of file - 8378 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{731b27c2-b765-3637-12c8-14738668792a}]
everyflv - C:\WINDOWS\system32\5-K8CAgA3b.dll [2010-04-27 1138688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-14 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-14 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-05-03 458752]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-22 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-22 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-22 118784]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-06-02 61952]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-17 794713]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-06-19 163840]
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2006-06-19 40960]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"Reminder"=C:\Windows\CREATOR\Remind_XP.exe [2006-02-09 643072]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-05-28 528384]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"= []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"svchosts.exe"=C:\Documents and Settings\Anton - Krkos\Application Data\Microsoft\svchosts.exe []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Rychlý začátek s aplikací HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-22 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"EnableLUA"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22fb5613-ec99-11dd-ae17-001a7307f39b}]
shell\AutoRun\command - G:\c2e.exe
shell\open\command - G:\c2e.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{366a5777-21fc-11df-bc95-001a7307f39b}]
shell\AutoRun\command - G:\pccompanion\Startme.exe
shell\menu1\command - G:\pccompanion\Startme.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36a11c28-2c3b-11df-bcb0-001a7307f39b}]
shell\AutoRun\command - H:\idg2.exe
shell\open\command - H:\idg2.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45bf8276-ea0f-11de-bbb5-001636c9d262}]
shell\AutoRun\command - G:\c2e.exe
shell\open\command - G:\c2e.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5580488e-d1d3-11de-8ec0-001a7307f39b}]
shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d417b68-d39c-11de-8eb9-001a7307f39b}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d417b6a-d39c-11de-8eb9-001a7307f39b}]
shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc8b62fc-ec03-11de-bbc7-001636c9d262}]
shell\AutoRun\command - G:\Toshiba\more4you.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e41e83a2-33c2-11df-ad8c-001a7307f39b}]
shell\AutoRun\command - G:\9g86.exe
shell\open\command - G:\9g86.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f42fc2b8-ee00-11de-bbdb-001636c9d262}]
shell\AutoRun\command - G:\c2e.exe
shell\open\command - G:\c2e.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f96e8ec1-2616-11df-bc9c-001a7307f39b}]
shell\AutoRun\command - G:\svchosts.exe
======File associations======
.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 3 months======
2010-05-05 16:49:57 ----D---- C:\rsit
2010-05-05 16:49:57 ----D---- C:\Program Files\trend micro
2010-05-02 13:59:54 ----A---- C:\WINDOWS\system32\-bCiaB-Z-tj8-P.exe
2010-05-01 04:08:10 ----D---- C:\Documents and Settings\Anton - Krkos\Application Data\ESET
2010-05-01 03:56:34 ----A---- C:\WINDOWS\system32\LuResult.txt
2010-04-27 04:10:28 ----A---- C:\WINDOWS\system32\5-K8CAgA3b.dll
2010-04-16 14:55:50 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-04-16 14:55:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-16 14:55:11 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 23:14:37 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 23:14:25 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-14 19:40:49 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2010-04-14 19:40:49 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2010-04-14 19:40:18 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-03 22:45:43 ----D---- C:\Program Files\DVDVIDEOSOFT
2010-04-03 13:10:50 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-03 11:09:13 ----D---- C:\Program Files\ESET
2010-04-03 11:09:13 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2010-04-02 10:24:16 ----SHD---- C:\WINDOWS\ftpcache
2010-03-25 19:17:18 ----D---- C:\Program Files\The KMPlayer
2010-03-20 22:48:44 ----D---- C:\Program Files\Play
2010-03-14 13:19:23 ----D---- C:\WINDOWS\Sun
2010-03-14 13:19:14 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-03-14 13:18:47 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-14 13:18:47 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-14 13:18:47 ----A---- C:\WINDOWS\system32\java.exe
2010-03-14 13:18:47 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-03-14 13:17:15 ----D---- C:\Documents and Settings\Anton - Krkos\Application Data\Sun
2010-03-11 16:36:10 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-09 10:35:45 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-03-06 19:55:54 ----D---- C:\Program Files\TeamViewer
2010-03-05 13:03:33 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-03-04 12:08:30 ----D---- C:\Program Files\directx
2010-03-04 12:08:16 ----D---- C:\WINDOWS\AM
2010-03-04 12:07:46 ----D---- C:\Program Files\Pepa Chytrouš
2010-02-28 13:42:33 ----D---- C:\Program Files\Smart GIF Creator
2010-02-28 13:36:57 ----D---- C:\Program Files\Common Files\Xuisoft
2010-02-25 01:17:11 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-21 18:37:20 ----D---- C:\Program Files\Free YouTube Downloader Converter
2010-02-18 20:54:15 ----D---- C:\Documents and Settings\Anton - Krkos\Application Data\PolyView
2010-02-13 12:52:55 ----D---- C:\Documents and Settings\Anton - Krkos\Application Data\progeSOFT
2010-02-13 12:49:24 ----A---- C:\WINDOWS\system32\cdintf251.dll
2010-02-13 12:46:41 ----A---- C:\WINDOWS\system32\vbar332.dll
2010-02-13 10:43:55 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-11 21:30:36 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2010-02-11 21:30:36 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2010-02-11 21:30:36 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2010-02-11 21:30:35 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2010-02-11 21:30:35 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2010-02-11 21:30:35 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2010-02-11 21:30:35 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2010-02-11 21:30:34 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2010-02-11 21:30:34 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2010-02-11 21:30:34 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2010-02-11 21:30:34 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2010-02-11 21:30:32 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2010-02-11 21:30:26 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2010-02-11 21:30:25 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2010-02-11 21:30:25 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2010-02-11 21:30:25 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2010-02-11 21:30:24 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2010-02-11 21:30:24 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2010-02-11 21:30:23 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2010-02-11 21:30:23 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2010-02-11 21:30:22 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2010-02-11 21:30:18 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2010-02-11 21:30:03 ----A---- C:\WINDOWS\system32\vb40032.dll
