nejde mi nastavit pozadie na prac ploche

fonseka · Příspěvek od **fonseka** » pát 9. lis 2007, 22:14

nejde mi nastavit pozadie na prac ploche...mal som v pc nejaky viry ale zmazal som ich...potom mi neslo spustit taskmanager ale to som uz vyriesil no a este ostal tento problem...ked chcem plochu nastavit cez vlastnosti tak nic nejde a vyzera to nejako takto

tak pls pomozte...vopred dik

BUBINO · Příspěvek od **BUBINO** » pát 9. lis 2007, 22:52

Dobry vecer !

Vlozte sem log z HijackThis :
Stiahnite si na plochu a nainstalujte HJT : http://www.trendsecure.com/portal/en-US ... hijackthis

Otvorte a kliknite na "DO A SYSTEM SCAN AND SAVE A LOGFILE" Zacne skenovanie ahned vam nabehne log v poznamkovom bloku . Ten skopirujte sem ,

fonseka · Příspěvek od **fonseka** » pát 9. lis 2007, 22:58

tak tu to je...dufam ze mi pomozete

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:50, on 9.11.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
D:\Programy\AVGANT~1\avgamsvr.exe
D:\Programy\AVGANT~1\avgupsvc.exe
D:\Programy\AVGANT~1\avgemc.exe
D:\Programy\3dsmax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\System32\locator.exe
D:\Programy\Ochrana\Spyware Doctor\sdhelp.exe
D:\Programy\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\atiptaxx.exe
D:\Programy\AVGANT~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Programy\ICQ\ICQ6\ICQ.exe
D:\Programy\Ochrana\Spyware Doctor\swdoctor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
D:\Programy\Opera\Opera.exe
D:\Programy\Winamp\winamp.exe
D:\Programy\Hijack\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\Programy\Ochrana\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\Programy\Ochrana\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Online Add-on\isfmdl.dll (file missing)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\Programy\AVGANT~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "D:\Programy\ICQ\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Programy\Ochrana\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\Programy\AVGANT~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\HP Instant Support DI\bin\matcli.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\Programy\MSOFFI~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\Programy\Ochrana\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\MSOFFI~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {CE40C3F1-3DF5-4461-A521-810923235628} (JOJ_Explorer_Player Control) - http://www.joj.sk/fileadmin/joj_player/ ... Player.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{48DFAA47-F7FD-4527-91B6-4DE08DA8B08D}: NameServer = 64.81.159.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{F34B0661-943A-41A6-8D58-330C357A2943}: NameServer = 64.81.159.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{48DFAA47-F7FD-4527-91B6-4DE08DA8B08D}: NameServer = 64.81.159.2
O20 - Winlogon Notify: !SASWinLogon - D:\Programy\Ochrana\AntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\Programy\AVGANT~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\Programy\AVGANT~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\Programy\AVGANT~1\avgemc.exe
O23 - Service: MS Internet Countermeasures Framework (ICF) - Unknown owner - C:\WINDOWS\System32\svchost.exe:exe.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - D:\Programy\3dsmax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Programy\Ochrana\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programy\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: wampapache - Apache Software Foundation - D:\Programy\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - D:\Programy\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 7102 bytes

BUBINO · Příspěvek od **BUBINO** » pát 9. lis 2007, 23:20

Toto oznacte . Urobte to iste , ako ked ste sem daval log , len tento krat poznamkovy blok odignorujte a zamerajte sa na program HijackThis . Mate okno a v nom hodnoty . U kazdej na lavej strane je okienko ktore u vybranych moznostiach zaskrtnete a nasledne kliknete dole v panely na tlacitko FIX CHCECKED . Tym ich zmazete.

Toto fixnite :
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Online Add-on\isfmdl.dll (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{48DFAA47-F7FD-4527-91B6-4DE08DA8B08D}: NameServer = 64.81.159.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{F34B0661-943A-41A6-8D58-330C357A2943}: NameServer = 64.81.159.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{48DFAA47-F7FD-4527-91B6-4DE08DA8B08D}: NameServer = 64.81.159.2

Start --> spustit --> napiste services.msc a v ponuke sluzieb vyhladajte tuto sluzbu : MS Internet Countermeasures Framework
Poklikajte po nej a oznacte ju na zakazanu . Zakazte ju , alebo vypnite . Restartuje pocitac.

