Nelze se přihlásit - RSIT

[alesholoska]

jj spouštěl

[motji]

Spuštìný z: c:\documents and settings\Administrator\Desktop\ComboFix.exe
tady není o skriptu ani zmínka , nespouštěl jsi ho ještě jednou na prázdno? Nebo neumazal jsi v logu nějaký řádek?

Jak to ted vypadá s počítačem?

Stáhněte SystemLook
http://jpshortstuff.247fixes.com/SystemLook.exe

-uložte ho na plochu a spustte.
-do okénka skopírujte

Kód: Vybrat vše

:filefind 
grpconv.exe

-klikněte na Look, proběhne sken, na konci se zobrazí log, jehož obsah zkopírujete sem

[alesholoska]

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 15:48 on 27/02/2010 by Administrator (Administrator - Elevation successful)

========== filefind ==========

Searching for "grpconv.exe"
C:\grpconv.exe ------ 39424 bytes [08:29 27/02/2010] [11:04 21/08/2009] 00D0959D8792A594D2F4B4B61718583C
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\grpconv.exe --a--- 39424 bytes [08:10 10/04/2009] [01:12 14/04/2008] 6DD28A6D99CF7B14B2D1786D143624E0
C:\WINDOWS\system32\grpconv.exe --a--- 39424 bytes [21:55 26/02/2010] [11:04 21/08/2009] 00D0959D8792A594D2F4B4B61718583C

-=End Of File=-

[motji]

Fajn, jak to vypadá s počítačem ?

[alesholoska]

Pořád stejný Vždycky se přihlásím, naběhnou ikony(někdy ani to ne), pár minut to vydrží a pak se to bez žádné hlášky rovnou vypne (bez vypínací obrazovky Windows XP) a začne znov bootovat a tak to jde pořád dokola

[motji]

Stáhněte a spusťte http://users.telenet.be/marcvn/tools/reglooks.exe
- objeví se červené okno a program bude pracovat.
-po dokončení skenu na Vás vyskočí poznámkový blok result.txt- obsah sem zkopírujte
- v případě že na Vás nevyskočí, najdete ho zde c:\result.txt



Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

[alesholoska]

REGLOOKS
REGLOOKS logfile - version 0.985
Scan started: so 27.02.2010 17:24:36,31

--- INFORMATION ---

Manufacturer: Acer - Model: Aspire 3100
Operating System: Systém Microsoft Windows XP Professional -- 5.1.2600 -- Service Pack 2 --
Processor: Mobile AMD Sempron(tm) Processor 3400+

Work Station
Bootmode: Fail-safe boot
Total RAM: 446 MB (free 261 MB - 58%)

Computername: ACER-0CD67B2DBF
Domain: WORKGROUP
User: Administrator (Administrator account)

Bootdevice: \Device\HarddiskVolume2
Systemdrive: C:
Windowsdirectory: C:\WINDOWS
Systemdirectory: C:\WINDOWS\system32

Internet Explorer Version: 6.0.2900.2180

Antivirus Program: AntiVir Desktop 9.0.1.32 [Not Enabled - Updated]
Firewall: Avira Firewall 9.0.1.32 [Not Enabled]



