Prosím o kontrolu logu HJT

miruska27 · Příspěvekod **miruska27** » 12 dub 2010 08:16

Hezké ráno. Prosím o kontrolu logu. Byl jsem teď 3 dny pryč a po zapnutí PC mi normálně naběhne úvodní obrazovka,ale nejde na nic kliknout,ani nejde zprávce spouštění,ani restart a vypnutí PC. Jedině podržením zapínacího tlačítka. Scan z MBAM je čistý... Pozná někdo něco??

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:39, on 12.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://tn.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mirek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SecureDoc.lnk = C:\Program Files\MSI\SecureDoc\Logon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8174778140
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8770 bytes

Reklama

Příspěvekod **jaro3** » 12 dub 2010 12:18

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vypni rez. ochranu u NOD32.

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

miruska27 · Příspěvekod **miruska27** » 12 dub 2010 12:47

Díky MOOOC Jaro... První dvě části provedeny, CF je z nouzového režimu...

ComboFix 10-04-11.03 - Mirek 12.04.2010 12:36:40.4.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1677 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mirek\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-12 do 2010-04-12 )))))))))))))))))))))))))))))))
.

2010-04-11 22:14 . 2010-04-11 22:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-11 22:13 . 2010-04-11 22:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-08 08:00 . 2010-04-08 08:01 -------- d-----w- c:\windows\system32\NtmsData
2010-04-07 21:19 . 2010-04-07 21:19 -------- d-----w- c:\program files\Glary Utilities
2010-04-07 15:33 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-04-07 15:33 . 2010-04-07 15:33 -------- d-----w- c:\program files\PC Connectivity Solution
2010-04-07 15:32 . 2009-12-30 09:25 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2010-04-07 15:32 . 2009-12-30 09:25 137344 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2010-04-07 15:32 . 2009-12-30 09:30 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-04-07 15:32 . 2009-12-30 09:30 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-04-07 15:32 . 2009-12-30 09:30 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-04-07 15:32 . 2010-01-21 12:53 18048 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-04-07 15:32 . 2009-12-30 09:30 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-04-07 15:32 . 2009-10-06 09:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-04-04 16:48 . 2010-04-04 16:48 -------- d-----w- c:\windows\PixArt
2010-04-04 16:47 . 2007-06-14 13:29 457856 ----a-w- c:\windows\system32\drivers\PAC7302.SYS
2010-04-04 16:47 . 2006-11-20 07:04 6656 ----a-w- c:\windows\system32\CoInst.dll
2010-04-04 06:32 . 2010-04-04 06:34 -------- d-----w- c:\program files\Google
2010-04-02 18:56 . 2010-04-02 18:56 -------- d-----w- c:\program files\Common Files\Java
2010-04-02 18:55 . 2010-04-02 18:55 -------- d-----w- c:\program files\Java
2010-03-24 19:53 . 2010-03-24 19:53 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-24 19:51 . 2010-03-24 19:53 -------- d-----w- c:\program files\DivX
2010-03-21 17:58 . 2010-04-11 20:18 -------- d-----w- c:\documents and settings\Mirek\.dvdcss
2010-03-21 17:42 . 2010-03-21 17:42 -------- d-----w- c:\program files\DVD Audio Extractor
2010-03-18 21:31 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-03-18 21:31 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-03-18 21:31 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-03-18 21:31 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2010-03-18 21:31 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2010-03-18 21:31 . 2010-03-10 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-18 21:31 . 2010-03-18 21:32 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-14 15:13 . 2010-03-14 15:13 -------- d-----w- c:\program files\IObit
2010-03-14 15:03 . 2010-03-14 15:03 -------- d-----w- c:\program files\CleanMyPC
2010-03-14 11:02 . 2010-03-14 11:02 -------- d-----r- c:\program files\Skype
2010-03-14 07:15 . 2010-04-04 07:20 -------- d-----w- c:\program files\Common Files\Scanner
2010-03-14 07:15 . 2002-02-21 17:56 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-03-14 07:15 . 2010-04-04 07:20 -------- d-----w- c:\program files\Yahoo!
2010-03-14 07:04 . 2010-03-14 15:28 -------- d-----w- c:\program files\Common Files\LogiShared