Ked restartujete pocitac , tak si na plochu stiahnite program AVENGER DLE NAVODU : http://www.viry.cz/forum/viewtopic.php?t=19832
Dopracujte sa ku tomu bielemu oknu a do neho napiste cely text v bielom ramceku :

Files to delete:
C:\WINDOWS\System32\svchost.exe:exe.exe

Pokracujte DONE , potvrdte OK , pocitac sa restartuje . Po v stupu do win , vam nabehne log ktory je mimo ineho ulozeny aj v C:\AVENGER.TXT
Ten prekopirujte sem .

Po nom aplikujte Combofix:

Stiahnite si ComboFix
Restartuje pocitac do nudzoveho rezimu.
Behom skenu bude vas pocitac restartovany.
Po restartu vytvori log, uložený v C:/Combofix.txt .
Jeho obsah vlozte sem.

fonseka · Příspěvek od **fonseka** » pát 9. lis 2007, 23:22

je to nejake zlozite nie???o co vlastne ide?preco mi ta plocha nejde?
povedzte aj viacery svoj nazor

BUBINO · Příspěvek od **BUBINO** » pát 9. lis 2007, 23:24

Co je zlozite? Plocha vam nejde preto , pretoze tam mate zbitky po smejdovi . Urobte to , co som vam teraz napisal .

fonseka · Příspěvek od **fonseka** » pát 9. lis 2007, 23:40

no nasiel som jednoduchsie a ucinne riesenie...napisal som do text domkumentu toto : REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=-

ulozil som to ako fix.reg a pridal do registrov..s.etko zu ide v pohode

BUBINO · Příspěvek od **BUBINO** » pát 9. lis 2007, 23:44

MS Internet Countermeasures Framework

Trojan , ktory je aktivny .

fonseka · Příspěvek od **fonseka** » sob 10. lis 2007, 00:14

ok idem na to o chvilu tu dam potrebne veci

fonseka · Příspěvek od **fonseka** » sob 10. lis 2007, 00:21

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rdcukxar

*******************

Script file located at: \??\C:\Documents and Settings\onvnbikw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Could not delete file C:\WINDOWS\System32\svchost.exe:exe.exe
Deletion of file C:\WINDOWS\System32\svchost.exe:exe.exe failed!

Could not process line:
C:\WINDOWS\System32\svchost.exe:exe.exe
Status: 0xc0000033

Completed script processing.

*******************

Finished! Terminate.

fonseka · Příspěvek od **fonseka** » sob 10. lis 2007, 01:21

a tu je vypis z Combofix

ComboFix 07-11-08.1 - prodigy 2007-11-10 1:10:26.2 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\prodigy\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\prodigy\Data aplikací\install.dat
C:\Documents and Settings\Vladimir Malik.MALIK\Data aplikací\install.dat
C:\WINDOWS\system32\3_exception.nls
C:\WINDOWS\system32\away.exe.exe
C:\WINDOWS\system32\dllh8jkd1q1.exe
C:\WINDOWS\system32\dllh8jkd1q2.exe
C:\WINDOWS\system32\dllh8jkd1q5.exe
C:\WINDOWS\system32\dllh8jkd1q6.exe
C:\WINDOWS\system32\dllh8jkd1q7.exe
C:\WINDOWS\system32\dllh8jkd1q8.exe
C:\WINDOWS\system32\dzgtactx.dll
C:\WINDOWS\system32\kernelwind32.exe
C:\WINDOWS\system32\kr_done1
C:\WINDOWS\system32\noskrnl.sys
C:\WINDOWS\system32\vx.tll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ICF
-------\Driver
-------\ICF
-------\nm
-------\runtime

((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 )))))))))))))))))))))))))))))))
.