--- SIGCHECK ---

C:\WINDOWS\explorer.exe -- [1032192] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\appmgmts.dll -- [167936] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\browser.dll -- [77312] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\comres.dll -- [792064] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\comctl32.dll -- [611328] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\cryptsvc.dll -- [60416] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\ctfmon.exe -- [15360] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\es.dll -- [253952] -- [07.07.2008 22:32] -- sigcheck OK
C:\WINDOWS\system32\eventlog.dll -- [55808] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\ias.dll NOT found
C:\WINDOWS\system32\imm32.dll -- [110080] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\kernel32.dll -- [986112] -- [21.03.2009 16:18] -- sigcheck OK
C:\WINDOWS\system32\linkinfo.dll -- [18944] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\lpk.dll -- [22016] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\lsass.exe -- [13312] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\mfc40u.dll -- [924432] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\msgsvc.dll -- [33792] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\mshtml.dll -- [3071488] -- [22.12.2009 06:35] -- sigcheck OK
C:\WINDOWS\system32\mspmsnsv.dll -- [25088] -- [03.08.2005 18:29] -- sigcheck OK
C:\WINDOWS\system32\mswsock.dll -- [245248] -- [20.06.2008 19:41] -- sigcheck OK
C:\WINDOWS\system32\netlogon.dll -- [407040] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\netman.dll -- [198144] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\ntkrnlpa.exe -- [2015744] -- [04.08.2009 14:13] -- sigcheck OK
C:\WINDOWS\system32\ntmssvc.dll -- [435200] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\ntoskrnl.exe -- [2136064] -- [04.08.2009 14:58] -- sigcheck OK
C:\WINDOWS\system32\pchsvc.dll NOT found
C:\WINDOWS\system32\powrprof.dll -- [17408] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\qmgr.dll -- [382464] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\rasauto.dll -- [89088] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\regsvc.dll -- [59904] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\rpcss.dll -- [399360] -- [09.02.2009 12:20] -- sigcheck OK
C:\WINDOWS\system32\scecli.dll -- [180224] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\schedsvc.dll -- [190976] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\services.exe -- [110592] -- [06.02.2009 19:14] -- sigcheck OK
C:\WINDOWS\system32\sfc.dll -- [5120] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\sfcfiles.dll -- [1580544] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\spoolsv.exe -- [57856] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\srsvc.dll -- [170496] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\ssdpsrv.dll -- [71680] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\svchost.exe -- [14336] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\tapisrv.dll -- [246272] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\termsrv.dll -- [295424] -- [10.03.2005 09:49] -- sigcheck OK
C:\WINDOWS\system32\upnphost.dll -- [185344] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\user32.dll -- [577024] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\userinit.exe -- [24576] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\wininet.dll -- [668672] -- [22.12.2009 06:35] -- sigcheck OK
C:\WINDOWS\system32\winlogon.exe -- [502272] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\ws2_32.dll -- [82944] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\wscntfy.exe -- [13824] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\wuauclt.exe -- [53472] -- [06.08.2009 19:24] -- sigcheck OK
C:\WINDOWS\system32\xmlprov.dll -- [129536] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\drivers\acpiec.sys -- [11648] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\drivers\aec.sys -- [142464] -- [03.08.2004 22:39] -- sigcheck OK
C:\WINDOWS\system32\drivers\asyncmac.sys -- [14336] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\drivers\atapi.sys -- [95360] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\drivers\beep.sys -- [4224] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\drivers\classpnp.sys -- [49664] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\drivers\disk.sys -- [36352] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\drivers\iaStor.sys NOT found
C:\WINDOWS\system32\drivers\ip6fw.sys -- [29056] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\drivers\kbdclass.sys -- [24576] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\drivers\ndis.sys -- [182912] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\drivers\ntfs.sys -- [574592] -- [10.08.2004 20:00] -- sigcheck OK
C:\WINDOWS\system32\drivers\tcpip.sys -- [360320] -- [20.06.2008 12:45] -- sigcheck OK


--- SSODL regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" -- File: %SystemRoot%\system32\SHELL32.dll -- [?]
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" -- File: %SystemRoot%\system32\SHELL32.dll -- [?]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" -- File: %Systemroot%\system32\webcheck.dll -- [?]
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" -- File: %systemroot%\system32\stobject.dll -- [?]


--- STS regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" -- File: %SystemRoot%\system32\browseui.dll -- [?]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" -- File: %SystemRoot%\system32\browseui.dll -- [?]


--- USERINIT regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
File: C:\WINDOWS\system32\userinit.exe -- [24576] -- [10.08.2004 20:00]


--- SHELL regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
File: C:\WINDOWS\Explorer.exe -- [1032192] -- [10.08.2004 20:00]


--- SYSTEM regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


--- APPINIT_DLLS regkey ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
no AppInit_DLLs regkey found


--- NOTIFY regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
-- File: C:\WINDOWS\system32\Ati2evxx.dll -- [86016] -- [18.07.2006 07:52]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
-- File: C:\WINDOWS\system32\crypt32.dll -- [597504] -- [10.08.2004 20:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
-- File: C:\WINDOWS\system32\cryptnet.dll -- [63488] -- [10.08.2004 20:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
-- File: C:\WINDOWS\system32\cscdll.dll -- [101888] -- [10.08.2004 20:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [92672] -- [10.08.2004 20:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [92672] -- [10.08.2004 20:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
-- File: C:\WINDOWS\system32\sclgntfy.dll -- [20992] -- [10.08.2004 20:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
-- File: C:\WINDOWS\system32\WlNotify.dll -- [92672] -- [10.08.2004 20:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [92672] -- [10.08.2004 20:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [92672] -- [10.08.2004 20:00]


--- RUN / LOAD regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
no run / load keys found


--- SHELLEXECUTEHOOKS regkey ---

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" -- File: shell32.dll -- [?]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook" -- File: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll -- [2212224] -- [24.08.2007 07:01]


--- HKLM AUTORUN regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor]
no AutoRun regkey found


--- HKCU AUTORUN regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
no AutoRun regkey found


--- HKLM\RUN regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng" -- File: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" -- [?]
"ePower_DMC" -- File C:\Acer\Empowering Technology\ePower\ePower_DMC.exe -- [421888] -- [30.05.2006 12:11]
"avgnt" -- File: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min -- [?]
"MacrokeyManager" -- File: WTMKM.exe -- [?]
"ConMet" -- File C:\Program Files\ConMet\ConMet.exe -- [3804672] -- [12.01.2010 19:31]
"KernelFaultCheck" -- File: %systemroot%\system32\dumprep 0 -k -- [?]


