Problémy s asociáciou exe súborov atd (UPM Log)
Napsal: 09 čer 2010 16:34
Dobrý deň,
mám problémy s mojim win xp, napr:
-nejde spustit combofix (file is not associated..., folder c:\ is not accessible), upm som nainštaloval až po manuálnom vytvorení inštalačného adresára
-nejde tagovat hudba vo winampe, mnohé súbory nejdú prehrať, resp ani vložiť do playlistu (c:\xyz is not accessible, access denied)
-ponuka start->all programs často zamŕza a nie je funkčná
ps: manuálne som opravoval asociáciu exe súborov v registroch podľa návodu ale nepomohlo
:mám vypnuté system restore a preskenovaný celý PC comodo antivírom
Prikladám log z UPM, za každú pomoc alebo radu budem vďačný
ďakujem
Windows XP SP 2 (build 2600)
Boot Mode: Normal
Ověření souborů Microsoftu: Ano
Whitelist: Ano
Internet Explorer v
Log vygenerován: 6/9/2010 5:23:42 PM
================================================================
SmallARK
================================================================
[R]NtAdjustPrivilegesToken -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[?]NtClose -> C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
[R]NtConnectPort -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[?]NtCreateFile -> C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
[?]NtCreateKey -> C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
[R]NtCreatePort -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[?]NtCreateSection -> C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
[R]NtCreateSymbolicLinkObject -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtCreateThread -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[?]NtDeleteKey -> C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
[?]NtDeleteValueKey -> C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
[R]NtDuplicateObject -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtEnumerateKey -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtEnumerateValueKey -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[?]NtLoadDriver -> C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
[R]NtMakeTemporaryObject -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[?]NtOpenFile -> C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
[R]NtOpenKey -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtOpenProcess -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtOpenSection -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtOpenThread -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtQueryKey -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtQueryMultipleValueKey -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtQueryValueKey -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtRenameKey -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtRequestWaitReplyPort -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtSecureConnectPort -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[?]NtSetInformationFile -> C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
[R]NtSetSecurityObject -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtSetSystemInformation -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[?]NtSetValueKey -> C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
[R]NtShutdownSystem -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtSystemDebugControl -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[?]NtTerminateProcess -> C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
[R]NtTerminateThread -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[?]NtWriteFile -> C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
Běžící procesy
================================================================
C:\WINDOWS.0\SYSTEM32\NVSVC32.EXE
C:\PROGRAM FILES\SPYWARE TERMINATOR\SP_RSSER.EXE
Scanner
================================================================
[R] gservice.exe
EntryPoint v sekci: UPX1
|_ Celkový počet sekcí: 3
[?] nvsvc32.exe
Non Microsoft v System32:
Soubor 7%
[?] sp_rsser.exe
EntryPoint v sekci: .ITEXT
|_ Celkový počet sekcí: 9
Nemá okno
Soubor 70%
[S] explorer.exe
Spouští se po startu HKLM Winlogon [Shell]
[R] TOTALCMD.EXE
EntryPoint v sekci: UPX1
|_ Celkový počet sekcí: 3
Po spuštění
================================================================
HKCU Run