2007-11-10 00:43 60,416 --a------ C:\WINDOWS\system32\drivers\hiwctslb.sys
2007-11-10 00:43 60,416 --a------ C:\WINDOWS\system32\drivers\evymnecc.sys
2007-11-10 00:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-09 23:56 <DIR> d-------- C:\Temp
2007-11-09 17:03 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-11-09 12:00 1,530 --a------ C:\WINDOWS\system32\hosts32.dat
2007-11-09 12:00 14 --a------ C:\WINDOWS\system32\msguppi.dll
2007-11-06 16:40 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-01 14:21 <DIR> d-------- C:\Program Files\Common Files\ChaosGroup
2007-11-01 13:05 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-11-01 13:01 797,184 --a--c--- C:\WINDOWS\system32\dllcache\d3dim700.dll
2007-11-01 13:01 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2007-11-01 13:01 24,064 --a--c--- C:\WINDOWS\system32\dllcache\ddrawex.dll
2007-11-01 13:01 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2007-10-30 09:51 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-10-28 21:41 <DIR> d-------- C:\www
2007-10-27 15:42 <DIR> d-------- C:\Program Files\DCPFLICS
2007-10-27 14:45 <DIR> d-------- C:\Program Files\Autodesk
2007-10-26 19:41 36,224 --a------ C:\WINDOWS\system32\drivers\an983.sys
2007-10-26 19:41 36,224 --a--c--- C:\WINDOWS\system32\dllcache\an983.sys
2007-10-21 15:51 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-10-20 10:49 <DIR> d--h----- C:\Documents and Settings\Vladimir Malik.MALIK\ćablony
2007-10-20 10:49 <DIR> d-------- C:\Documents and Settings\Vladimir Malik.MALIK\Plocha
2007-10-20 10:49 <DIR> d--h----- C:\Documents and Settings\Vladimir Malik.MALIK\Okolnˇ tisk rny
2007-10-20 10:49 <DIR> d--h----- C:\Documents and Settings\Vladimir Malik.MALIK\Okolnˇ sˇś
2007-10-20 10:49 <DIR> dr------- C:\Documents and Settings\Vladimir Malik.MALIK\Oblˇben‚ polo§ky
2007-10-20 10:49 <DIR> dr------- C:\Documents and Settings\Vladimir Malik.MALIK\Nabˇdka Start
2007-10-20 10:49 <DIR> dr------- C:\Documents and Settings\Vladimir Malik.MALIK\Dokumenty
2007-10-20 10:49 <DIR> dr-h----- C:\Documents and Settings\Vladimir Malik.MALIK\Data aplikacˇ
2007-10-18 15:08 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2007-10-18 15:08 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-10-18 15:08 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2007-10-18 15:08 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2007-10-18 15:08 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2007-10-18 15:08 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2007-10-18 15:08 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-10-18 15:08 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2007-10-18 15:04 <DIR> d-------- C:\Program Files\Video Add-on
2007-10-17 19:47 50,048 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-10-17 13:32 9,488 --a------ C:\WINDOWS\system32\sporder.dll
2007-10-17 13:22 <DIR> d-------- C:\Program Files\Common Files\Panda Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2020-10-21 10:14 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys
2020-10-21 10:09 611,064 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-09 23:43 118 ----a-w C:\Program Files\wtweocsj.txt
2007-11-09 16:25 --------- d-----w C:\Program Files\ICQToolbar
2007-11-09 16:25 --------- d-----w C:\Program Files\HP Travel Idea CD
2007-11-06 17:29 --------- d-----w C:\Program Files\ReadIris
2007-11-01 13:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-01 13:22 --------- d-----w C:\Program Files\Common Files\ChaosGroup
2007-11-01 13:03 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-10-30 08:52 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-15 12:44 --------- d-----w C:\Program Files\Common Files\Macromedia
2007-10-10 15:12 --------- d-----w C:\Program Files\MegauploadToolbar
2007-10-09 08:58 --------- d-----w C:\Program Files\Google
2007-10-06 16:05 --------- d-----w C:\Program Files\TV JOJ Media Player
2007-10-01 17:19 --------- d-----w C:\Program Files\Best of My WaterWorks
2007-10-01 17:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-14 17:26 --------- d-----w C:\Program Files\ROUTE66
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="atiptaxx.exe" []
"AVG7_CC"="D:\Programy\AVGANT~1\avgcc.exe" [2007-10-27 16:07]
"ejnoyihm"="C:\gseiejlf.bat" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 19:05]
"ICQ"="D:\Programy\ICQ\ICQ6\ICQ.exe" [2007-08-08 16:03]
"Spyware Doctor"="D:\Programy\Ochrana\Spyware Doctor\swdoctor.exe" [2006-01-10 18:31]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"=D:\Programy\AVGANT~1\avgw.exe /RUNONCE
"Spyware Doctor"="D:\Programy\Ochrana\Spyware Doctor\swdoctor.exe" /Q