--- HKLM\RUNONCE regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
no runonce values found


--- HKLM\RUNONCEEX regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
no runonceex values found


--- HKLM\RUNSERVICES regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
key not found


--- HKLM\RUNSERVICESONCE regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
no runservicesonce values found


--- HKCU\RUN regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
no run values found


--- HKCU\RUNONCE regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
no runonce values found


--- HKCU\RUNONCEEX regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
key not found


--- HKCU\RUNSERVICES regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
no runservices values found


--- HKCU\RUNSERVICESONCE regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
no runservicesonce values found


--- HKU\.DEFAULT\Run regkeys - Default user ---

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE" -- File C:\WINDOWS\system32\CTFMON.EXE -- [15360] -- [10.08.2004 20:00]


--- HKU\S-1-5-18\Run regkeys - user SYSTEM ---

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE" -- File C:\WINDOWS\system32\CTFMON.EXE -- [15360] -- [10.08.2004 20:00]


--- HKU\S-1-5-19\Run regkeys - User Lokale service ---

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
key not found


--- HKU\S-1-5-20\Run regkeys - User Lokale service ---

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
key not found


--- HKLM\Explorer\Run regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
no run values found


--- HKCU\Explorer\Run regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
no run values found


--- Image File Execution regkeys ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
no debuggers found


--- BROWSER HELPER OBJECTS regkeys ---

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
-- File: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll -- [439872] -- [06.09.2006 10:09]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
-- File: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll -- [62080] -- [22.10.2006 23:08]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
-- File: C:\Program Files\Spybot - Search & Destroy\SDHelper.dll -- [?]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
-- File: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll -- [2212224] -- [24.08.2007 07:01]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
-- File: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll -- [408448] -- [22.01.2009 15:41]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
-- File: C:\Program Files\Get Styles\enlbrdr.dll -- [185856] -- [11.02.2010 08:58]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
-- File: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll -- [668656] -- [06.08.2009 22:17]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
-- File: C:\Program Files\Java\jre6\bin\jp2ssv.dll -- [35840] -- [17.03.2009 07:25]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
-- File: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll -- [73728] -- [17.03.2009 07:25]


--- TOOLBAR regkeys ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} -- File: C:\WINDOWS\system32\eDStoolbar.dll -- [106496] -- [08.03.2006 22:44]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -- File: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll -- [439872] -- [06.09.2006 10:09]
{855F3B16-6D32-4fe6-8A56-BBB695989046} -- File: C:\Program Files\ICQ6Toolbar\ICQToolBar.dll -- [958200] -- [09.12.2008 11:23]


--- HKLM\URLSEARCHHOOKS regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
no urlsearchhooks found


--- HKCU\URLSEARCHHOOKS regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -- File: %SystemRoot%\system32\shdocvw.dll -- [?]


--- SRCEENSAVER regkey ---

[HKEY_CURRENT_USER\Control Panel\Desktop]
scrnsave.exe value not found


--- ALTERNATESHELL regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
File: C:\WINDOWS\system32\cmd.exe -- [388608] -- [10.08.2004 20:00]


--- SECURITYPROVIDERS regkey ---

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
File: C:\WINDOWS\system32\msapsspc.dll -- [86016] -- [10.08.2004 20:00]
File: C:\WINDOWS\system32\schannel.dll -- [168448] -- [25.06.2009 10:44]
File: C:\WINDOWS\system32\digest.dll -- [68608] -- [10.08.2004 20:00]
File: C:\WINDOWS\system32\msnsspc.dll -- [290816] -- [10.08.2004 20:00]


--- Active Setup\Installed Components regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
-- File: %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
-- File: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
-- File: %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\KB910393]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
-- File: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{407408d4-94ed-4d86-ab69-a7f649d112ee}]
-- File: %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
-- File: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4b218e3e-bc98-4770-93d3-2731b9329278}]
-- File: %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5E65E94D-69F2-4850-9E93-6459C53A0F50}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
-- File: regsvr32.exe /s /n /i:U shell32.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
-- File: %SystemRoot%\system32\ie4uinit.exe -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
-- File: %SystemRoot%\system32\ie4uinit.exe -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
-- File: C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BDE0FA43-6952-4BA8-8C58-09AF690F88E1}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E8EA5BD6-D931-4001-ABF6-81BAA500360A}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}]
-- filepath not found


