kamarád říkal že je to docela dost, vím, už jak se dostanu do msconfig, ale nevím, které odebrat a které ne, HELP pls, děkujiii
Windows Vista SP 1 (build 6001)
Boot Mode: Normal
Microsoft files verification: Yes
Whitelist: Yes
Internet Explorer v7.00.6000.16386 (vista_rtm.061101-2205)
Log generated:26.1.2009 21:21:56
================================================================
Running processes
================================================================
C:\WINDOWS\SYSTEM32\NVVSVC.EXE
C:\WINDOWS\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\STWRT.INF_A7E996CD\STACSV.EXE
(rootkit?) audiodg.exe
C:\WINDOWS\SYSTEM32\HPSERVICE.EXE
C:\WINDOWS\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\STWRT.INF_A7E996CD\AESTSRV.EXE
C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\PROGRAM FILES\IDT\WDM\STTRAY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP HEALTH CHECK\HPHC_SERVICE.EXE
C:\PROGRAM FILES\QIP\QIP.EXE
Scanner
================================================================
[?] nvvsvc.exe
Non Microsoft in System32:
No window
[?] stacsv.exe
Non Microsoft in System32:
No window
[S] audiodg.exe
Open Process failed
ROOTKIT? Hidden path
Startup entry HKCU Run [Sidebar]
Can not open
[S] SLsvc.exe
EntryPoint in section: .TEXT
|_ Section count: 5
[S] rundll32.exe
Startup entry HKLM Run [NvCplDaemon]
[?] hpservice.exe
Non Microsoft in System32:
No window
[?] AEstSrv.exe
Non Microsoft in System32:
No window
[?] AppleMobileDeviceService.exe
No window
File 7%
[?] mDNSResponder.exe
No window
File 7%
[R] DpAgent.exe
Startup entry HKLM Run [DpAgent]
[S] explorer.exe
Startup entry HKLM Winlogon [Shell]
[S] rundll32.exe
Startup entry HKLM Run [NvCplDaemon]
[R] SynTPEnh.exe
Startup entry HKLM Run [SynTPEnh]
[R] IAAnotif.exe
Startup entry HKLM Run [IAAnotif]
[R] QLBCTRL.exe
Startup entry HKLM Run [QlbCtrl.exe]
[R] HPKBDAPP.exe
Startup entry HKLM Run [OnScreenDisplay]
[R] hpwuSchd2.exe
Startup entry HKLM Run [HP Software Update]
[R] HPWAMain.exe
Startup entry HKLM Run [hpWirelessAssistant]
[R] jusched.exe
Startup entry HKLM Run [SunJavaUpdateSched]
[R] nod32kui.exe
Startup entry HKLM Run [nod32kui]
[?] sttray.exe
Startup entry HKLM Run [SysTrayApp]
[S] sidebar.exe
Startup entry HKCU Run [Sidebar]
[S] ehtray.exe
Startup entry HKCU Run [ehTray.exe]
[R] BTTray.exe
Startup entry Startup []
[S] sidebar.exe
Startup entry HKCU Run [Sidebar]
[?] HPHC_Service.exe
EntryPoint in section:
|_ Section count: 3
Module faked path: (00E10000) [DLL] ?