|_ [R][Google Update] C:\Documents and Settings\Lukas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c
|_ [!][SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
|_ [R][GizmoDriveDelegate] C:\PROGRA~1\GIZMO\GDRIVE.DLL ,Remount_Startup_Images
HKLM Run
|_ [?][NvCplDaemon] C:\WINDOWS.0\system32\NvCpl.dll ,NvStartup
|_ [?][nwiz] nwiz.exe /install
|_ [?][NvMediaCenter] C:\WINDOWS.0\system32\NvMcTray.dll ,NvTaskbarInit
|_ [?][HGTXPEI] C:\WINDOWS.0\system32\FirstReboot.exe
|_ [X][SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint (Soubor nenalezen)
|_ [R][COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe -h
|_ [!][SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
|_ [?][UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
HKLM IC
|_ [?][{6BF52A52-394A-11d3-B153-00C04F79FAA6}] C:\WINDOWS.0\INF\wmp.inf ,PerUserStub
Služby (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[X] Google Update Service (gupdate)
|_ Cesta: C:\Program Files\Google\Update\GoogleUpdate.exe /svc
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: gupdate
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ: Win32 Own Process
|_ Dependency: RPCSS
[?] NVIDIA Display Driver Service
|_ Cesta: C:\WINDOWS.0\system32\nvsvc32.exe
| |_ Výrobce: NVIDIA Corporation
| |_ Popis: NVIDIA Driver Helper Service, Version 61.77
| |_ MD5: E0F8F86EECAC5D01AF9BB4406A347178
|
|_ Jméno: NVSvc
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:
[X] Secondary Logon
|_ Cesta: C:\WINDOWS.0\System32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Generic Host Process for Win32 Services
| |_ MD5: 8F078AE4ED187AAABC0A305146DE6716
|
|_ ServiceDLL: C:\WINDOWS.0\System32\seclogon.dll
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: seclogon
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ:
|_ Dependency:
[!] Spyware Terminator Realtime Shield Service
|_ Cesta: C:\Program Files\Spyware Terminator\sp_rsser.exe
| |_ Výrobce: Crawler.com
| |_ Popis: Spyware Terminator Realtime Shield Service
| |_ MD5: 4A4A857713740E1564F0B7623493AF06
|
|_ Jméno: sp_rssrv
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:
[X] wscsvc
|_ Cesta: C:\WINDOWS.0\System32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Generic Host Process for Win32 Services
| |_ MD5: 8F078AE4ED187AAABC0A305146DE6716
|
|_ ServiceDLL: C:\WINDOWS.0\system32\wscsvc.dll
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: wscsvc
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ: Win32 Share Process
|_ Dependency: RpcSs
Ovladače (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] MSI/Broadcom 440x 10/100 Integrated Controller XP Driver
|_ Cesta: C:\WINDOWS.0\system32\DRIVERS\bcm4sbxp.sys
| |_ Výrobce: Broadcom Corporation
| |_ Popis: Broadcom Corporation NDIS 5.1 ethernet driver
| |_ MD5: 068523D2CD260069B19AD68ADEA0D739
|
|_ Jméno: bcm4sbxp
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] C-Media WDM Audio Interface
|_ Cesta: C:\WINDOWS.0\system32\drivers\cmuda.sys
| |_ Výrobce: C-Media Inc
| |_ Popis: C-Media Audio WDM Driver
| |_ MD5: 521E6148BFDAB257CDEE9BF01FE72F1A
|
|_ Jméno: cmuda
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] Hercules (R) WDM Audio Driver
|_ Cesta: C:\WINDOWS.0\system32\drivers\hercspud.sys
| |_ Výrobce: Hercules (R)
| |_ Popis: Hercules (R) WDM PCI Driver
| |_ MD5: E58601B468592F97CDB6C3DB11B314C6
|
|_ Jméno: hercspud
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] Hercules (R) WDM Interface Driver
|_ Cesta: C:\WINDOWS.0\system32\drivers\hercwdm.sys
| |_ Výrobce: Hercules (R)
| |_ Popis: Hercules (R) WDM PCI Driver
| |_ MD5: 5B4A9FCC85EE8843003C069899ABA38C
|
|_ Jméno: hercwdm
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] nv
|_ Cesta: C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys
| |_ Výrobce: NVIDIA Corporation
| |_ Popis: NVIDIA Compatible Windows 2000 Miniport Driver, Version 61.77
| |_ MD5: 8E836672C1E476772CD18B7B4A671B4B
|
|_ Jméno: nv
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] sptd
|_ Cesta: C:\WINDOWS.0\System32\Drivers\sptd.sys
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: sptd
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] Spyware Terminator Driver 2
|_ Cesta: C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
| |_ Výrobce: ?
| |_ Popis: ?