--- Services regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ActivHidSerMini]
-- File: system32\DRIVERS\activhidsermini.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirFirewallService]
-- File: "C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe" -- [388865] -- [11.05.2009 10:38]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirMailService]
-- File: "C:\Program Files\Avira\AntiVir Desktop\avmailc.exe" -- [194817] -- [11.05.2009 10:31]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirWebService]
-- File: "C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE" -- [434945] -- [12.05.2009 14:46]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Apache2]
-- File: "C:\dev\prog\Apache2\bin\Apache.exe" -k runservice -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AR5211]
-- File: system32\DRIVERS\ar5211.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASP]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Atierecord]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avfwim]
-- File: system32\DRIVERS\avfwim.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avfwot]
-- File: system32\DRIVERS\avfwot.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BlueletAudio]
-- File: system32\DRIVERS\blueletaudio.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BlueletSCOAudio]
-- File: system32\DRIVERS\BlueletSCOAudio.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BlueSoleilCS]
-- File: C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- [835072] -- [01.11.2008 09:56]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BsHelpCS]
-- File: C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- [98407] -- [01.11.2008 09:30]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BsMobileCS]
-- File: C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe -- [143467] -- [01.11.2008 09:29]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BT]
-- File: system32\DRIVERS\btnetdrv.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTDriver]
-- File: system32\DRIVERS\btport.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BtHidBus]
-- File: System32\Drivers\BtHidBus.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHidEnum]
-- File: System32\Drivers\vbtenum.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHidMgr]
-- File: System32\Drivers\BTHidMgr.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cam5603D]
-- File: System32\Drivers\BisonCam.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CesarFTP]
-- File: C:\Program Files\CesarFTP\server.exe -S -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CLEDX]
-- File: system32\DRIVERS\cledx.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cpuz130]
-- File: \??\C:\DOCUME~1\Acer\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DritekPortIO]
-- File: \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eLock2BurnerLockDriver]
-- File: \??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eLock2FSCTLDriver]
-- File: \??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EMSCR]
-- File: system32\DRIVERS\EMS7SK.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ENTECH]
-- File: \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ESDCR]
-- File: system32\DRIVERS\ESD7SK.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ESMCR]
-- File: system32\DRIVERS\ESM7SK.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ICQ Service]
-- File: C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- [222456] -- [19.10.2008 14:30]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IISADMIN]
-- File: C:\WINDOWS\system32\inetsrv\inetinfo.exe -- [15872] -- [10.08.2004 20:00]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\irsir]
-- File: system32\DRIVERS\irsir.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IvtBtBUs]
-- File: System32\Drivers\IvtBtBus.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JavaQuickStarterService]
-- File: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mbr]
-- File: \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MerakCalendar]
-- File: C:\Program Files\Merak\cal.exe -- [1990656] -- [28.01.2010 14:44]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MerakControl]
-- File: C:\Program Files\Merak\control.exe -- [2165248] -- [28.01.2010 14:44]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MerakIM]
-- File: C:\Program Files\Merak\im.exe -- [1677824] -- [28.01.2010 14:45]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MerakSMTP]
-- File: C:\Program Files\Merak\smtp.exe -- [1651200] -- [28.01.2010 14:45]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSSQL$SQLEXPRESS]
-- File: "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MySQL5]
-- File: "C:\dev\prog\mysql50\bin\mysqld-nt" --defaults-file="C:\dev\prog\mysql50\my.ini" MySQL5 -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetTcpPortSharing]
-- File: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" -- [132096] -- [29.07.2008 19:16]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PEEK5]
-- File: \??\C:\DOCUME~1\Acer\Desktop\AIRCRA~1.3-W\bin\PEEK5.SYS -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\prmvmouse]
-- File: system32\DRIVERS\activmouse.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\psdfilter]
-- File: \??\C:\WINDOWS\system32\Drivers\psdfilter.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSI_SVC_2]
-- File: "C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" -- [185632] -- [24.07.2007 11:15]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMSvcHost 3.0.0.0]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMTPMainService]
-- File: C:\Program Files\Enterprise Mail Server\SMTPListener.exe -- [1190400] -- [17.01.2010 13:50]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMTPSVC]
-- File: C:\WINDOWS\system32\inetsrv\inetinfo.exe -- [15872] -- [10.08.2004 20:00]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SQLWriter]
-- File: "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" -- [87904] -- [24.11.2008 22:31]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tvicport]
-- File: \??\C:\WINDOWS\system32\drivers\tvicport.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UBHelper]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vax347b]
-- File: system32\DRIVERS\vax347b.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vax347s]
-- File: System32\Drivers\vax347s.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VComm]
-- File: system32\DRIVERS\VComm.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VcommMgr]
-- File: System32\Drivers\VcommMgr.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmm]
-- File: \??\C:\WINDOWS\system32\Drivers\vmm.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VPCNetS2]
-- File: system32\DRIVERS\VMNetSrv.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WTService]
-- File: C:\WINDOWS\system32\atwtusb.exe -s -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zntport]
-- File: \??\C:\WINDOWS\system32\drivers\zntport.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{3CF1288A-D784-45C0-B587-42CB8DDC5CB0}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{672A0B83-AAF4-4C8E-8516-4F262E9B2116}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{9E92AC49-DE22-4E39-9995-D0143CACA992}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{B285A4CC-4257-46FF-8032-DC3C2FD634E5}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{C777C756-D118-4BE2-843E-10C983D9D8B7}]
-- filepath not found