2010-02-11 21:25:44 ----D---- C:\Program Files\Common Files\Thraex Software
2010-02-11 14:55:07 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-11 14:54:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-11 14:52:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-11 14:52:31 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-11 14:52:18 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-11 14:52:07 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-11 14:51:54 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-11 14:51:20 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-07 21:12:28 ----D---- C:\Program Files\ICQ7.0
======List of files/folders modified in the last 3 months======
2010-05-05 16:49:57 ----RD---- C:\Program Files
2010-05-05 16:49:53 ----D---- C:\WINDOWS\Prefetch
2010-05-05 15:06:26 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2010-05-05 15:06:18 ----D---- C:\WINDOWS
2010-05-05 15:06:08 ----D---- C:\WINDOWS\Temp
2010-05-05 15:06:08 ----D---- C:\WINDOWS\Registration
2010-05-04 20:16:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-02 13:59:54 ----D---- C:\WINDOWS\system32
2010-05-02 02:08:33 ----D---- C:\Documents and Settings\Anton - Krkos\Application Data\Skype
2010-05-01 04:01:38 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-05-01 04:01:37 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2010-04-30 20:05:25 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-30 19:11:12 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-30 16:49:58 ----D---- C:\Documents and Settings\Anton - Krkos\Application Data\skypePM
2010-04-30 09:12:47 ----D---- C:\Documents and Settings\Anton - Krkos\Application Data\ICQ
2010-04-25 12:41:54 ----SHD---- C:\WINDOWS\Installer
2010-04-25 12:41:27 ----SHD---- C:\Config.Msi
2010-04-25 12:41:26 ----HD---- C:\WINDOWS\inf
2010-04-25 12:41:00 ----D---- C:\WINDOWS\system32\drivers
2010-04-24 19:12:07 ----D---- C:\WINDOWS\CREATOR
2010-04-16 14:55:55 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-04-16 14:55:46 ----A---- C:\WINDOWS\imsins.BAK
2010-04-15 08:41:11 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-03 13:13:14 ----D---- C:\WINDOWS\system32\config
2010-04-02 11:58:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-22 09:56:20 ----A---- C:\WINDOWS\CD-Start.INI
2010-03-20 22:53:33 ----D---- C:\WINDOWS\system32\DirectX
2010-03-16 18:24:30 ----D---- C:\Program Files\YouTube Video Downloader
2010-03-16 18:19:59 ----D---- C:\Program Files\DVDFab 5
2010-03-16 18:19:57 ----D---- C:\Documents and Settings\Anton - Krkos\Application Data\Vso
2010-03-16 18:19:56 ----A---- C:\Documents and Settings\Anton - Krkos\Application Data\inst.exe
2010-03-14 13:19:13 ----D---- C:\Program Files\Common Files\Java
2010-03-14 13:18:29 ----D---- C:\Program Files\Java
2010-03-11 16:36:16 ----D---- C:\Program Files\Movie Maker
2010-03-09 21:24:27 ----SD---- C:\Documents and Settings\Anton - Krkos\Application Data\Microsoft
2010-03-09 13:09:18 ----A---- C:\WINDOWS\system32\vbscript.dll
2010-03-06 20:59:15 ----D---- C:\WINDOWS\ehome
2010-03-06 15:38:36 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-06 15:37:30 ----HDC---- C:\WINDOWS\$NtUninstallKB925766$
2010-03-01 19:45:37 ----A---- C:\WINDOWS\system.ini
2010-03-01 19:44:51 ----RSD---- C:\WINDOWS\Fonts
2010-03-01 17:57:42 ----A---- C:\WINDOWS\win.ini
2010-02-28 13:36:57 ----D---- C:\Program Files\Common Files
2010-02-26 11:36:21 ----D---- C:\Program Files\Sony Ericsson
2010-02-26 11:36:21 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2010-02-26 10:12:29 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-25 20:00:20 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-22 04:35:16 ----D---- C:\WINDOWS\system32\Restore
2010-02-21 01:14:00 ----D---- C:\Program Files\ABC Transdict
2010-02-21 01:08:33 ----D---- C:\Program Files\Bonjour
2010-02-21 01:05:49 ----SD---- C:\WINDOWS\Tasks
2010-02-21 00:59:52 ----D---- C:\Program Files\EA SPORTS
2010-02-21 00:55:29 ----D---- C:\Program Files\Common Files\Autodesk Shared
2010-02-21 00:55:29 ----D---- C:\Program Files\Autodesk
2010-02-21 00:55:29 ----D---- C:\Documents and Settings\Anton - Krkos\Application Data\Autodesk
2010-02-14 17:26:17 ----D---- C:\WINDOWS\WinSxS
2010-02-14 17:26:17 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-12 06:33:11 ----A---- C:\WINDOWS\system32\6to4svc.dll
2010-02-11 21:30:28 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-11 19:20:48 ----D---- C:\Documents and Settings\Anton - Krkos\Application Data\Adobe
2010-02-07 23:39:26 ----D---- C:\Program Files\ICQ6Toolbar
2010-02-07 21:13:13 ----D---- C:\Documents and Settings\All Users\Application Data\ICQ
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-15 12672]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-04-28 429184]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-04-11 163328]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-06-02 572928]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-04-20 995712]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-04-20 208000]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-22 1166972]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-17 193120]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-04-20 727296]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-12 57320]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-05-26 100992]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETw3x32;Ovladač adaptéru Intel(R) PRO/Wireless 3945ABG pro Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-09-28 1709696]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-12-29 47360]
S3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
S3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]
S3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-01 308992]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 98952]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2006-07-06 47744]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [2001-04-07 32256]
R2 ehRecvr;Služba přijímače aplikace Media Center; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Služba plánování aplikace Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-14 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-05-18 49152]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2009-06-22 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2009-06-22 117248]
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT; C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe [2002-12-17 7520337]
R2 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-12 126976]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-11-21 72704]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT; C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE [2002-12-17 311872]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Mám spomlený PC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Mám spomlený PC
Zdravím, co třeba používat takové základní zabezpečení jako je antivir ?