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"NoInstrumentation"=0 (0x0)
"NoSimpleStartMenu"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"NoInstrumentation"=0 (0x0)
"NoStartMenuPinnedList"=0 (0x0)
"ForceStartMenuLogoff"=0 (0x0)
"NoSharedDocuments"=01000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Programy\Ochrana\AntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Programy\Ochrana\AntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 D:\Programy\Ochrana\AntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^prodigy^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
path=C:\Documents and Settings\prodigy\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
"C:\Program Files\ATI Multimedia\main\LaunchPd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"D:\Programy\Deamon Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
D:\Programy\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Antispyware]
C:\DOCUME~1\prodigy\LOCALS~1\Temp\3.tmp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\noskrnl]
C:\WINDOWS\noskrnl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
D:\Programy\Power DVD 5\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Service Pack 1]
C:\WINDOWS\System32\vedxg6ame4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"D:\Programy\SE PC Suite\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
D:\Programy\Ochrana\AntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]
C:\WINDOWS\System32\kernelwind32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemSv12]
C:\WINDOWS\System32\newmaxxsv234.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
C:\Windows\xpupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LightScribeService"=2 (0x2)
"InCDsrv"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"DCPFLICS"=2 (0x2)

R2 Dnscache;Klient DNS;C:\WINDOWS\System32\svchost.exe -k NetworkService
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\System32\DRIVERS\AN983.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\System32\DRIVERS\zebrceb.sys
S3 ATICDSDr;ATICDSDr;\??\C:\DOCUME~1\prodigy\LOCALS~1\Temp\ATICDSDr.sys
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\System32\DRIVERS\k510bus.sys
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\k510mdfl.sys
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\k510mdm.sys
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\k510mgmt.sys
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\k510obex.sys
S3 noskrnl.sys;noskrnl.sys;\??\C:\WINDOWS\System32\noskrnl.sys
S3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\System32\PavSRK.sys
S3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\System32\PavTPK.sys
S3 wampapache;wampapache;"D:\Programy\wamp\apache2\bin\httpd.exe" -k runservice
S3 wampmysqld;wampmysqld;D:\Programy\wamp\mysql\bin\mysqld-nt.exe --defaults-file=D:\Programy\wamp\mysql\my.ini wampmysqld

.
Contents of the 'Scheduled Tasks' folder
"2007-10-31 09:21:15 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1186647607.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-10 01:15:09
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-10 1:18:54
.
--- E O F ---

fonseka · Příspěvek od **fonseka** » sob 10. lis 2007, 01:28

ked som po tomto setkom dal test s programom PREVXCSIFREE.EXE tak mi to vyhodilo ze tam nemam uz ziaden bad file...predtym tam bol ten svchost.exe:exe.exe ci ako sa to vlastne pise

http://csia0.prevx.com/individualcsires ... 6218&Opt=S

fonseka · Příspěvek od **fonseka** » sob 10. lis 2007, 11:59

no uz to vsetko vyzera v ophode tak velka vdaka BUBINO

BUBINO · Příspěvek od **BUBINO** » sob 10. lis 2007, 12:26

Este nic nie je v poriadku . Ma te tam tolko svinstva ze az az . Hned napisem navod

fonseka · Příspěvek od **fonseka** » sob 10. lis 2007, 12:48

ok cakam

este sa chcem spytat ci ja na to setko njaky dobry antivir abo antispyware aby sa mi to viacej nestalo?pouzivam avg free a spyware doctor

BUBINO · Příspěvek od **BUBINO** » sob 10. lis 2007, 13:32

Boze to preto mate taky.Stiahnite si skusobnu verziu NODu , alebo KARSPERKY , nainstalujte , aktualizujte .

Start --> Spustit --> Napiste regedit . Zmacknite Ctrl+F a vyhladajte toto : ejnoyihm
Mala by vam naskocit tato vetva : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Ked to najdete , tak to normalne vymazte DELTE. Oznacte a deletnite.

Stiahnite si nastroj AVENGER na plocuhu tu : http://www.viry.cz/forum/viewtopic.php?t=19832
Podla navodu sa dopracujte ku tomu bielemu oknu a do neho skopirujte cely text v bielom okne tu dole:

Files to delete:
C:\WINDOWS\system32\drivers\hiwctslb.sys
C:\WINDOWS\system32\drivers\evymnecc.sys
C:\WINDOWS\system32\hosts32.dat
C:\WINDOWS\system32\msguppi.dll
C:\WINDOWS\iun6002.exe
C:\Program Files\wtweocsj.txt
C:\WINDOWS\System32\noskrnl.sys
C:\WINDOWS\noskrnl.exe
C:\gseiejlf.bat
C:\WINDOWS\System32\kernelwind32.exe
C:\WINDOWS\System32\newmaxxsv234.exe
C:\Windows\xpupdate.exe

Pokracujte DONE , kliknite na semafor , poklracujte OK a pc sa restartuje.
Po vstupu do systemu vam vyhodi log , ten dajte tu .Mimo ineho je ulozeny aj v C:\AVENGER.TXT