--- SAFEBOOT MINIMAL SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
PEVSystemStart
procexp90.Sys


--- SAFEBOOT Network SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
DnsCache
PEVSystemStart
procexp90.Sys


--- BOOTEXECUTE regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"= autocheck autochk *\0\0


--- PENDINGFILERENAMEOPERATIONS regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
PendingFileRenameOperations key not found


--- WOW-CMDLINE regkeys ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW]
"cmdline" = %SystemRoot%\system32\ntvdm.exe
"cmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386


--- NETSVCS regkey ---

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- NETSVCS
0Schedule
0MHN
0WmdmPmSN


--- DNS SERVER regkeys ---

no "NameServer" values found


--- File associations ---

.BAT files: ("%1" %*)
.COM files: ("%1" %*)
.EXE files: ("%1" %*)
.HLP files: (%SystemRoot%\System32\winhlp32.exe %1)
.INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
.PIF files: ("%1" %*)
.REG files: (regedit.exe "%1")
.SCR files: ("%1" /S)
.TXT files: ("C:\Program Files\PSPad editor\PSPad.exe" "%1")
.VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)


--- STARTUP FOLDERS ---

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini -- [84] -- [28.08.2006 12:55]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini -- [84] -- [28.08.2006 12:55]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk -- [679] -- [27.01.2010 15:08]


--- TASK SCHEDULER JOBS ---

C:\WINDOWS\tasks\Google Software Updater.job -- [960] -- [27.02.2010 14:13]
C:\WINDOWS\tasks\Norton Security Scan for Acer.job -- [472] -- [23.02.2010 16:26]
C:\WINDOWS\tasks\AppleSoftwareUpdate.job -- [284] -- [20.02.2010 11:48]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -- [936] -- [27.02.2010 14:13]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -- [940] -- [27.02.2010 13:58]


Scan completed: so 27.02.2010 17:25:48,67
FINISHED


1. log GMER


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-27 17:47:07
Windows 6.1.7100
Running: gmer.exe; Driver: C:\Users\Acer\AppData\Local\Temp\kxldrpob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


2. log GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-27 18:00:55
Windows 6.1.7100
Running: gmer.exe; Driver: C:\Users\Acer\AppData\Local\Temp\kxldrpob.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83030AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83030104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830303F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83018FB4
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830301DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83030958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830306F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83030F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830311A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13B1 82C3F549 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C5F6B2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 94233C9D 28 Bytes [C4, 0D, 44, 96, 6C, DA, 11, ...]
.text peauth.sys 94233CC1 28 Bytes [C4, 0D, 44, 96, 6C, DA, 11, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 8443B000 85 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 4FE6 8443B056 61 Bytes [84, 5E, C3, 8B, FF, 55, 8B, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5024 8443B094 519 Bytes [84, FF, 25, 80, 11, 43, 84, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 522C 8443B29C 74 Bytes [01, 00, 51, 51, 8B, CC, 6A, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5681 8443B6F1 71 Bytes [6A, 0C, 68, 58, 54, 43, 84, ...]
PAGE ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1260] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7468245E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1260] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [746655EF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1260] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [746656AD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1260] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746824D9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1260] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7467853B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1260] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74674CEF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1260] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74675096] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1260] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7467516B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1260] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74676698] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1260] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74678292] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1260] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [746787E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1260] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74679044] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1260] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7467E1E7] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1260] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74674C21] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

[motji]

Stáhněte SystemLook
http://jpshortstuff.247fixes.com/SystemLook.exe

- uložte ho na plochu a spustte.
- do okénka zkopírujte

Kód: Vybrat vše

:filefind
0MHN
0WmdmPmSN

:regfind
0MHN
0WmdmPmSN

:service
0MHN
0WmdmPmSN

- klikněte na Look, proběhne sken, na konci se zobrazí log, jehož obsah zkopírujete sem



Stáhněte
http://rootrepeal.googlepages.com/RootRepeal.zip
-Stáhněte,rozbalte a spusťte
-vyberte záložku Drivers, pak Files, klikněte na Scan,
-proběhne sken, po něm klikněte na Save Report , tím se uloží log, který zkopírujete sem


start-spustit - napište chkdsk /f/r
-[enter]
souhlas - restartuje se pc a nechá se disk zkontrolovat

[alesholoska]

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 19:35 on 27/02/2010 by Administrator (Administrator - Elevation successful)

========== filefind ==========

Searching for "0MHN"
No files found.