Tohle fixni v HJT :
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: everyflv - {731b27c2-b765-3637-12c8-14738668792a} - C:\WINDOWS\system32\5-K8CAgA3b.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [svchosts.exe] C:\Documents and Settings\Anton - Krkos\Application Data\Microsoft\svchosts.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HJT najdeš zde :
C:\Program Files\trend micro\Anton - Krkos.exe
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Nakonec použij Mbam z mého podpisu.
Tohle fixni v HJT :
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: everyflv - {731b27c2-b765-3637-12c8-14738668792a} - C:\WINDOWS\system32\5-K8CAgA3b.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [svchosts.exe] C:\Documents and Settings\Anton - Krkos\Application Data\Microsoft\svchosts.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HJT najdeš zde :
C:\Program Files\trend micro\Anton - Krkos.exe
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Nakonec použij Mbam z mého podpisu.
Re: Mám spomlený PC
Strašne moc ti ďakujem a dúfam že už je to ok:) ešte ras moc ďakujem
Re: Mám spomlený PC
Aha, no ja som to ale zatvoril bude sa to niekde nájsť?? Našlo mi to 7 infiltracií, dal som ich do karantény a vymazal.
Re: Mám spomlený PC
Pokud jsi to smazal tak už je to jedno, ono by bylo dobré návody také číst.
Nyní použijeme větší kalibr a ten chyby netoleruje.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci pod účtem s administrátorským oprávněním a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
Nyní použijeme větší kalibr a ten chyby netoleruje.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci pod účtem s administrátorským oprávněním a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
Re: Mám spomlený PC
našiel som to
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4069
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
6.5.2010 19:42:59
mbam-log-2010-05-06 (19-42-59).txt
Typ skenu: Rychlý sken
Skenované objekty: 138719
Uplynulý čas: 1 hodina(y), 9 minuta(y), 54 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 4
Infikované složky: 0
Infikované soubory: 1
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://flvdirect.iamwired.net/) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\Documents and Settings\Anton - Krkos\My Documents\downloads\FLVDirect.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4069
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
6.5.2010 19:42:59
mbam-log-2010-05-06 (19-42-59).txt
Typ skenu: Rychlý sken
Skenované objekty: 138719
Uplynulý čas: 1 hodina(y), 9 minuta(y), 54 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 4
Infikované složky: 0
Infikované soubory: 1
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://flvdirect.iamwired.net/) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\Documents and Settings\Anton - Krkos\My Documents\downloads\FLVDirect.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
Re: Mám spomlený PC
Dúfam že som to urobil správne
ComboFix 10-05-07.07 - Anton - Krkos 08.05.2010 19:24:06.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1014.650 [GMT 2:00]
Running from: C:\Documents and Settings\Anton - Krkos\My Documents\Downloads\ComboFix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Anton - Krkos\Application Data\ezpinst.exe
C:\Documents and Settings\Anton - Krkos\Application Data\inst.exe
D:\0fpdq2dw.exe
D:\df.exe
.
((((((((((((((((((((((((( Files Created from 2010-04-08 to 2010-05-08 )))))))))))))))))))))))))))))))
.
2010-05-05 16:02:29 . 2010-05-05 16:02:29 -------- d-----w- C:\Documents and Settings\Anton - Krkos\Application Data\Malwarebytes
2010-05-05 16:02:21 . 2010-04-29 13:39:38 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-05-05 16:02:20 . 2010-05-05 16:02:24 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-05 16:02:20 . 2010-05-05 16:02:20 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-05-05 16:02:20 . 2010-04-29 13:39:26 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-05-05 14:49:57 . 2010-05-06 18:17:13 -------- d-----w- C:\Program Files\trend micro
2010-05-05 14:49:57 . 2010-05-05 14:54:56 -------- d-----w- C:\rsit
2010-05-02 11:59:54 . 2010-05-02 11:59:54 111747 ----a-w- C:\WINDOWS\system32\-bCiaB-Z-tj8-P.exe
2010-05-01 02:08:10 . 2010-05-01 02:08:10 -------- d-----w- C:\Documents and Settings\Anton - Krkos\Application Data\ESET
2010-04-14 17:40:49 . 2009-12-08 19:26:15 2145280 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe
2010-04-14 17:40:49 . 2009-12-08 18:43:51 2023936 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 08:48:35 . 2010-03-04 10:07:46 -------- d-----w- C:\Program Files\Pepa Chytrouš
2010-05-02 00:08:33 . 2009-12-11 15:04:07 -------- d-----w- C:\Documents and Settings\Anton - Krkos\Application Data\Skype
2010-05-01 02:01:38 . 2007-11-02 01:37:12 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2010-05-01 02:01:37 . 2007-11-02 01:37:03 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Symantec
2010-04-30 14:49:58 . 2009-12-04 21:07:08 -------- d-----w- C:\Documents and Settings\Anton - Krkos\Application Data\skypePM
2010-04-30 07:12:47 . 2010-01-05 12:58:26 -------- d-----w- C:\Documents and Settings\Anton - Krkos\Application Data\ICQ
2010-04-25 12:21:33 . 2010-03-25 17:17:18 -------- d-----w- C:\Program Files\The KMPlayer
2010-04-03 20:45:43 . 2010-04-03 20:45:43 -------- d-----w- C:\Program Files\DVDVIDEOSOFT