No window
File 7%
[?] qip.exe
EntryPoint in section: CODE
|_ Section count: 8
File 63%
[R] realsched.exe
Startup entry HKLM Run [TkBellExe]
Startup
================================================================
HKCU Run
|_ [S][Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
|_ [X][ICQ] C:\Program Files\ICQ6.5\ICQ.exe silent (File not found)
HKLM Run
|_ [R][NvCplDaemon] C:\Windows\system32\NvCpl.dll ,NvStartup
|_ [R][NvMediaCenter] C:\Windows\system32\NvMcTray.dll ,NvTaskbarInit
|_ [R][QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
|_ [R][nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
|_ [?][SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
|_ [?][SMail] C:\Program Files\Seznam\Postak\Postak.exe
|_ [R][TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
HKLM ShellServiceObjectDelayLoad
|_ [X][WebCheck] (File not found)
HKLM IC
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (File not found)
|_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll
Startup
|_ C:\Users\Airhuri\Desktop\Remind.exe (File not found)
|_ [X][Evan's Calendar Reminder.lnk] C:\Users\Airhuri\Desktop\Remind.exe (File not found)
HKLM BHO
|_ [X][{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] (File not found)
|_ [X][{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (File not found)
HKCU IE WebBrowser Toolbar
|_ [X][{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] (File not found)
|_ [X][{32099AAC-C132-4136-9E9A-4E364A424E17}] (File not found)
HKLM IE Toolbar
|_ [X][{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] (File not found)
Services (Display running: True, Display stopped: False, Display safe: False)
================================================================
[?] Andrea ST Filters Service
|_ Path: C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
| |_ Manufacturer: Andrea Electronics Corporation
| |_ Description: Andrea filters APO access service (32-bit)
| |_ MD5: 3B1B2EE9DF189F6BBB080BF393D1B2EE
|
|_ Name: AESTFilters
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Running
|_ Type: Win32 Own Process
|_ Dependency:
[?] Apple Mobile Device
|_ Path: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
| |_ Manufacturer: Apple, Inc.
| |_ Description: Apple Mobile Device Service
| |_ MD5: 1961CB10BB48EB4D97E37DB6373E9E63
|
|_ Name: Apple Mobile Device
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Running
|_ Type: Win32 Own Process
|_ Dependency: Tcpip
[?] Bonjour Service
|_ Path: C:\Program Files\Bonjour\mDNSResponder.exe
| |_ Manufacturer: Apple Inc.
| |_ Description: Bonjour Service
| |_ MD5: CFD4C3352E29A8B729536648466E8DF5
|
|_ Name: Bonjour Service
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Running
|_ Type: Win32 Own Process
|_ Dependency: Tcpip
[?] HP Health Check Service
|_ Path: c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
| |_ Manufacturer: Hewlett-Packard
| |_ Description: HP Health Check Service
| |_ MD5: 89F9E1984C1CD9E5F4FE39642D886E11
|
|_ Name: HP Health Check Service
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Running
|_ Type: Win32 Own Process
|_ Dependency:
[?] HP Service
|_ Path: C:\Windows\system32\Hpservice.exe
| |_ Manufacturer: Hewlett-Packard Corporation
| |_ Description: HpService
| |_ MD5: 6D0AC28C5BD8D8495F83F5929A45E559
|
|_ Name: hpsrv
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Running
|_ Type: Win32 Own Process
|_ Dependency:
[?] NVIDIA Display Driver Service
|_ Path: C:\Windows\system32\nvvsvc.exe
| |_ Manufacturer: NVIDIA Corporation
| |_ Description: NVIDIA Driver Helper Service, Version 175.86
| |_ MD5: CC0AA0355DED3D34B7D975B6815CF30A
|
|_ Name: nvsvc
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Running
|_ Type: Win32 Own Process
|_ Dependency: nvlddmkm
[?] Audio Service
|_ Path: C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
| |_ Manufacturer: IDT, Inc.
| |_ Description: IDT PC Audio
| |_ MD5: EC9C5F6C0F58446545D839BC11A3692B
|
|_ Name: STacSV
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Running
|_ Type: Win32 Own Process
|_ Dependency:
Drivers (Display running: True, Display stopped: False, Display safe: False)
================================================================
[?] HP DVB-T TV Tuner
|_ Path: C:\Windows\System32\Drivers\AVerAF15.sys
| |_ Manufacturer: AVerMedia TECHNOLOGIES, Inc.
| |_ Description: AVerAF15 Driver
| |_ MD5: 69A7CE53FFA89E0116FAF5369384BBE5
|
|_ Name: AVerAF15
|_ StartName:
|_ Startup type: Manual startup
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:
[?] ENE CIR Receiver
|_ Path: C:\Windows\system32\DRIVERS\enecir.sys
| |_ Manufacturer: ENE TECHNOLOGY INC.
| |_ Description: ENE CIR Driver for eHome
| |_ MD5: 4CD6B056C5FD9E97C06FE74C81479517
|
|_ Name: enecir
|_ StartName:
|_ Startup type: Manual startup
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:
[?] HpqKbFilter Driver
|_ Path: C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
| |_ Manufacturer: Hewlett-Packard Development Company, L.P.