Searching for "0WmdmPmSN"
No files found.

========== regfind ==========

Searching for "0MHN"
No data found.

Searching for "0WmdmPmSN"
No data found.

========== service ==========

0MHN - Unable to open Service Handle.

0WmdmPmSN - Unable to open Service Handle.

-=End Of File=-




ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/02/27 19:52
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\Temp\Ba
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Recent\systemlook (2).lnk
Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\administrator\local settings\temporary internet files\content.mso\mso1.tmp
Status: Allocation size mismatch (API: 1081344, Raw: 65536)

Path: c:\documents and settings\administrator\local settings\temporary internet files\content.mso\mso2.tmp
Status: Allocation size mismatch (API: 1081344, Raw: 98304)

Path: c:\documents and settings\administrator\local settings\temporary internet files\content.word\~wrs{ae4cbd73-6f3e-4284-8d40-9409a93276d3}.tmp
Status: Allocation size mismatch (API: 1081344, Raw: 196608)

[motji]

Ještě poprosím o záložku drivers

[alesholoska]

Víš už čím to může být??

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/02/27 23:41
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name:
Image Path:
Address: 0xF74B7000 Size: 98304 File Visible: No Signed: -
Status: -

Name:
Image Path:
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xF76E1000 Size: 53248 File Visible: - Signed: -
Status: -

Name: ABP480N5.SYS
Image Path: ABP480N5.SYS
Address: 0xF7999000 Size: 23552 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7543000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2252800 File Visible: - Signed: -
Status: -

Name: ACPIEC.sys
Image Path: ACPIEC.sys
Address: 0xF7AED000 Size: 11648 File Visible: - Signed: -
Status: -

Name: adpu160m.sys
Image Path: adpu160m.sys
Address: 0xF749E000 Size: 101888 File Visible: - Signed: -
Status: -

Name: agp440.sys
Image Path: agp440.sys
Address: 0xF7811000 Size: 42368 File Visible: - Signed: -
Status: -

Name: agpCPQ.sys
Image Path: agpCPQ.sys
Address: 0xF7821000 Size: 44928 File Visible: - Signed: -
Status: -

Name: aha154x.sys
Image Path: aha154x.sys
Address: 0xF7AF9000 Size: 12800 File Visible: - Signed: -
Status: -

Name: aic78u2.sys
Image Path: aic78u2.sys
Address: 0xF7751000 Size: 55168 File Visible: - Signed: -
Status: -

Name: aic78xx.sys
Image Path: aic78xx.sys
Address: 0xF7721000 Size: 56960 File Visible: - Signed: -
Status: -

Name: aliide.sys
Image Path: aliide.sys
Address: 0xF7BD5000 Size: 5248 File Visible: - Signed: -
Status: -

Name: alim1541.sys
Image Path: alim1541.sys
Address: 0xF77F1000 Size: 42752 File Visible: - Signed: -
Status: -

Name: amdagp.sys
Image Path: amdagp.sys
Address: 0xF7801000 Size: 43008 File Visible: - Signed: -
Status: -

Name: amsint.sys
Image Path: amsint.sys
Address: 0xF7B05000 Size: 12032 File Visible: - Signed: -
Status: -

Name: asc.sys
Image Path: asc.sys
Address: 0xF7969000 Size: 26496 File Visible: - Signed: -
Status: -

Name: asc3350p.sys
Image Path: asc3350p.sys
Address: 0xF79A1000 Size: 22400 File Visible: - Signed: -
Status: -

Name: asc3550.sys
Image Path: asc3550.sys
Address: 0xF7B09000 Size: 14848 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xF7AE9000 Size: 16384 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7C09000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7AE1000 Size: 12288 File Visible: - Signed: -
Status: -

Name: BtHidBus.sys
Image Path: BtHidBus.sys
Address: 0xF7B15000 Size: 13952 File Visible: - Signed: -
Status: -

Name: cbidf2k.sys
Image Path: cbidf2k.sys
Address: 0xF7B11000 Size: 13952 File Visible: - Signed: -
Status: -