| |_ MD5: 8831252BCF05FCFB5ABD116A22E552D8
|
|_ Jméno: sp_rsdrv2
|_ StartName:
|_ Typ spouštění: System Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] ViaIde
|_ Cesta: C:\WINDOWS.0\system32\DRIVERS\viaide.sys
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Generic PCI IDE Bus Driver
| |_ MD5: 59CB1338AD3654417BEA49636457F65D
|
|_ Jméno: ViaIde
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
lNetStat
================================================================
Typ: PID Proces Local <-> Remote Status
-----------------------------------------------------------------------------------------
TCP (1152) svchost.exe 0.0.0.0:135 LISTENING
TCP (4) Systém 0.0.0.0:445 LISTENING
TCP (1568) svchost.exe 0.0.0.0:2869 LISTENING
TCP (600) alg.exe 127.0.0.1:1026 LISTENING
TCP (3032) firefox.exe 127.0.0.1:1279 <-> 127.0.0.1:1280 ESTABLISHED
TCP (3032) firefox.exe 127.0.0.1:1280 <-> 127.0.0.1:1279 ESTABLISHED
TCP (3032) firefox.exe 127.0.0.1:1282 <-> 127.0.0.1:1283 ESTABLISHED
TCP (3032) firefox.exe 127.0.0.1:1283 <-> 127.0.0.1:1282 ESTABLISHED
TCP (4) Systém 192.168.0.107:139 LISTENING
TCP (1260) cmdagent.exe 192.168.0.107:1275 CLOSE_WAIT
TCP (1260) cmdagent.exe 192.168.0.107:1276 CLOSE_WAIT
TCP (0) 192.168.0.107:1284 TIME_WAIT
TCP (0) 192.168.0.107:1288 TIME_WAIT
TCP (0) 192.168.0.107:1292 TIME_WAIT
TCP (3032) firefox.exe 192.168.0.107:1293 <-> 66.102.13.139:80 ESTABLISHED
TCP (3032) firefox.exe 192.168.0.107:1294 <-> 66.102.13.139:80 ESTABLISHED
TCP (3032) firefox.exe 192.168.0.107:1295 <-> 209.85.229.149:80 ESTABLISHED
TCP (3032) firefox.exe 192.168.0.107:1296 <-> 209.85.229.100:80 ESTABLISHED
TCP (3448) UPM.exe 192.168.0.107:1299 <-> 199.7.52.190:80 ESTABLISHED
TCP (0) 192.168.0.107:1310 TIME_WAIT
TCP (0) 192.168.0.107:1314 TIME_WAIT
TCP (0) 192.168.0.107:1315 TIME_WAIT
TCP (0) 192.168.0.107:1318 TIME_WAIT
TCP (0) 192.168.0.107:1319 TIME_WAIT
TCP (3032) firefox.exe 192.168.0.107:1320 <-> 65.254.250.109:80 ESTABLISHED
TCP (0) 192.168.0.107:1322 TIME_WAIT
TCP (0) 192.168.0.107:1323 TIME_WAIT
TCP (0) 192.168.0.107:1324 TIME_WAIT
TCP (0) 192.168.0.107:1329 TIME_WAIT
TCP (0) 192.168.0.107:1332 TIME_WAIT
TCP (3032) firefox.exe 192.168.0.107:1334 CLOSE_WAIT
TCP (3032) firefox.exe 192.168.0.107:1336 CLOSE_WAIT
TCP (3032) firefox.exe 192.168.0.107:1337 <-> 95.168.205.43:80 ESTABLISHED
UDP (4) Systém 0.0.0.0:445 <-> 199.7.71.190:80 ESTABLISHED
UDP (920) lsass.exe 0.0.0.0:500
UDP (1468) svchost.exe 0.0.0.0:1025
UDP (1468) svchost.exe 0.0.0.0:1065
UDP (1468) svchost.exe 0.0.0.0:1291
UDP (1468) svchost.exe 0.0.0.0:1302
UDP (1468) svchost.exe 0.0.0.0:1304
UDP (1468) svchost.exe 0.0.0.0:1306
UDP (1468) svchost.exe 0.0.0.0:1308
UDP (920) lsass.exe 0.0.0.0:4500
UDP (1316) svchost.exe 127.0.0.1:123
UDP (1568) svchost.exe 127.0.0.1:1900
UDP (1316) svchost.exe 192.168.0.107:123
UDP (4) Systém 192.168.0.107:137
UDP (4) Systém 192.168.0.107:138
UDP (1568) svchost.exe 192.168.0.107:1900
Moduly (Zobraz i bezpečné DLL: False, Jen bez výrobce: True, Zobraz registrované: False)
================================================================
[?] softokn3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\softokn3.dll
|_ MD5: 1FD6C03C0001A5E1EAF61596C2502F0C
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (3032)
[?] nssdbm3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\nssdbm3.dll
|_ MD5: 9DFB30F203999A3AE0F258A33FA598F9
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (3032)
[?] freebl3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\freebl3.dll
|_ MD5: 26B018758226A5DC06DE45496C394D40
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (3032)
Výpis souborů
================================================================
\System32:
[?] binkw32.dll 12 ncmpny, {2B422B0D}
[?] EndInstall.exe ENDINS~1.EXE 12 ncmpny, {C0BA4AC1}
[?] FirstReboot.exe FIRSTR~1.EXE 12 ncmpny, {B2C39644}
[?] GUStrLib.dll 7 no vrfy, {62D9F661}
[?] hercplgs.cpl 14 no vrfy, {9F6AD28D}
[?] HHACTIVEX.DLL HHACTI~1.DLL 7 no vrfy, {6542ED78}
[?] INETWH32.dll 7 no vrfy, {6E59F68C}
[?] keystone.exe 7 no vrfy, {1B4EB61B}
[?] nv4_disp.dll 7 no vrfy, {167BBB86}
[?] nvappbar.exe 14 no vrfy, {54C38DBD}
[?] nvcod.dll 7 no vrfy, {4468ABEB}
[?] nvcodins.dll 7 no vrfy, {4468ABEB}
[?] nvcpl.dll 14 no vrfy, {054B57FB}
[?] nvdspsch.exe 14 no vrfy, {AA8554BD}
[?] nview.dll 7 no vrfy, {5BF8152E}
[?] nvmctray.dll 7 no vrfy, {653AE8B8}
[?] nvnt4cpl.dll 14 no vrfy, {9F2CBBE2}
[?] nvoglnt.dll 7 no vrfy, {95478474}
[?] nvshell.dll 14 no vrfy, {C65FE3E0}
[?] nvsvc32.exe 7 no vrfy, {313EA9BA}