2010-04-02 08:14:20 . 2010-02-07 19:12:28 -------- d-----w- C:\Program Files\ICQ7.0
2010-03-20 20:48:44 . 2010-03-20 20:48:44 -------- d-----w- C:\Program Files\Play
2010-03-16 16:24:30 . 2009-12-05 11:37:53 -------- d-----w- C:\Program Files\YouTube Video Downloader
2010-03-16 16:21:03 . 2010-03-06 17:55:54 -------- d-----w- C:\Program Files\TeamViewer
2010-03-16 16:20:10 . 2010-02-21 16:37:20 -------- d-----w- C:\Program Files\Free YouTube Downloader Converter
2010-03-16 16:19:59 . 2008-12-29 10:19:39 -------- d-----w- C:\Program Files\DVDFab 5
2010-03-16 16:19:57 . 2009-07-31 04:46:41 -------- d-----w- C:\Documents and Settings\Anton - Krkos\Application Data\Vso
2010-03-16 16:19:56 . 2009-07-31 04:46:42 47360 ----a-w- C:\Documents and Settings\Anton - Krkos\Application Data\pcouffin.sys
2010-03-16 16:19:56 . 2009-07-31 04:46:42 47360 ----a-w- C:\Documents and Settings\Anton - Krkos\Application Data\pcouffin.sys
2010-03-14 11:19:13 . 2007-11-02 01:37:11 -------- d-----w- C:\Program Files\Common Files\Java
2010-03-14 11:19:04 . 2010-03-14 11:19:04 503808 ----a-w- C:\Documents and Settings\Anton - Krkos\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6876d3e5-n\msvcp71.dll
2010-03-14 11:19:04 . 2010-03-14 11:19:04 348160 ----a-w- C:\Documents and Settings\Anton - Krkos\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6876d3e5-n\msvcr71.dll
2010-03-14 11:19:04 . 2010-03-14 11:19:03 499712 ----a-w- C:\Documents and Settings\Anton - Krkos\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6876d3e5-n\jmc.dll
2010-03-14 11:19:01 . 2010-03-14 11:19:01 61440 ----a-w- C:\Documents and Settings\Anton - Krkos\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3667b3b8-n\decora-sse.dll
2010-03-14 11:19:01 . 2010-03-14 11:19:01 12800 ----a-w- C:\Documents and Settings\Anton - Krkos\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3667b3b8-n\decora-d3d.dll
2010-03-14 11:18:32 . 2010-03-14 11:18:47 411368 ----a-w- C:\WINDOWS\system32\deploytk.dll
2010-03-14 11:18:29 . 2007-11-02 01:37:21 -------- d-----w- C:\Program Files\Java
2010-03-14 10:07:15 . 2010-02-28 11:42:33 -------- d-----w- C:\Program Files\Smart GIF Creator
2010-03-13 13:07:12 . 2010-04-03 09:09:13 -------- d-----w- C:\Program Files\ESET
2010-03-10 10:10:56 . 2010-02-28 11:44:13 1032 ----a-w- C:\b.dat
2010-03-10 10:10:56 . 2010-02-28 11:44:13 1032 ----a-w- C:\a.dat
2010-03-09 11:09:18 . 2006-03-16 04:00:00 430080 ----a-w- C:\WINDOWS\system32\vbscript.dll
2010-02-28 13:44:35 . 2008-11-05 18:46:01 48564 ---ha-w- C:\WINDOWS\system32\mlfcache.dat
2010-02-24 13:11:07 . 2005-01-19 12:26:52 455680 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2010-02-12 10:03:03 . 2010-03-05 11:03:33 293376 ------w- C:\WINDOWS\system32\browserchoice.exe
2010-02-12 04:33:11 . 2006-03-16 04:00:00 100864 ----a-w- C:\WINDOWS\system32\6to4svc.dll
2010-02-11 12:02:15 . 2006-03-16 04:00:00 226880 ----a-w- C:\WINDOWS\system32\drivers\tcpip6.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 19:56:34 64512]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 20:58:26 458752]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 10:43:18 248040]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 20:17:04 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 20:13:40 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 20:17:50 118784]
"MsmqIntCert"="mqrt.dll" [2009-06-25 18:36:08 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 15:02:50 61952]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 05:22:46 794713]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 09:33:12 163840]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 08:50:40 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 08:23:50 1187840]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 07:52:14 643072]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05:02 81920]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Rychlě zaź tek s aplikacˇ HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\ICQ7.0\\ICQ.exe"=
"C:\\Program Files\\ICQ7.0\\aolload.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 d347bus;d347bus;C:\WINDOWS\system32\drivers\d347bus.sys [21.11.2009 13:59:18 155136]
R0 d347prt;d347prt;C:\WINDOWS\system32\drivers\d347prt.sys [21.11.2009 13:59:18 5248]
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT --> C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT [?]
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT --> C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file://C:\Program Files\AutoCAD 2002 Cz\InstFred.ocx
DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} - file://C:\Program Files\AutoCAD 2002 Cz\InstBanr.ocx
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-OEXPRESS - (no file)
AddRemove-{993960EE-CA4D-443F-8F88-E24260DD5FD2} - C:\Program Files\InstallShield Installation Information\{993960EE-CA4D-443F-8F88-E24260DD5FD2}\setup.exe
ComboFix 10-05-07.07 - Anton - Krkos 08.05.2010 19:24:06.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1014.650 [GMT 2:00]
Running from: C:\Documents and Settings\Anton - Krkos\My Documents\Downloads\ComboFix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Anton - Krkos\Application Data\ezpinst.exe
C:\Documents and Settings\Anton - Krkos\Application Data\inst.exe
D:\0fpdq2dw.exe
D:\df.exe
.
((((((((((((((((((((((((( Files Created from 2010-04-08 to 2010-05-08 )))))))))))))))))))))))))))))))
.