| |_ Description: HpqKbFiltr Keyboard Filter Driver
| |_ MD5: 35956140E686D53BF676CF0C778880FC
|
|_ Name: HpqKbFiltr
|_ StartName:
|_ Startup type: Manual startup
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:
[?] JMCR
|_ Path: C:\Windows\system32\DRIVERS\jmcr.sys
| |_ Manufacturer: JMicron Technology Corp.
| |_ Description: JMicron JMB38X Memory Card Reader Driver
| |_ MD5: 858C550EBBD243826A2193262C1B54A3
|
|_ Name: JMCR
|_ StartName:
|_ Startup type: Manual startup
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:
[?] nvlddmkm
|_ Path: C:\Windows\system32\DRIVERS\nvlddmkm.sys
| |_ Manufacturer: NVIDIA Corporation
| |_ Description: NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 175.86
| |_ MD5: CEF89AD9AAABF89C9C36C65ADC62F1ED
|
|_ Name: nvlddmkm
|_ StartName:
|_ Startup type: Manual startup
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:
[?] Realtek 8169 NT Driver
|_ Path: C:\Windows\system32\DRIVERS\Rtlh86.sys
| |_ Manufacturer: Realtek Corporation
| |_ Description: Realtek 8101E/8168/8169 NDIS6 32-bit Driver
| |_ MD5: 7157E70A90CCE49DEB8885D23A073A39
|
|_ Name: RTL8169
|_ StartName:
|_ Startup type: Manual startup
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:
[?] sptd
|_ Path: C:\Windows\System32\Drivers\sptd.sys
| |_ Manufacturer:
| |_ Description:
| |_ MD5:
|
|_ Name: sptd
|_ StartName:
|_ Startup type: Boot Start
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:
[?] IDT High Definition Audio CODEC
|_ Path: C:\Windows\system32\DRIVERS\stwrt.sys
| |_ Manufacturer: IDT, Inc.
| |_ Description: IDT PC Audio
| |_ MD5: 21CC262AB5F42F7A6B91DC7304C2F267
|
|_ Name: STHDA
|_ StartName:
|_ Startup type: Manual startup
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:
Modules (Display safe: False, Only without manufacturer: True, Display registered: False)
================================================================
[?] mdnsnsp.dll
|_ Path: C:\Program Files\Bonjour\mdnsNSP.dll
|_ MD5: EDDEC321B128328BC370A5447F7F8D69
|_ Manufacturer: Apple Inc.
|_ Processes
|_ svchost.exe (1128)
|_ svchost.exe (1492)
|_ svchost.exe (1712)
|_ spoolsv.exe (1968)
|_ nod32krn.exe (2272)
|_ jusched.exe (3676)
|_ sidebar.exe (2292)
|_ sidebar.exe (4120)
|_ qip.exe (1516)
|_ firefox.exe (484)
|_ UPM.exe (1448)
[?] dphmatch.dll
|_ Path: C:\Windows\System32\dpHMatch.dll
|_ MD5: 10CB62BADA9A5FC60036D0F62ACBEE0D
|_ Manufacturer: DigitalPersona, Inc.
|_ Processes
|_ DpHostW.exe (2020)
[?] dphftrex.dll
|_ Path: C:\Windows\System32\dpHFtrEx.dll
|_ MD5: D33752F6180270B48AAEC140A79AA95B
|_ Manufacturer: DigitalPersona, Inc.