[?] nvtuicpl.cpl 14 no vrfy, {3920873C}
[?] nvudisp.exe 14 no vrfy, {B794B65F}
[?] nvwddi.dll 7 no vrfy, {B1AAEB6C}
[?] nvwdmcpl.dll 14 no vrfy, {A1BA008C}
[?] nwiz.exe 14 no vrfy, {2805B5B9}
[?] sfc_os.dll 12 ncmpny, {A8EACD83}
[?] UninstallXP.exe UNINST~1.EXE 12 ncmpny, {F129846D}
[?] uxtheme.dll 12 ncmpny, {28DB3E67}
\Drivers:
[?] sp_rsdrv2.sys SP_RSD~1.SYS 25 ncmpny, {0FB6D88F}
Access violations - HKCU
================================================================
================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ]
mám problémy s mojim win xp, napr:
-nejde spustit combofix (file is not associated..., folder c:\ is not accessible), upm som nainštaloval až po manuálnom vytvorení inštalačného adresára
-nejde tagovat hudba vo winampe, mnohé súbory nejdú prehrať, resp ani vložiť do playlistu (c:\xyz is not accessible, access denied)
-ponuka start->all programs často zamŕza a nie je funkčná
ps: manuálne som opravoval asociáciu exe súborov v registroch podľa návodu ale nepomohlo
:mám vypnuté system restore a preskenovaný celý PC comodo antivírom
Prikladám log z UPM, za každú pomoc alebo radu budem vďačný
ďakujem
Windows XP SP 2 (build 2600)
Boot Mode: Normal
Ověření souborů Microsoftu: Ano
Whitelist: Ano
Internet Explorer v
Log vygenerován: 6/9/2010 5:23:42 PM
================================================================
SmallARK
================================================================
[R]NtAdjustPrivilegesToken -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[?]NtClose -> C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
[R]NtConnectPort -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[?]NtCreateFile -> C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
[?]NtCreateKey -> C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
[R]NtCreatePort -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[?]NtCreateSection -> C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
[R]NtCreateSymbolicLinkObject -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtCreateThread -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[?]NtDeleteKey -> C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
[?]NtDeleteValueKey -> C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
[R]NtDuplicateObject -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtEnumerateKey -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtEnumerateValueKey -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[?]NtLoadDriver -> C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
[R]NtMakeTemporaryObject -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[?]NtOpenFile -> C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
[R]NtOpenKey -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtOpenProcess -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtOpenSection -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtOpenThread -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtQueryKey -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtQueryMultipleValueKey -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtQueryValueKey -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtRenameKey -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtRequestWaitReplyPort -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtSecureConnectPort -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[?]NtSetInformationFile -> C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
[R]NtSetSecurityObject -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtSetSystemInformation -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[?]NtSetValueKey -> C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
[R]NtShutdownSystem -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[R]NtSystemDebugControl -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[?]NtTerminateProcess -> C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
[R]NtTerminateThread -> C:\WINDOWS.0\system32\drivers\cmdguard.sys
[?]NtWriteFile -> C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
Běžící procesy
================================================================
C:\WINDOWS.0\SYSTEM32\NVSVC32.EXE
C:\PROGRAM FILES\SPYWARE TERMINATOR\SP_RSSER.EXE
Scanner
================================================================
[R] gservice.exe
EntryPoint v sekci: UPX1
|_ Celkový počet sekcí: 3
[?] nvsvc32.exe
Non Microsoft v System32:
Soubor 7%
[?] sp_rsser.exe
EntryPoint v sekci: .ITEXT
|_ Celkový počet sekcí: 9