2010-05-05 16:02:29 . 2010-05-05 16:02:29 -------- d-----w- C:\Documents and Settings\Anton - Krkos\Application Data\Malwarebytes
2010-05-05 16:02:21 . 2010-04-29 13:39:38 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-05-05 16:02:20 . 2010-05-05 16:02:24 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-05 16:02:20 . 2010-05-05 16:02:20 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-05-05 16:02:20 . 2010-04-29 13:39:26 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-05-05 14:49:57 . 2010-05-06 18:17:13 -------- d-----w- C:\Program Files\trend micro
2010-05-05 14:49:57 . 2010-05-05 14:54:56 -------- d-----w- C:\rsit
2010-05-02 11:59:54 . 2010-05-02 11:59:54 111747 ----a-w- C:\WINDOWS\system32\-bCiaB-Z-tj8-P.exe
2010-05-01 02:08:10 . 2010-05-01 02:08:10 -------- d-----w- C:\Documents and Settings\Anton - Krkos\Application Data\ESET
2010-04-14 17:40:49 . 2009-12-08 19:26:15 2145280 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe
2010-04-14 17:40:49 . 2009-12-08 18:43:51 2023936 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 08:48:35 . 2010-03-04 10:07:46 -------- d-----w- C:\Program Files\Pepa Chytrouš
2010-05-02 00:08:33 . 2009-12-11 15:04:07 -------- d-----w- C:\Documents and Settings\Anton - Krkos\Application Data\Skype
2010-05-01 02:01:38 . 2007-11-02 01:37:12 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2010-05-01 02:01:37 . 2007-11-02 01:37:03 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Symantec
2010-04-30 14:49:58 . 2009-12-04 21:07:08 -------- d-----w- C:\Documents and Settings\Anton - Krkos\Application Data\skypePM
2010-04-30 07:12:47 . 2010-01-05 12:58:26 -------- d-----w- C:\Documents and Settings\Anton - Krkos\Application Data\ICQ
2010-04-25 12:21:33 . 2010-03-25 17:17:18 -------- d-----w- C:\Program Files\The KMPlayer
2010-04-03 20:45:43 . 2010-04-03 20:45:43 -------- d-----w- C:\Program Files\DVDVIDEOSOFT
2010-04-02 08:14:20 . 2010-02-07 19:12:28 -------- d-----w- C:\Program Files\ICQ7.0
2010-03-20 20:48:44 . 2010-03-20 20:48:44 -------- d-----w- C:\Program Files\Play
2010-03-16 16:24:30 . 2009-12-05 11:37:53 -------- d-----w- C:\Program Files\YouTube Video Downloader
2010-03-16 16:21:03 . 2010-03-06 17:55:54 -------- d-----w- C:\Program Files\TeamViewer
2010-03-16 16:20:10 . 2010-02-21 16:37:20 -------- d-----w- C:\Program Files\Free YouTube Downloader Converter
2010-03-16 16:19:59 . 2008-12-29 10:19:39 -------- d-----w- C:\Program Files\DVDFab 5
2010-03-16 16:19:57 . 2009-07-31 04:46:41 -------- d-----w- C:\Documents and Settings\Anton - Krkos\Application Data\Vso
2010-03-16 16:19:56 . 2009-07-31 04:46:42 47360 ----a-w- C:\Documents and Settings\Anton - Krkos\Application Data\pcouffin.sys
2010-03-16 16:19:56 . 2009-07-31 04:46:42 47360 ----a-w- C:\Documents and Settings\Anton - Krkos\Application Data\pcouffin.sys
2010-03-14 11:19:13 . 2007-11-02 01:37:11 -------- d-----w- C:\Program Files\Common Files\Java
2010-03-14 11:19:04 . 2010-03-14 11:19:04 503808 ----a-w- C:\Documents and Settings\Anton - Krkos\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6876d3e5-n\msvcp71.dll
2010-03-14 11:19:04 . 2010-03-14 11:19:04 348160 ----a-w- C:\Documents and Settings\Anton - Krkos\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6876d3e5-n\msvcr71.dll
2010-03-14 11:19:04 . 2010-03-14 11:19:03 499712 ----a-w- C:\Documents and Settings\Anton - Krkos\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6876d3e5-n\jmc.dll
2010-03-14 11:19:01 . 2010-03-14 11:19:01 61440 ----a-w- C:\Documents and Settings\Anton - Krkos\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3667b3b8-n\decora-sse.dll
2010-03-14 11:19:01 . 2010-03-14 11:19:01 12800 ----a-w- C:\Documents and Settings\Anton - Krkos\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3667b3b8-n\decora-d3d.dll
2010-03-14 11:18:32 . 2010-03-14 11:18:47 411368 ----a-w- C:\WINDOWS\system32\deploytk.dll
2010-03-14 11:18:29 . 2007-11-02 01:37:21 -------- d-----w- C:\Program Files\Java
2010-03-14 10:07:15 . 2010-02-28 11:42:33 -------- d-----w- C:\Program Files\Smart GIF Creator
2010-03-13 13:07:12 . 2010-04-03 09:09:13 -------- d-----w- C:\Program Files\ESET
2010-03-10 10:10:56 . 2010-02-28 11:44:13 1032 ----a-w- C:\b.dat
2010-03-10 10:10:56 . 2010-02-28 11:44:13 1032 ----a-w- C:\a.dat
2010-03-09 11:09:18 . 2006-03-16 04:00:00 430080 ----a-w- C:\WINDOWS\system32\vbscript.dll
2010-02-28 13:44:35 . 2008-11-05 18:46:01 48564 ---ha-w- C:\WINDOWS\system32\mlfcache.dat
2010-02-24 13:11:07 . 2005-01-19 12:26:52 455680 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2010-02-12 10:03:03 . 2010-03-05 11:03:33 293376 ------w- C:\WINDOWS\system32\browserchoice.exe
2010-02-12 04:33:11 . 2006-03-16 04:00:00 100864 ----a-w- C:\WINDOWS\system32\6to4svc.dll
2010-02-11 12:02:15 . 2006-03-16 04:00:00 226880 ----a-w- C:\WINDOWS\system32\drivers\tcpip6.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 19:56:34 64512]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 20:58:26 458752]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 10:43:18 248040]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 20:17:04 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 20:13:40 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 20:17:50 118784]
"MsmqIntCert"="mqrt.dll" [2009-06-25 18:36:08 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 15:02:50 61952]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 05:22:46 794713]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 09:33:12 163840]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 08:50:40 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 08:23:50 1187840]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 07:52:14 643072]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05:02 81920]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Rychlě zaź tek s aplikacˇ HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\ICQ7.0\\ICQ.exe"=
"C:\\Program Files\\ICQ7.0\\aolload.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 d347bus;d347bus;C:\WINDOWS\system32\drivers\d347bus.sys [21.11.2009 13:59:18 155136]
R0 d347prt;d347prt;C:\WINDOWS\system32\drivers\d347prt.sys [21.11.2009 13:59:18 5248]
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT --> C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT [?]