Po tom ako urobite toto , spuste poznamkovy blok cez Start - Programy - Prislusenstvo a zkopirujte do neho cely tento text:

File::
C:\WINDOWS\system32\drivers\hiwctslb.sys
C:\WINDOWS\system32\drivers\evymnecc.sys
C:\WINDOWS\system32\hosts32.dat
C:\WINDOWS\system32\msguppi.dll
C:\WINDOWS\iun6002.exe
C:\Program Files\wtweocsj.txt
C:\WINDOWS\System32\noskrnl.sys
C:\WINDOWS\noskrnl.exe
C:\gseiejlf.bat
C:\WINDOWS\System32\kernelwind32.exe
C:\WINDOWS\System32\newmaxxsv234.exe
C:\Windows\xpupdate.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\noskrnl]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Service Pack 1]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemSv12]

Zvolte moznost Uložit soubor jako, pomenujte subor CFScript.txt a zvolte Uložit jako typ Všechny soubory. Uložte soubor na plochu.
Uchopte myší vytvorený skript CFScript.txt, premiestnite ho nad stažený program ComboFix.exe a ked sa oba subory prekryju, skript upuste.

Obrázek

Automaticky sa spustí ComboFix, vlozte sem log, ktory vybehne v záveru čistiaceho procesu.

Vložte sem log z ComboFixu.

Toto otestujte na virustotal.com :
C:\WINDOWS\System32\PavSRK.sys
C:\WINDOWS\System32\PavTPK.sys
D:\Programy\wamp\apache2\bin\httpd.exe
D:\Programy\wamp\mysql\bin\mysqld-nt.exe

Vysledky dajte sem .

fonseka · Příspěvek od **fonseka** » sob 10. lis 2007, 13:43

ten ejnoyihm mi nenaslo no pokracoval som vnavode...tu je zatial ten log z avengeru

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\wictrkuf

*******************

Script file located at: \??\C:\Documents and Settings\phbefeip.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\hiwctslb.sys deleted successfully.
File C:\WINDOWS\system32\drivers\evymnecc.sys deleted successfully.
File C:\WINDOWS\system32\hosts32.dat deleted successfully.
File C:\WINDOWS\system32\msguppi.dll deleted successfully.
File C:\WINDOWS\iun6002.exe deleted successfully.
File C:\Program Files\wtweocsj.txt deleted successfully.

File C:\WINDOWS\System32\noskrnl.sys not found!
Deletion of file C:\WINDOWS\System32\noskrnl.sys failed!

Could not process line:
C:\WINDOWS\System32\noskrnl.sys
Status: 0xc0000034

File C:\WINDOWS\noskrnl.exe not found!
Deletion of file C:\WINDOWS\noskrnl.exe failed!

Could not process line:
C:\WINDOWS\noskrnl.exe
Status: 0xc0000034

File C:\gseiejlf.bat not found!
Deletion of file C:\gseiejlf.bat failed!

Could not process line:
C:\gseiejlf.bat
Status: 0xc0000034

File C:\WINDOWS\System32\kernelwind32.exe not found!
Deletion of file C:\WINDOWS\System32\kernelwind32.exe failed!

Could not process line:
C:\WINDOWS\System32\kernelwind32.exe
Status: 0xc0000034

File C:\WINDOWS\System32\newmaxxsv234.exe not found!
Deletion of file C:\WINDOWS\System32\newmaxxsv234.exe failed!

Could not process line:
C:\WINDOWS\System32\newmaxxsv234.exe
Status: 0xc0000034

File C:\Windows\xpupdate.exe not found!
Deletion of file C:\Windows\xpupdate.exe failed!

Could not process line:
C:\Windows\xpupdate.exe
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

fonseka · Příspěvek od **fonseka** » sob 10. lis 2007, 14:11

ale ved NOD aj kaspersky su len na 30 dni

tu je log z combofix

ComboFix 07-11-08.1 - prodigy 2007-11-10 14:05:41.4 - NTFSx86
Running from: D:\Programy\Ochrana\ComboFix.exe
Command switches used :: C:\Documents and Settings\prodigy\Plocha\CFScript.txt
* Created a new restore point

FILE
C:\gseiejlf.bat
C:\Program Files\wtweocsj.txt
C:\WINDOWS\iun6002.exe
C:\WINDOWS\noskrnl.exe
C:\WINDOWS\system32\drivers\evymnecc.sys
C:\WINDOWS\system32\drivers\hiwctslb.sys
C:\WINDOWS\system32\hosts32.dat
C:\WINDOWS\System32\kernelwind32.exe
C:\WINDOWS\system32\msguppi.dll
C:\WINDOWS\System32\newmaxxsv234.exe
C:\WINDOWS\System32\noskrnl.sys
C:\Windows\xpupdate.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 )))))))))))))))))))))))))))))))
.