Name: cd20xrnt.sys
Image Path: cd20xrnt.sys
Address: 0xF7BE1000 Size: 7680 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF737F000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF78F1000 Size: 49536 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF77B1000 Size: 53248 File Visible: - Signed: -
Status: -

Name: cledx.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cledx.sys
Address: 0xF73AF000 Size: 57344 File Visible: - Signed: -
Status: -

Name: cmdide.sys
Image Path: cmdide.sys
Address: 0xF7BDD000 Size: 6656 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xF7AE5000 Size: 9344 File Visible: - Signed: -
Status: -

Name: cpqarray.sys
Image Path: cpqarray.sys
Address: 0xF7AF5000 Size: 14976 File Visible: - Signed: -
Status: -

Name: dac2w2k.sys
Image Path: dac2w2k.sys
Address: 0xF7472000 Size: 179584 File Visible: - Signed: -
Status: -

Name: dac960nt.sys
Image Path: dac960nt.sys
Address: 0xF7B01000 Size: 14720 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF77A1000 Size: 36352 File Visible: - Signed: -
Status: -

Name: DKbFltr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
Address: 0xF7AB1000 Size: 16896 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF74CF000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF7BDF000 Size: 5888 File Visible: - Signed: -
Status: -

Name: dpti2o.sys
Image Path: dpti2o.sys
Address: 0xF79A9000 Size: 20192 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF6FAB000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7C1D000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF72E7000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C4000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7DDD000 Size: 4096 File Visible: - Signed: -
Status: -

Name: EMS7SK.sys
Image Path: C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
Address: 0xF7921000 Size: 61056 File Visible: - Signed: -
Status: -

Name: ESD7SK.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
Address: 0xF7931000 Size: 40064 File Visible: - Signed: -
Status: -

Name: ESM7SK.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
Address: 0xF71D9000 Size: 74752 File Visible: - Signed: -
Status: -

Name: Fastfat.sys
Image Path: Fastfat.sys
Address: 0xF741E000 Size: 143360 File Visible: - Signed: -
Status: -

Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xF7453000 Size: 124800 File Visible: - Signed: -
Status: -

Name: framebuf.dll
Image Path: C:\WINDOWS\System32\framebuf.dll
Address: 0xBFF50000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7C05000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF74F5000 Size: 125056 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806FD000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF721C000 Size: 151552 File Visible: - Signed: -
Status: -

Name: hpn.sys
Image Path: hpn.sys
Address: 0xF79B9000 Size: 25952 File Visible: - Signed: -
Status: -

Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xF7C01000 Size: 8192 File Visible: - Signed: -
Status: -

Name: i2omp.sys
Image Path: i2omp.sys
Address: 0xF7979000 Size: 18560 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF7911000 Size: 52736 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF78E1000 Size: 41856 File Visible: - Signed: -
Status: -

Name: ini910u.sys
Image Path: ini910u.sys
Address: 0xF7B0D000 Size: 16000 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: intelide.sys
Address: 0xF7BD7000 Size: 5504 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF76F1000 Size: 35840 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF7AC1000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7BD1000 Size: 8192 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF7241000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7407000 Size: 92544 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF7A01000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7701000 Size: 42240 File Visible: - Signed: -
Status: -

Name: mraid35x.sys
Image Path: mraid35x.sys
Address: 0xF7971000 Size: 17280 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF7A59000 Size: 19072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF72DF000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF73BF000 Size: 107904 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF73DA000 Size: 182912 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7A69000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Ntfs.SYS
Address: 0xF6FEB000 Size: 574592 File Visible: - Signed: -
Status: -

Name: NTIDrvr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
Address: 0xF7BEB000 Size: 6144 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2252800 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7CAF000 Size: 2944 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF76D1000 Size: 61056 File Visible: - Signed: -
Status: -

Name: OPRGHDLR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Address: 0xF7C9A000 Size: 4096 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF7959000 Size: 18688 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7532000 Size: 68224 File Visible: - Signed: -
Status: -

Name: PCI_PNP9406
Image Path: \Driver\PCI_PNP9406
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7C99000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF7951000 Size: 28672 File Visible: - Signed: -
Status: -

Name: perc2.sys
Image Path: perc2.sys
Address: 0xF79B1000 Size: 27296 File Visible: - Signed: -
Status: -

Name: perc2hib.sys
Image Path: perc2hib.sys
Address: 0xF7BE3000 Size: 5504 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2252800 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF77C1000 Size: 37376 File Visible: - Signed: -
Status: -

Name: ql1080.sys
Image Path: ql1080.sys
Address: 0xF7771000 Size: 40320 File Visible: - Signed: -
Status: -