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT --> C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file://C:\Program Files\AutoCAD 2002 Cz\InstFred.ocx
DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} - file://C:\Program Files\AutoCAD 2002 Cz\InstBanr.ocx
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-OEXPRESS - (no file)
AddRemove-{993960EE-CA4D-443F-8F88-E24260DD5FD2} - C:\Program Files\InstallShield Installation Information\{993960EE-CA4D-443F-8F88-E24260DD5FD2}\setup.exe
Re: Mám spomlený PC
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
Kód: Vybrat vše
File::
C:\WINDOWS\system32\-bCiaB-Z-tj8-P.exe
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Re: Mám spomlený PC
ComboFix 10-05-08.02 - Anton - Krkos 09.05.2010 11:13:23.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1014.490 [GMT 2:00]
Running from: c:\documents and settings\Anton - Krkos\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Anton - Krkos\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((( Files Created from 2010-04-09 to 2010-05-09 )))))))))))))))))))))))))))))))
.
2010-05-05 16:02 . 2010-05-05 16:02 -------- d-----w- c:\documents and settings\Anton - Krkos\Application Data\Malwarebytes
2010-05-05 16:02 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 16:02 . 2010-05-05 16:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 16:02 . 2010-05-05 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-05 16:02 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-05 14:49 . 2010-05-06 18:17 -------- d-----w- c:\program files\trend micro
2010-05-05 14:49 . 2010-05-05 14:54 -------- d-----w- C:\rsit
2010-05-02 11:59 . 2010-05-02 11:59 111747 ----a-w- c:\windows\system32\-bCiaB-Z-tj8-P.exe
2010-05-01 02:08 . 2010-05-01 02:08 -------- d-----w- c:\documents and settings\Anton - Krkos\Application Data\ESET
2010-04-14 17:40 . 2009-12-08 19:26 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 17:40 . 2009-12-08 18:43 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 08:48 . 2010-03-04 10:07 -------- d-----w- c:\program files\Pepa Chytrouš
2010-05-02 00:08 . 2009-12-11 15:04 -------- d-----w- c:\documents and settings\Anton - Krkos\Application Data\Skype
2010-05-01 02:01 . 2007-11-02 01:37 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-01 02:01 . 2007-11-02 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-30 14:49 . 2009-12-04 21:07 -------- d-----w- c:\documents and settings\Anton - Krkos\Application Data\skypePM
2010-04-30 07:12 . 2010-01-05 12:58 -------- d-----w- c:\documents and settings\Anton - Krkos\Application Data\ICQ
2010-04-25 12:21 . 2010-03-25 17:17 -------- d-----w- c:\program files\The KMPlayer
2010-04-03 20:45 . 2010-04-03 20:45 -------- d-----w- c:\program files\DVDVIDEOSOFT
2010-04-02 08:14 . 2010-02-07 19:12 -------- d-----w- c:\program files\ICQ7.0
2010-03-20 20:48 . 2010-03-20 20:48 -------- d-----w- c:\program files\Play
2010-03-16 16:24 . 2009-12-05 11:37 -------- d-----w- c:\program files\YouTube Video Downloader
2010-03-16 16:21 . 2010-03-06 17:55 -------- d-----w- c:\program files\TeamViewer
2010-03-16 16:20 . 2010-02-21 16:37 -------- d-----w- c:\program files\Free YouTube Downloader Converter
2010-03-16 16:19 . 2008-12-29 10:19 -------- d-----w- c:\program files\DVDFab 5
2010-03-16 16:19 . 2009-07-31 04:46 -------- d-----w- c:\documents and settings\Anton - Krkos\Application Data\Vso
2010-03-16 16:19 . 2009-07-31 04:46 47360 ----a-w- c:\documents and settings\Anton - Krkos\Application Data\pcouffin.sys
2010-03-16 16:19 . 2009-07-31 04:46 47360 ----a-w- c:\documents and settings\Anton - Krkos\Application Data\pcouffin.sys
2010-03-14 11:19 . 2007-11-02 01:37 -------- d-----w- c:\program files\Common Files\Java
2010-03-14 11:19 . 2010-03-14 11:19 503808 ----a-w- c:\documents and settings\Anton - Krkos\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6876d3e5-n\msvcp71.dll
2010-03-14 11:19 . 2010-03-14 11:19 348160 ----a-w- c:\documents and settings\Anton - Krkos\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6876d3e5-n\msvcr71.dll
2010-03-14 11:19 . 2010-03-14 11:19 499712 ----a-w- c:\documents and settings\Anton - Krkos\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6876d3e5-n\jmc.dll
2010-03-14 11:19 . 2010-03-14 11:19 61440 ----a-w- c:\documents and settings\Anton - Krkos\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3667b3b8-n\decora-sse.dll
2010-03-14 11:19 . 2010-03-14 11:19 12800 ----a-w- c:\documents and settings\Anton - Krkos\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3667b3b8-n\decora-d3d.dll
2010-03-14 11:18 . 2010-03-14 11:18 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-14 11:18 . 2007-11-02 01:37 -------- d-----w- c:\program files\Java
2010-03-14 10:07 . 2010-02-28 11:42 -------- d-----w- c:\program files\Smart GIF Creator
2010-03-13 13:07 . 2010-04-03 09:09 -------- d-----w- c:\program files\ESET
2010-03-10 10:10 . 2010-02-28 11:44 1032 ----a-w- C:\b.dat
2010-03-10 10:10 . 2010-02-28 11:44 1032 ----a-w- C:\a.dat
2010-03-09 11:09 . 2006-03-16 04:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-28 13:44 . 2008-11-05 18:46 48564 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-24 13:11 . 2005-01-19 12:26 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-12 10:03 . 2010-03-05 11:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2006-03-16 04:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2006-03-16 04:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-05-08_17.32.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-09 08:35 . 2010-05-09 08:35 16384 c:\windows\Temp\Perflib_Perfdata_1ac.dat
+ 2010-05-09 08:35 . 2010-05-09 08:35 16384 c:\windows\Temp\Perflib_Perfdata_114.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Rychlě zaź tek s aplikacˇ HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [21.11.2009 13:59 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [21.11.2009 13:59 5248]
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT --> c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT [?]