Nemá okno
Soubor 70%
[S] explorer.exe
Spouští se po startu HKLM Winlogon [Shell]
[R] TOTALCMD.EXE
EntryPoint v sekci: UPX1
|_ Celkový počet sekcí: 3
Po spuštění
================================================================
HKCU Run
|_ [R][Google Update] C:\Documents and Settings\Lukas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c
|_ [!][SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
|_ [R][GizmoDriveDelegate] C:\PROGRA~1\GIZMO\GDRIVE.DLL ,Remount_Startup_Images
HKLM Run
|_ [?][NvCplDaemon] C:\WINDOWS.0\system32\NvCpl.dll ,NvStartup
|_ [?][nwiz] nwiz.exe /install
|_ [?][NvMediaCenter] C:\WINDOWS.0\system32\NvMcTray.dll ,NvTaskbarInit
|_ [?][HGTXPEI] C:\WINDOWS.0\system32\FirstReboot.exe
|_ [X][SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint (Soubor nenalezen)
|_ [R][COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe -h
|_ [!][SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
|_ [?][UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
HKLM IC
|_ [?][{6BF52A52-394A-11d3-B153-00C04F79FAA6}] C:\WINDOWS.0\INF\wmp.inf ,PerUserStub
Služby (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[X] Google Update Service (gupdate)
|_ Cesta: C:\Program Files\Google\Update\GoogleUpdate.exe /svc
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: gupdate
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ: Win32 Own Process
|_ Dependency: RPCSS
[?] NVIDIA Display Driver Service
|_ Cesta: C:\WINDOWS.0\system32\nvsvc32.exe
| |_ Výrobce: NVIDIA Corporation
| |_ Popis: NVIDIA Driver Helper Service, Version 61.77
| |_ MD5: E0F8F86EECAC5D01AF9BB4406A347178
|
|_ Jméno: NVSvc
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:
[X] Secondary Logon
|_ Cesta: C:\WINDOWS.0\System32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Generic Host Process for Win32 Services
| |_ MD5: 8F078AE4ED187AAABC0A305146DE6716
|
|_ ServiceDLL: C:\WINDOWS.0\System32\seclogon.dll
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: seclogon
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ:
|_ Dependency:
[!] Spyware Terminator Realtime Shield Service
|_ Cesta: C:\Program Files\Spyware Terminator\sp_rsser.exe
| |_ Výrobce: Crawler.com
| |_ Popis: Spyware Terminator Realtime Shield Service
| |_ MD5: 4A4A857713740E1564F0B7623493AF06
|
|_ Jméno: sp_rssrv
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:
[X] wscsvc
|_ Cesta: C:\WINDOWS.0\System32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Generic Host Process for Win32 Services
| |_ MD5: 8F078AE4ED187AAABC0A305146DE6716
|
|_ ServiceDLL: C:\WINDOWS.0\system32\wscsvc.dll
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: wscsvc
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ: Win32 Share Process
|_ Dependency: RpcSs
Ovladače (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] MSI/Broadcom 440x 10/100 Integrated Controller XP Driver
|_ Cesta: C:\WINDOWS.0\system32\DRIVERS\bcm4sbxp.sys
| |_ Výrobce: Broadcom Corporation
| |_ Popis: Broadcom Corporation NDIS 5.1 ethernet driver
| |_ MD5: 068523D2CD260069B19AD68ADEA0D739
|
|_ Jméno: bcm4sbxp
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] C-Media WDM Audio Interface
|_ Cesta: C:\WINDOWS.0\system32\drivers\cmuda.sys
| |_ Výrobce: C-Media Inc
| |_ Popis: C-Media Audio WDM Driver
| |_ MD5: 521E6148BFDAB257CDEE9BF01FE72F1A
|
|_ Jméno: cmuda
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] Hercules (R) WDM Audio Driver
|_ Cesta: C:\WINDOWS.0\system32\drivers\hercspud.sys
| |_ Výrobce: Hercules (R)
| |_ Popis: Hercules (R) WDM PCI Driver
| |_ MD5: E58601B468592F97CDB6C3DB11B314C6
|
|_ Jméno: hercspud
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] Hercules (R) WDM Interface Driver
|_ Cesta: C:\WINDOWS.0\system32\drivers\hercwdm.sys
| |_ Výrobce: Hercules (R)
| |_ Popis: Hercules (R) WDM PCI Driver
| |_ MD5: 5B4A9FCC85EE8843003C069899ABA38C
|
|_ Jméno: hercwdm
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] nv
|_ Cesta: C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys
| |_ Výrobce: NVIDIA Corporation
| |_ Popis: NVIDIA Compatible Windows 2000 Miniport Driver, Version 61.77
| |_ MD5: 8E836672C1E476772CD18B7B4A671B4B
|
|_ Jméno: nv
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] sptd
|_ Cesta: C:\WINDOWS.0\System32\Drivers\sptd.sys
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: sptd
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] Spyware Terminator Driver 2
|_ Cesta: C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys
| |_ Výrobce: ?