2007-11-10 13:22 <DIR> d-------- C:\Documents and Settings\prodigy\Data aplikací\Comodo
2007-11-10 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Comodo
2007-11-10 00:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-09 23:59 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Prevx
2007-11-09 23:56 <DIR> d-------- C:\Temp
2007-11-09 17:03 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-11-06 16:40 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-05 18:15 <DIR> d-------- C:\Documents and Settings\Vladimir Malik.MALIK\Data aplikací\AdobeUM
2007-11-04 13:07 <DIR> d-------- C:\Documents and Settings\prodigy\Data aplikací\InstallShield
2007-11-01 14:21 <DIR> d-------- C:\Program Files\Common Files\ChaosGroup
2007-11-01 13:05 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-11-01 13:01 797,184 --a--c--- C:\WINDOWS\system32\dllcache\d3dim700.dll
2007-11-01 13:01 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2007-11-01 13:01 24,064 --a--c--- C:\WINDOWS\system32\dllcache\ddrawex.dll
2007-11-01 13:01 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2007-10-30 09:51 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-10-30 09:51 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Adobe Systems
2007-10-28 21:41 <DIR> d-------- C:\www
2007-10-27 15:42 <DIR> d-------- C:\Program Files\DCPFLICS
2007-10-27 14:45 <DIR> d-------- C:\Program Files\Autodesk
2007-10-26 19:41 36,224 --a------ C:\WINDOWS\system32\drivers\an983.sys
2007-10-26 19:41 36,224 --a--c--- C:\WINDOWS\system32\dllcache\an983.sys
2007-10-20 16:10 <DIR> d-------- C:\Documents and Settings\Luk1\Data aplikací\MEGAUPLOADTOOLBAR
2007-10-20 16:10 <DIR> d-------- C:\Documents and Settings\Luk1\Data aplikací\ICQ
2007-10-20 16:09 <DIR> d-------- C:\Documents and Settings\Luk1\Data aplikací\AVG7
2007-10-20 14:04 <DIR> d-------- C:\Documents and Settings\Vladimir Malik.MALIK\Data aplikací\ICQ
2007-10-20 10:52 <DIR> d-------- C:\Documents and Settings\Vladimir Malik.MALIK\Data aplikací\MEGAUPLOADTOOLBAR
2007-10-20 10:50 <DIR> d-------- C:\Documents and Settings\Vladimir Malik.MALIK\Data aplikací\Share-to-Web Upload Folder
2007-10-20 10:50 <DIR> d-------- C:\Documents and Settings\Vladimir Malik.MALIK\Data aplikací\AVG7
2007-10-20 10:49 <DIR> d-------- C:\Documents and Settings\Vladimir Malik.MALIK\Plocha
2007-10-20 10:49 <DIR> d--h----- C:\Documents and Settings\Vladimir Malik.MALIK\Okolní tiskárny
2007-10-20 10:49 <DIR> d--h----- C:\Documents and Settings\Vladimir Malik.MALIK\Okolní síť
2007-10-20 10:49 <DIR> dr------- C:\Documents and Settings\Vladimir Malik.MALIK\Oblíbené položky
2007-10-20 10:49 <DIR> d--h----- C:\Documents and Settings\Vladimir Malik.MALIK\Šablony
2007-10-20 10:49 <DIR> dr------- C:\Documents and Settings\Vladimir Malik.MALIK\Nabídka Start
2007-10-20 10:49 <DIR> dr------- C:\Documents and Settings\Vladimir Malik.MALIK\Dokumenty
2007-10-20 10:49 <DIR> dr-h----- C:\Documents and Settings\Vladimir Malik.MALIK\Data aplikací
2007-10-18 15:08 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-10-18 15:08 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-10-18 15:08 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-10-18 15:08 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-10-18 15:08 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2007-10-18 15:08 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-10-18 15:08 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-10-18 15:08 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-10-18 15:04 <DIR> d-------- C:\Program Files\Video Add-on