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT --> c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file://c:\program files\AutoCAD 2002 Cz\InstFred.ocx
DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} - file://c:\program files\AutoCAD 2002 Cz\InstBanr.ocx
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-09 11:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ???`L??????`?@?????L?@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(716)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-09 11:25:14
ComboFix-quarantined-files.txt 2010-05-09 09:25
ComboFix2.txt 2010-05-09 09:07
Pre-Run: 22 570 274 816 bytes free
Post-Run: 22 553 243 648 bytes free
- - End Of File - - 19D6BA77709992C376B1CDC1278112C0
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1014.490 [GMT 2:00]
Running from: c:\documents and settings\Anton - Krkos\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Anton - Krkos\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((( Files Created from 2010-04-09 to 2010-05-09 )))))))))))))))))))))))))))))))
.
2010-05-05 16:02 . 2010-05-05 16:02 -------- d-----w- c:\documents and settings\Anton - Krkos\Application Data\Malwarebytes
2010-05-05 16:02 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 16:02 . 2010-05-05 16:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 16:02 . 2010-05-05 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-05 16:02 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-05 14:49 . 2010-05-06 18:17 -------- d-----w- c:\program files\trend micro
2010-05-05 14:49 . 2010-05-05 14:54 -------- d-----w- C:\rsit
2010-05-02 11:59 . 2010-05-02 11:59 111747 ----a-w- c:\windows\system32\-bCiaB-Z-tj8-P.exe
2010-05-01 02:08 . 2010-05-01 02:08 -------- d-----w- c:\documents and settings\Anton - Krkos\Application Data\ESET
2010-04-14 17:40 . 2009-12-08 19:26 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 17:40 . 2009-12-08 18:43 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 08:48 . 2010-03-04 10:07 -------- d-----w- c:\program files\Pepa Chytrouš
2010-05-02 00:08 . 2009-12-11 15:04 -------- d-----w- c:\documents and settings\Anton - Krkos\Application Data\Skype
2010-05-01 02:01 . 2007-11-02 01:37 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-01 02:01 . 2007-11-02 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-30 14:49 . 2009-12-04 21:07 -------- d-----w- c:\documents and settings\Anton - Krkos\Application Data\skypePM
2010-04-30 07:12 . 2010-01-05 12:58 -------- d-----w- c:\documents and settings\Anton - Krkos\Application Data\ICQ
2010-04-25 12:21 . 2010-03-25 17:17 -------- d-----w- c:\program files\The KMPlayer
2010-04-03 20:45 . 2010-04-03 20:45 -------- d-----w- c:\program files\DVDVIDEOSOFT
2010-04-02 08:14 . 2010-02-07 19:12 -------- d-----w- c:\program files\ICQ7.0
2010-03-20 20:48 . 2010-03-20 20:48 -------- d-----w- c:\program files\Play
2010-03-16 16:24 . 2009-12-05 11:37 -------- d-----w- c:\program files\YouTube Video Downloader
2010-03-16 16:21 . 2010-03-06 17:55 -------- d-----w- c:\program files\TeamViewer
2010-03-16 16:20 . 2010-02-21 16:37 -------- d-----w- c:\program files\Free YouTube Downloader Converter
2010-03-16 16:19 . 2008-12-29 10:19 -------- d-----w- c:\program files\DVDFab 5
2010-03-16 16:19 . 2009-07-31 04:46 -------- d-----w- c:\documents and settings\Anton - Krkos\Application Data\Vso
2010-03-16 16:19 . 2009-07-31 04:46 47360 ----a-w- c:\documents and settings\Anton - Krkos\Application Data\pcouffin.sys
2010-03-16 16:19 . 2009-07-31 04:46 47360 ----a-w- c:\documents and settings\Anton - Krkos\Application Data\pcouffin.sys
2010-03-14 11:19 . 2007-11-02 01:37 -------- d-----w- c:\program files\Common Files\Java
2010-03-14 11:19 . 2010-03-14 11:19 503808 ----a-w- c:\documents and settings\Anton - Krkos\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6876d3e5-n\msvcp71.dll
2010-03-14 11:19 . 2010-03-14 11:19 348160 ----a-w- c:\documents and settings\Anton - Krkos\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6876d3e5-n\msvcr71.dll
2010-03-14 11:19 . 2010-03-14 11:19 499712 ----a-w- c:\documents and settings\Anton - Krkos\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6876d3e5-n\jmc.dll
2010-03-14 11:19 . 2010-03-14 11:19 61440 ----a-w- c:\documents and settings\Anton - Krkos\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3667b3b8-n\decora-sse.dll
2010-03-14 11:19 . 2010-03-14 11:19 12800 ----a-w- c:\documents and settings\Anton - Krkos\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3667b3b8-n\decora-d3d.dll
2010-03-14 11:18 . 2010-03-14 11:18 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-14 11:18 . 2007-11-02 01:37 -------- d-----w- c:\program files\Java
2010-03-14 10:07 . 2010-02-28 11:42 -------- d-----w- c:\program files\Smart GIF Creator
2010-03-13 13:07 . 2010-04-03 09:09 -------- d-----w- c:\program files\ESET
2010-03-10 10:10 . 2010-02-28 11:44 1032 ----a-w- C:\b.dat
2010-03-10 10:10 . 2010-02-28 11:44 1032 ----a-w- C:\a.dat
2010-03-09 11:09 . 2006-03-16 04:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-28 13:44 . 2008-11-05 18:46 48564 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-24 13:11 . 2005-01-19 12:26 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-12 10:03 . 2010-03-05 11:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2006-03-16 04:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2006-03-16 04:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-05-08_17.32.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-09 08:35 . 2010-05-09 08:35 16384 c:\windows\Temp\Perflib_Perfdata_1ac.dat
+ 2010-05-09 08:35 . 2010-05-09 08:35 16384 c:\windows\Temp\Perflib_Perfdata_114.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Rychlě zaź tek s aplikacˇ HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [21.11.2009 13:59 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [21.11.2009 13:59 5248]
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT --> c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT [?]