| |_ Popis: ?
| |_ MD5: 8831252BCF05FCFB5ABD116A22E552D8
|
|_ Jméno: sp_rsdrv2
|_ StartName:
|_ Typ spouštění: System Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] ViaIde
|_ Cesta: C:\WINDOWS.0\system32\DRIVERS\viaide.sys
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Generic PCI IDE Bus Driver
| |_ MD5: 59CB1338AD3654417BEA49636457F65D
|
|_ Jméno: ViaIde
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
lNetStat
================================================================
Typ: PID Proces Local <-> Remote Status
-----------------------------------------------------------------------------------------
TCP (1152) svchost.exe 0.0.0.0:135 LISTENING
TCP (4) Systém 0.0.0.0:445 LISTENING
TCP (1568) svchost.exe 0.0.0.0:2869 LISTENING
TCP (600) alg.exe 127.0.0.1:1026 LISTENING
TCP (3032) firefox.exe 127.0.0.1:1279 <-> 127.0.0.1:1280 ESTABLISHED
TCP (3032) firefox.exe 127.0.0.1:1280 <-> 127.0.0.1:1279 ESTABLISHED
TCP (3032) firefox.exe 127.0.0.1:1282 <-> 127.0.0.1:1283 ESTABLISHED
TCP (3032) firefox.exe 127.0.0.1:1283 <-> 127.0.0.1:1282 ESTABLISHED
TCP (4) Systém 192.168.0.107:139 LISTENING
TCP (1260) cmdagent.exe 192.168.0.107:1275 CLOSE_WAIT
TCP (1260) cmdagent.exe 192.168.0.107:1276 CLOSE_WAIT
TCP (0) 192.168.0.107:1284 TIME_WAIT
TCP (0) 192.168.0.107:1288 TIME_WAIT
TCP (0) 192.168.0.107:1292 TIME_WAIT
TCP (3032) firefox.exe 192.168.0.107:1293 <-> 66.102.13.139:80 ESTABLISHED
TCP (3032) firefox.exe 192.168.0.107:1294 <-> 66.102.13.139:80 ESTABLISHED
TCP (3032) firefox.exe 192.168.0.107:1295 <-> 209.85.229.149:80 ESTABLISHED
TCP (3032) firefox.exe 192.168.0.107:1296 <-> 209.85.229.100:80 ESTABLISHED
TCP (3448) UPM.exe 192.168.0.107:1299 <-> 199.7.52.190:80 ESTABLISHED
TCP (0) 192.168.0.107:1310 TIME_WAIT
TCP (0) 192.168.0.107:1314 TIME_WAIT
TCP (0) 192.168.0.107:1315 TIME_WAIT
TCP (0) 192.168.0.107:1318 TIME_WAIT
TCP (0) 192.168.0.107:1319 TIME_WAIT
TCP (3032) firefox.exe 192.168.0.107:1320 <-> 65.254.250.109:80 ESTABLISHED
TCP (0) 192.168.0.107:1322 TIME_WAIT
TCP (0) 192.168.0.107:1323 TIME_WAIT
TCP (0) 192.168.0.107:1324 TIME_WAIT
TCP (0) 192.168.0.107:1329 TIME_WAIT
TCP (0) 192.168.0.107:1332 TIME_WAIT
TCP (3032) firefox.exe 192.168.0.107:1334 CLOSE_WAIT
TCP (3032) firefox.exe 192.168.0.107:1336 CLOSE_WAIT
TCP (3032) firefox.exe 192.168.0.107:1337 <-> 95.168.205.43:80 ESTABLISHED
UDP (4) Systém 0.0.0.0:445 <-> 199.7.71.190:80 ESTABLISHED
UDP (920) lsass.exe 0.0.0.0:500
UDP (1468) svchost.exe 0.0.0.0:1025
UDP (1468) svchost.exe 0.0.0.0:1065
UDP (1468) svchost.exe 0.0.0.0:1291