2007-10-17 19:51 <DIR> d-------- C:\Documents and Settings\prodigy\Data aplikací\RapidGet
2007-10-17 19:47 50,048 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-10-17 19:46 <DIR> d-------- C:\Documents and Settings\prodigy\Data aplikací\PC Tools
2007-10-17 14:21 <DIR> d-------- C:\Documents and Settings\prodigy\Data aplikací\AVG7
2007-10-17 14:19 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikací\AVG7
2007-10-17 13:32 9,488 --a------ C:\WINDOWS\system32\sporder.dll
2007-10-17 13:25 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Avg7
2007-10-17 13:22 <DIR> d-------- C:\Program Files\Common Files\Panda Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2020-10-21 10:14 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys
2020-10-21 10:09 611,064 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-09 16:25 --------- d-----w C:\Program Files\ICQToolbar
2007-11-09 16:25 --------- d-----w C:\Program Files\HP Travel Idea CD
2007-11-09 10:14 12,800 ----a-w C:\WINDOWS\system32\svchost.exe
2007-11-06 17:29 --------- d-----w C:\Program Files\ReadIris
2007-11-01 13:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-01 13:22 --------- d-----w C:\Program Files\Common Files\ChaosGroup
2007-11-01 13:03 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-10-30 08:52 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-18 14:05 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2007-10-17 13:19 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Grisoft
2007-10-15 12:44 --------- d-----w C:\Program Files\Common Files\Macromedia
2007-10-12 17:18 --------- d-----w C:\Documents and Settings\prodigy\Data aplikací\ICQ
2007-10-11 20:17 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2007-10-10 15:12 --------- d-----w C:\Program Files\MegauploadToolbar
2007-10-09 08:58 --------- d-----w C:\Program Files\Google
2007-10-07 11:27 --------- d-----w C:\Documents and Settings\prodigy\Data aplikací\MegauploadToolbar
2007-10-06 16:05 --------- d-----w C:\Program Files\TV JOJ Media Player
2007-10-03 16:51 --------- d-----w C:\Documents and Settings\prodigy\Data aplikací\vlc
2007-10-01 17:19 --------- d-----w C:\Program Files\Best of My WaterWorks
2007-10-01 17:10 --------- d-----w C:\Documents and Settings\prodigy\Data aplikací\SUPERAntiSpyware.com
2007-10-01 17:10 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2007-10-01 17:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-30 11:38 --------- d-----w C:\Documents and Settings\prodigy\Data aplikací\Sony
2007-09-28 15:57 --------- d-----w C:\Documents and Settings\prodigy\Data aplikací\FlashFXP
2007-09-28 15:54 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Macrovision
2007-09-23 16:19 --------- d-----w C:\Documents and Settings\prodigy\Data aplikací\MSN6
2007-09-20 12:35 3,426,072 ----a-w C:\WINDOWS\system32\d3dx9_32.dll
2007-09-18 13:28 --------- d-----w C:\Documents and Settings\prodigy\Data aplikací\CyberLink
2007-09-15 15:07 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-09-14 17:26 --------- d-----w C:\Program Files\ROUTE66
.