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT --> c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file://c:\program files\AutoCAD 2002 Cz\InstFred.ocx
DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} - file://c:\program files\AutoCAD 2002 Cz\InstBanr.ocx
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-09 11:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ???`L??????`?@?????L?@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(716)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-09 11:25:14
ComboFix-quarantined-files.txt 2010-05-09 09:25
ComboFix2.txt 2010-05-09 09:07
Pre-Run: 22 570 274 816 bytes free
Post-Run: 22 553 243 648 bytes free
- - End Of File - - 19D6BA77709992C376B1CDC1278112C0
Re: Mám spomlený PC
Hm tak jinak.
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Najdi na disku :
c:\windows\system32\-bCiaB-Z-tj8-P.exe
a smaž, pokud nepůjde použij Unlocker podle TOHOTO návodu.
Pak dej vědět jaký je stav PC.
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Najdi na disku :
c:\windows\system32\-bCiaB-Z-tj8-P.exe
a smaž, pokud nepůjde použij Unlocker podle TOHOTO návodu.
Pak dej vědět jaký je stav PC.
Re: Mám spomlený PC
Našiel som ten súbor a zmazal bez problémov. Počítač je rýchlejší a konečne tak nezamŕza 
ďakujem za pomoc
ďakujem za pomoc Re: Mám spomlený PC
Ale vyskytol sa mi jeden problém s ktorým si neviem dať rady, už v minulosti mi to urobilo par krát a teras znova. Z ničoho nič mi naskočila modrá obrazovka a bolo tam napísané:
*** Hardware Malfuction
Call your hardware vendor for suppor
*** The system has falted *** nevieš čo to znamená???
*** Hardware Malfuction
Call your hardware vendor for suppor
*** The system has falted *** nevieš čo to znamená???
Re: Mám spomlený PC
Stáhni a nainstaluj Debugging Tools For Windows .
Přes Start >> Všechny programy vyhledej program s jménem WinDbg ve složce Debugging Tools for Window a spusť.
Pokud používáš Windows Vista a máš zapnutý UAC, spusť WinDbg jako administrátor (budeš přistupovat do adresáře Windows)
První co budeš muset nastavit je cesta k symbolům. Klikni na File -> Symbol File Path a zde nastav http://msdl.microsoft.com/download/symbols
Nyní můžeš začít analyzovat BSOB.
Klikni na File -> Open Crash Dump a najdi složku C:\Windows\Minidump.
Ve složce Minidumps se nacházejí soubory Minixxxxxx-xx.dmp (xxxxxx-xx je datum a pořadové číslo).
Pokud je složka prázdná neměl jsi ještě žádnou BSOD nebo jsi jí vymazal.
Jakmile soubor otevřeš začnou se načítat symboly a po chvilce můžeš zadávat přikazy do přikazového řádku, kde stačí napsat !analyze -v
nebo kliknout myší na příkaz.
Nejdůležitější parametry, které tě mohou zajímat jsou :
PROCESS_NAME (jméno procesu, který způsobil chybu),
IMAGE_NAME
MODULE_NAME
(tyto tři hodnoty mi sem nakopíruj podívám se na to co se s tím dá dělat)
Vypadá to asi TAKHLE
Přes Start >> Všechny programy vyhledej program s jménem WinDbg ve složce Debugging Tools for Window a spusť.
Pokud používáš Windows Vista a máš zapnutý UAC, spusť WinDbg jako administrátor (budeš přistupovat do adresáře Windows)
První co budeš muset nastavit je cesta k symbolům. Klikni na File -> Symbol File Path a zde nastav http://msdl.microsoft.com/download/symbols
Nyní můžeš začít analyzovat BSOB.
Klikni na File -> Open Crash Dump a najdi složku C:\Windows\Minidump.
Ve složce Minidumps se nacházejí soubory Minixxxxxx-xx.dmp (xxxxxx-xx je datum a pořadové číslo).
Pokud je složka prázdná neměl jsi ještě žádnou BSOD nebo jsi jí vymazal.
Jakmile soubor otevřeš začnou se načítat symboly a po chvilce můžeš zadávat přikazy do přikazového řádku, kde stačí napsat !analyze -v
nebo kliknout myší na příkaz.
Nejdůležitější parametry, které tě mohou zajímat jsou :
PROCESS_NAME (jméno procesu, který způsobil chybu),
IMAGE_NAME
MODULE_NAME
(tyto tři hodnoty mi sem nakopíruj podívám se na to co se s tím dá dělat)
Vypadá to asi TAKHLE
Přispějete na provoz fóra?