UDP (1468) svchost.exe 0.0.0.0:1302
UDP (1468) svchost.exe 0.0.0.0:1304
UDP (1468) svchost.exe 0.0.0.0:1306
UDP (1468) svchost.exe 0.0.0.0:1308
UDP (920) lsass.exe 0.0.0.0:4500
UDP (1316) svchost.exe 127.0.0.1:123
UDP (1568) svchost.exe 127.0.0.1:1900
UDP (1316) svchost.exe 192.168.0.107:123
UDP (4) Systém 192.168.0.107:137
UDP (4) Systém 192.168.0.107:138
UDP (1568) svchost.exe 192.168.0.107:1900
Moduly (Zobraz i bezpečné DLL: False, Jen bez výrobce: True, Zobraz registrované: False)
================================================================
[?] softokn3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\softokn3.dll
|_ MD5: 1FD6C03C0001A5E1EAF61596C2502F0C
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (3032)
[?] nssdbm3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\nssdbm3.dll
|_ MD5: 9DFB30F203999A3AE0F258A33FA598F9
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (3032)
[?] freebl3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\freebl3.dll
|_ MD5: 26B018758226A5DC06DE45496C394D40
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (3032)
Výpis souborů
================================================================
\System32:
[?] binkw32.dll 12 ncmpny, {2B422B0D}
[?] EndInstall.exe ENDINS~1.EXE 12 ncmpny, {C0BA4AC1}
[?] FirstReboot.exe FIRSTR~1.EXE 12 ncmpny, {B2C39644}
[?] GUStrLib.dll 7 no vrfy, {62D9F661}
[?] hercplgs.cpl 14 no vrfy, {9F6AD28D}
[?] HHACTIVEX.DLL HHACTI~1.DLL 7 no vrfy, {6542ED78}
[?] INETWH32.dll 7 no vrfy, {6E59F68C}
[?] keystone.exe 7 no vrfy, {1B4EB61B}
[?] nv4_disp.dll 7 no vrfy, {167BBB86}
[?] nvappbar.exe 14 no vrfy, {54C38DBD}
[?] nvcod.dll 7 no vrfy, {4468ABEB}
[?] nvcodins.dll 7 no vrfy, {4468ABEB}
[?] nvcpl.dll 14 no vrfy, {054B57FB}
[?] nvdspsch.exe 14 no vrfy, {AA8554BD}
[?] nview.dll 7 no vrfy, {5BF8152E}
[?] nvmctray.dll 7 no vrfy, {653AE8B8}
[?] nvnt4cpl.dll 14 no vrfy, {9F2CBBE2}
[?] nvoglnt.dll 7 no vrfy, {95478474}
[?] nvshell.dll 14 no vrfy, {C65FE3E0}
[?] nvsvc32.exe 7 no vrfy, {313EA9BA}
[?] nvtuicpl.cpl 14 no vrfy, {3920873C}
[?] nvudisp.exe 14 no vrfy, {B794B65F}
[?] nvwddi.dll 7 no vrfy, {B1AAEB6C}
[?] nvwdmcpl.dll 14 no vrfy, {A1BA008C}
[?] nwiz.exe 14 no vrfy, {2805B5B9}
[?] sfc_os.dll 12 ncmpny, {A8EACD83}
[?] UninstallXP.exe UNINST~1.EXE 12 ncmpny, {F129846D}
[?] uxtheme.dll 12 ncmpny, {28DB3E67}
\Drivers:
[?] sp_rsdrv2.sys SP_RSD~1.SYS 25 ncmpny, {0FB6D88F}
Access violations - HKCU
================================================================
================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ]
tak to pôjdem vyskúšať,