((((((((((((((((((((((((((((( snapshot@2007-11-10_ 1.16.36.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-09 23:33:12 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-10 12:37:25 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-11-09 23:33:12 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-10 12:37:25 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-09 23:35:00 81,920 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-10 12:37:25 81,920 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-10 12:18:04 75,520 ----a-w C:\WINDOWS\system32\drivers\cmdmon.sys
+ 2007-11-10 12:18:04 51,328 ----a-w C:\WINDOWS\system32\drivers\inspect.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="atiptaxx.exe" []
"AVG7_CC"="D:\Programy\AVGANT~1\avgcc.exe" [2007-10-27 16:07]
"COMODO Firewall Pro"="D:\Programy\Ochrana\Comodo\Firewall\CPF.exe" [2007-11-10 13:18]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 19:05]
"ICQ"="D:\Programy\ICQ\ICQ6\ICQ.exe" [2007-08-08 16:03]
"Spyware Doctor"="D:\Programy\Ochrana\Spyware Doctor\swdoctor.exe" [2006-01-10 18:31]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"=D:\Programy\AVGANT~1\avgw.exe /RUNONCE
"Spyware Doctor"="D:\Programy\Ochrana\Spyware Doctor\swdoctor.exe" /Q

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hp instant support.lnk - C:\Program Files\Hewlett-Packard\HP Instant Support DI\bin\matcli.exe [2007-08-09 09:18:53]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-05-29 13:57:06]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-05-29 13:57:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"NoInstrumentation"=0 (0x0)
"NoSimpleStartMenu"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"NoInstrumentation"=0 (0x0)
"NoStartMenuPinnedList"=0 (0x0)
"ForceStartMenuLogoff"=0 (0x0)
"NoSharedDocuments"=01000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Programy\Ochrana\AntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Programy\Ochrana\AntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 D:\Programy\Ochrana\AntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^prodigy^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
path=C:\Documents and Settings\prodigy\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
"C:\Program Files\ATI Multimedia\main\LaunchPd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"D:\Programy\Deamon Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ejnoyihm]
C:\gseiejlf.bat

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
D:\Programy\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Antispyware]
C:\DOCUME~1\prodigy\LOCALS~1\Temp\3.tmp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
D:\Programy\Power DVD 5\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"D:\Programy\SE PC Suite\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
D:\Programy\Ochrana\AntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LightScribeService"=2 (0x2)
"InCDsrv"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"DCPFLICS"=2 (0x2)

R2 Dnscache;Klient DNS;C:\WINDOWS\System32\svchost.exe -k NetworkService
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\System32\DRIVERS\AN983.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\System32\DRIVERS\zebrceb.sys
S3 ATICDSDr;ATICDSDr;\??\C:\DOCUME~1\prodigy\LOCALS~1\Temp\ATICDSDr.sys
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\System32\DRIVERS\k510bus.sys
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\k510mdfl.sys
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\k510mdm.sys
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\k510mgmt.sys
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\k510obex.sys
S3 noskrnl.sys;noskrnl.sys;\??\C:\WINDOWS\System32\noskrnl.sys
S3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\System32\PavSRK.sys
S3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\System32\PavTPK.sys
S3 wampapache;wampapache;"D:\Programy\wamp\apache2\bin\httpd.exe" -k runservice
S3 wampmysqld;wampmysqld;D:\Programy\wamp\mysql\bin\mysqld-nt.exe --defaults-file=D:\Programy\wamp\mysql\my.ini wampmysqld

.
Contents of the 'Scheduled Tasks' folder
"2007-10-31 09:21:15 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1186647607.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-10 14:08:42
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-10 14:09:38
C:\ComboFix2.txt ... 2007-11-10 01:18
.
--- E O F ---

fonseka · Příspěvek od **fonseka** » sob 10. lis 2007, 14:13

a tie PavSRK.sys a PavTPK.sys ani nemam v priecinku system32 a tie ostatne dva mi na stranke vyhodilo ze su v pohode...nic ich neoznacilo ako virus alebo take nieco

fonseka · Příspěvek od **fonseka** » sob 10. lis 2007, 14:49

pridavam tu uz aj novy log z hijacku...mozno pomoze...nevyznam sa v tom velmi ale vyzera ze tam uz neni

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:46:19, on 10.11.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
D:\Programy\AVGANT~1\avgamsvr.exe
D:\Programy\AVGANT~1\avgupsvc.exe
D:\Programy\AVGANT~1\avgemc.exe
D:\Programy\Ochrana\Comodo\Firewall\cmdagent.exe
D:\Programy\3dsmax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\System32\locator.exe
D:\Programy\Ochrana\Spyware Doctor\sdhelp.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\atiptaxx.exe
D:\Programy\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tlntsvr.exe
D:\Programy\AVGANT~1\avgcc.exe
D:\Programy\Ochrana\Comodo\Firewall\CPF.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
D:\Programy\Opera\Opera.exe
D:\Programy\ICQ\ICQ6\ICQ.exe
D:\Programy\Hijack\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\Programy\Ochrana\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\Programy\Ochrana\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\Programy\AVGANT~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Programy\Ochrana\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "D:\Programy\ICQ\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Programy\Ochrana\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\Programy\AVGANT~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\HP Instant Support DI\bin\matcli.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\Programy\MSOFFI~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\Programy\Ochrana\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\MSOFFI~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {CE40C3F1-3DF5-4461-A521-810923235628} (JOJ_Explorer_Player Control) - http://www.joj.sk/fileadmin/joj_player/ ... Player.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Programy\Ochrana\AntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\Programy\AVGANT~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\Programy\AVGANT~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\Programy\AVGANT~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Programy\Ochrana\Comodo\Firewall\cmdagent.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - D:\Programy\3dsmax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Programy\Ochrana\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programy\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: wampapache - Apache Software Foundation - D:\Programy\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - D:\Programy\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 6564 bytes

nejde mi nastavit pozadie na prac ploche

nejde mi nastavit pozadie na prac ploche

Re: nejde mi nastavit pozadie na prac ploche