|_ Processes
|_ DpHostW.exe (2020)
[?] pluginraid_csy.dll
|_ Path: C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID_CSY.dll
|_ MD5: 41F4D0A510B0C4AED1D679C1F3D9048A
|_ Manufacturer: Intel Corporation
|_ Processes
|_ IAANTmon.exe (2076)
[?] isdi.dll
|_ Path: C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll
|_ MD5: 974EE55B9A17D606A783ADD021AA65AD
|_ Manufacturer: Intel Corporation
|_ Processes
|_ IAANTmon.exe (2076)
|_ IAAnotif.exe (3332)
[?] nod32krr.dll
|_ Path: C:\Program Files\ESET\nod32krr.dll
|_ MD5: EE05D8FB21CDC4F0939B75BFC3F1B3B9
|_ Manufacturer: Eset
|_ Processes
|_ nod32krn.exe (2272)
[?] pr_upd.dll
|_ Path: C:\Program Files\ESET\pr_upd.dll
|_ MD5: CED01516B7F726874595CAA8F16E0E0A
|_ Manufacturer:
|_ Processes
|_ nod32krn.exe (2272)
|_ nod32kui.exe (3416)
[?] pr_amon.dll
|_ Path: C:\Program Files\ESET\pr_amon.dll
|_ MD5: DD2EA02F095981652DF66D2AF9A69094
|_ Manufacturer: Eset
|_ Processes
|_ nod32krn.exe (2272)
|_ nod32kui.exe (3416)
[?] pr_nod32.dll
|_ Path: C:\Program Files\ESET\pr_nod32.dll
|_ MD5: CD0D69080FD066D56E3FF328319131AC
|_ Manufacturer: Eset
|_ Processes
|_ nod32krn.exe (2272)
|_ nod32kui.exe (3416)
[?] pr_imon.dll
|_ Path: C:\Program Files\ESET\pr_imon.dll
|_ MD5: E367058BB58A44B817A1C26A98A472C8
|_ Manufacturer:
|_ Processes
|_ nod32krn.exe (2272)
|_ nod32kui.exe (3416)
[?] pr_dmon.dll
|_ Path: C:\Program Files\ESET\pr_dmon.dll
|_ MD5: E440C26F795C58BD53A9DAF9C89249D6
|_ Manufacturer:
|_ Processes
|_ nod32krn.exe (2272)
|_ nod32kui.exe (3416)
[?] pr_emon.dll
|_ Path: C:\Program Files\ESET\pr_emon.dll
|_ MD5: F17588F8BDB8EDA20257598847144A36
|_ Manufacturer:
|_ Processes
|_ nod32krn.exe (2272)
|_ nod32kui.exe (3416)
[?] ststring.dll
|_ Path: C:\Windows\SMINST\STString.dll
|_ MD5: A80F29D1DB2321C937D65DCA0EE4E032
|_ Manufacturer: ?
|_ Processes
|_ BLService.exe (2388)
[?] stvdsdisks.dll
|_ Path: C:\Windows\SMINST\STVdsDisks.dll
|_ MD5: 487611EF7C7D4D31BFE18B890F4DFF85
|_ Manufacturer: SoftThinks
|_ Processes
|_ BLService.exe (2388)
[?] stsystems.dll
|_ Path: C:\Windows\SMINST\STSystems.dll
|_ MD5: E98444D0CB6459A750FB594B31194F7C
|_ Manufacturer: SoftThinks
|_ Processes
|_ BLService.exe (2388)
[?] stwmim.dll
|_ Path: C:\Windows\SMINST\STWmiM.dll
|_ MD5: F2DC53CF413BF5AE7491C4D2A188D022
|_ Manufacturer: ?
|_ Processes
|_ BLService.exe (2388)
[?] stdisks.dll
|_ Path: C:\Windows\SMINST\STDisks.dll
|_ MD5: 443AC12BCAC09A14DD5D665A2278565F
|_ Manufacturer: SoftThinks
|_ Processes
|_ BLService.exe (2388)
[?] btmmhook.dll
|_ Path: C:\Windows\System32\BtMmHook.dll
|_ MD5: 1ED5D5FE6A0020A3E7598B4FFE6CEED3
|_ Manufacturer: Broadcom Corporation.
|_ Processes
|_ dwm.exe (4016)
|_ explorer.exe (4080)
|_ MSASCui.exe (2680)
|_ nod32kui.exe (3416)
|_ sidebar.exe (2292)
|_ BTTray.exe (3908)
|_ qip.exe (1516)
|_ msconfig.exe (2580)
|_ taskmgr.exe (4528)
|_ firefox.exe (484)
|_ UPM.exe (1448)
[?] btkeyind.dll
|_ Path: C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
|_ MD5: 1D4F1A6573E7F76288DEEA041DF290AC
|_ Manufacturer:
|_ Processes
|_ explorer.exe (4080)
|_ sidebar.exe (2292)
|_ BTTray.exe (3908)
|_ qip.exe (1516)
|_ msconfig.exe (2580)
|_ taskmgr.exe (4528)
|_ firefox.exe (484)
[?] btncopy.dll
|_ Path: C:\Windows\System32\BTNCopy.dll
|_ MD5: 8A14B45CF9B32C5906A28BBE2CFFEE09
|_ Manufacturer: Broadcom Corporation.