Name: ql10wnt.sys
Image Path: ql10wnt.sys
Address: 0xF7731000 Size: 33152 File Visible: - Signed: -
Status: -

Name: ql12160.sys
Image Path: ql12160.sys
Address: 0xF7791000 Size: 45312 File Visible: - Signed: -
Status: -

Name: ql1240.sys
Image Path: ql1240.sys
Address: 0xF7741000 Size: 40448 File Visible: - Signed: -
Status: -

Name: ql1280.sys
Image Path: ql1280.sys
Address: 0xF7781000 Size: 49024 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2252800 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF71A8000 Size: 196864 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF7901000 Size: 57472 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF711C000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xF7598000 Size: 98304 File Visible: - Signed: -
Status: -

Name: sisagp.sys
Image Path: sisagp.sys
Address: 0xF77D1000 Size: 41088 File Visible: - Signed: -
Status: -

Name: sparrow.sys
Image Path: sparrow.sys
Address: 0xF7961000 Size: 19072 File Visible: - Signed: -
Status: -

Name: spjj.sys
Image Path: spjj.sys
Address: 0xF75B0000 Size: 1048576 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF7441000 Size: 73472 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7BFB000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sym_hi.sys
Image Path: sym_hi.sys
Address: 0xF7989000 Size: 28384 File Visible: - Signed: -
Status: -

Name: sym_u3.sys
Image Path: sym_u3.sys
Address: 0xF7991000 Size: 30688 File Visible: - Signed: -
Status: -

Name: symc810.sys
Image Path: symc810.sys
Address: 0xF7AFD000 Size: 16256 File Visible: - Signed: -
Status: -

Name: symc8xx.sys
Image Path: symc8xx.sys
Address: 0xF7981000 Size: 32640 File Visible: - Signed: -
Status: -

Name: SynTP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\SynTP.sys
Address: 0xF71EC000 Size: 192672 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF7941000 Size: 40704 File Visible: - Signed: -
Status: -

Name: toside.sys
Image Path: toside.sys
Address: 0xF7BD9000 Size: 4992 File Visible: - Signed: -
Status: -

Name: UBHelper.sys
Image Path: UBHelper.sys
Address: 0xF7AF1000 Size: 13952 File Visible: - Signed: -
Status: -

Name: ultra.sys
Image Path: ultra.sys
Address: 0xF7761000 Size: 36736 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF7174000 Size: 209408 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7BF3000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF7A09000 Size: 26624 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF739F000 Size: 57600 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Address: 0xF79C1000 Size: 17024 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF7264000 Size: 143360 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xF7A41000 Size: 26496 File Visible: - Signed: -
Status: -

Name: vax347b.sys
Image Path: vax347b.sys
Address: 0xF7571000 Size: 159616 File Visible: - Signed: -
Status: -

Name: vax347s.sys
Image Path: vax347s.sys
Address: 0xF7BE5000 Size: 5248 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7A39000 Size: 20992 File Visible: - Signed: -
Status: -

Name: viaagp.sys
Image Path: viaagp.sys
Address: 0xF77E1000 Size: 42240 File Visible: - Signed: -
Status: -

Name: viaide.sys
Image Path: viaide.sys
Address: 0xF7BDB000 Size: 5376 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\System32\drivers\VIDEOPRT.SYS
Address: 0xF7098000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7711000 Size: 52352 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF7A61000 Size: 20480 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: wmiacpi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
Address: 0xF7BAD000 Size: 8832 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\WMILIB.SYS
Address: 0xF7BD3000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2252800 File Visible: - Signed: -
Status: -

[motji]

Zatím nevím, mám jen trochu tušení, zítra to ověřím .
Zítra pořádně projdu logy, dnes už na to nevidím

[motji]

Zkus odinstalovat Daemon nebo co máš.
Odkdy Ti to dělá - neinstaloval jsi něco, nestahoval nějaké soubory?

Stahněte dr. Web CureIt http://www.viry.cz/forum/viewtopic.php?f=29&t=47721
-udělejte sken , co najde nechte léčit, smazat
-sken může trvat několik hodin
-Soubor/Uložit výsledky - uložíte jako textovy soubor a zkopírujete zde

[motji]

Ahoj, jak to s Tebou vypadá?

[alesholoska]

Když spustím kompletní sken CureIt, tak mi to vždycky v polovině skončí BSOD.

Ale už se mi podařilo zachytit text chybové hlášky, která se zobrazuje při BSOD, když se nepřihlásím v systému nouze:

Je to tato:

Kód: Vybrat vše

STOP: c00021a {Fatal System Error}
The WIndows SubSystem system process terminated unexpectedly with a status of 0xc000005 (0x7c91012b3 0x0073ec24)
The system has been shut down.