|_ Processes
|_ explorer.exe (4080)
[?] nod32rui.dll
|_ Path: C:\Program Files\ESET\nod32rui.dll
|_ MD5: 4655C9716D8781609CAAA1C0473A69D8
|_ Manufacturer:
|_ Processes
|_ nod32kui.exe (3416)
[?] btwhidcs.dll
|_ Path: C:\Windows\System32\btwhidcs.dll
|_ MD5: 0B5EAF33A4259DD984D031473F4D7828
|_ Manufacturer: Broadcom Corporation.
|_ Processes
|_ BTTray.exe (3908)
[?] btballoon.dll
|_ Path: C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll
|_ MD5: BD757AB0C952B7D7F7DB1C276DF7FFDC
|_ Manufacturer: Broadcom Corporation.
|_ Processes
|_ BTTray.exe (3908)
[?] btrez.dll
|_ Path: C:\Windows\System32\btrez.dll
|_ MD5: E9FEEFF6406FA439D479268FEC8689D2
|_ Manufacturer: Broadcom Corporation.
|_ Processes
|_ BTTray.exe (3908)
[?] btwapi.dll
|_ Path: C:\Windows\System32\btwapi.dll
|_ MD5: 15369197D84824FC3B1E4DAE5FFF3A32
|_ Manufacturer: Broadcom Corporation.
|_ Processes
|_ BTTray.exe (3908)
[?] btosif_olx.dll
|_ Path: C:\Windows\System32\btosif_olx.dll
|_ MD5: BD0118AF95311F78F5A53F3842B5ED7C
|_ Manufacturer: Broadcom Corporation.
|_ Processes
|_ BTStackServer.exe (4496)
[?] btosif_ol.dll
|_ Path: C:\Windows\System32\btosif_ol.dll
|_ MD5: 82247E1B7CC9951112AA24506C6D148B
|_ Manufacturer: Broadcom Corporation.
|_ Processes
|_ BTStackServer.exe (4496)
[?] btosif_notes.dll
|_ Path: C:\Windows\System32\btosif_notes.dll
|_ MD5: 0BC3E8453EAFD66EA69D73CA709C66AD
|_ Manufacturer: Broadcom Corporation.
|_ Processes
|_ BTStackServer.exe (4496)
[?] btosif.dll
|_ Path: C:\Windows\System32\btosif.dll
|_ MD5: C7BBD9C1CDC5C7963CDE61F8B003946F
|_ Manufacturer: Broadcom Corporation.
|_ Processes
|_ BTStackServer.exe (4496)
[?] hp.activesupportlibrary.dll
|_ Path: C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
|_ MD5: 8AD53763BB3A4091D7731DE368BCB575
|_ Manufacturer: Hewlett-Packard
|_ Processes
|_ HPHC_Service.exe (4516)
[?] nprpbrowserrecordplugin.dll
|_ Path: C:\Program Files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
|_ MD5: 5F34DAE61C4204DCD1BD0C5F26975C89
|_ Manufacturer: RealPlayer
|_ Processes
|_ firefox.exe (484)
[?] softokn3.dll
|_ Path: C:\Program Files\Mozilla Firefox\softokn3.dll
|_ MD5: 55BE34EAFF39D13A208E1A568AC6EB91
|_ Manufacturer: Mozilla Foundation
|_ Processes
|_ firefox.exe (484)
[?] freebl3.dll
|_ Path: C:\Program Files\Mozilla Firefox\freebl3.dll
|_ MD5: 9462B45B574C6B09D7E6375D358E8411
|_ Manufacturer: Mozilla Foundation
|_ Processes
|_ firefox.exe (484)
================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ] - Not Registered =(
) programů, navíc notebooky od HP mají předinstalováno kupu softu, který toho má kupu na pozadí, všechno je v normálu. Moc toho k vypnutí není, obvykle to jsou podpůrné softwary pro BT, Wifi, vypínání/zapínání částí notebooku apod.