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 20:45 . 2001-10-25 14:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2010-04-11 20:45 . 2001-10-25 14:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2010-04-11 20:39 . 2010-01-14 19:04 -------- d-----w- c:\program files\Common Files\Nokia
2010-04-11 20:39 . 2010-01-12 08:32 -------- d-----w- c:\program files\Nokia
2010-04-04 16:47 . 2010-01-12 08:07 -------- d-----w- c:\program files\Logitech
2010-04-04 16:47 . 2010-01-11 20:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-02 18:55 . 2010-01-11 21:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-01 19:25 . 2010-02-07 23:41 -------- d-----w- c:\program files\ICQ7.0
2010-03-29 22:01 . 2010-01-12 21:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 20:42 . 2010-01-11 22:39 -------- d-----w- c:\program files\CCleaner
2010-03-29 13:24 . 2010-01-12 21:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 13:24 . 2010-01-12 21:36 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-15 22:28 . 2010-01-12 00:41 -------- d-----w- c:\program files\DVDFab 6
2010-03-14 06:58 . 2010-01-12 08:07 -------- d-----w- c:\program files\Common Files\Logitech
2010-03-10 07:08 . 2010-03-10 07:08 -------- d-----w- c:\program files\Auslogics
2010-03-06 06:22 . 2010-03-06 06:22 48836 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-27 16:03 . 2010-02-27 15:03 -------- d-----w- c:\program files\TomTom International B.V
2010-02-25 06:18 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-21 19:29 . 2010-01-11 21:08 -------- d-----w- c:\program files\ESET
2010-02-18 04:28 . 2010-02-11 12:19 -------- d-----w- c:\program files\CDex_170b2
2010-02-17 08:49 . 2010-02-17 08:49 -------- d-----w- c:\program files\WIDCOMM
2010-02-14 18:37 . 2010-02-14 18:37 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-12 11:05 . 2010-02-12 11:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-02-12 10:03 . 2010-03-06 05:55 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 06:57 . 2010-02-12 06:57 -------- d-----w- c:\program files\Trend Micro
2010-02-11 22:43 . 2010-02-11 22:43 -------- d-----w- c:\program files\CDex
2010-02-10 17:13 . 2010-02-09 10:34 165376 ----a-w- c:\windows\system32\unrar.dll
2010-01-22 13:09 . 2010-01-22 13:09 230432 ----a-w- C:\PA7302.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2010-01-12 26624]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"Google Update"="c:\documents and settings\Mirek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-03-03 135664]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-11 16342528]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Mirek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-6-7 553021]
SecureDoc.lnk - c:\program files\MSI\SecureDoc\Logon.exe [2010-1-12 82944]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 12:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18.8.2008 14:27 35168]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 10:25 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2010 10:15 66632]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [18.8.2008 14:25 472280]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4.4.2010 8:32 136176]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12.1.2010 23:36 303952]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12.1.2010 23:36 20824]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [7.4.2010 17:32 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [7.4.2010 17:32 8320]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 14:20 12648]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2010 10:15 12872]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-12 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-04-07 11:03]

2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 06:32]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 06:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-12 12:39
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(496)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Celkový čas: 2010-04-12 12:40:16
ComboFix-quarantined-files.txt 2010-04-12 10:40

Před spuštěním: Volných bajtů: 65 833 922 560
Po spuštění: Volných bajtů: 65 804 705 792

- - End Of File - - B3626DC1BB90C40E68497A0C9B155C93

Příspěvekod **jaro3** » 12 dub 2010 18:32

Stáhni si TDSSKiller

Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.
////////////////////////////////////////////////////////////////
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\mlfcache.dat
c:\windows\system32\ezsidmv.dat
c:\windows\Tasks\GlaryInitialize.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
KillAll::

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
//////////////////////////////////////////////////////////////////////
Stahni si SREng -- System Repair Engineer

- rozbal na plochu a spust ho
- zvol "zvol Smart Scan", nech nastaveni tak jak je
- zvol "Verify the digital signature of process modules"
- klik na "Scan"
- klik na Save Reports, uloz log na plochu a cely obsah logu zkopirujt sem
- rozbal na plochu a spust ho
+
- Spusť ho a zvol možnost System Repair
- Na první záložce File Associations pokud bude zatrhnutý/vybraný některý čtvereček z výpisu, tak klikni dole na tlačítko Repair

miruska27 · Příspěvekod **miruska27** » 12 dub 2010 21:56

Přiládám všechny logy a díky......

21:34:44:859 0196 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
21:34:44:859 0196 ================================================================================
21:34:44:859 0196 SystemInfo:

21:34:44:859 0196 OS Version: 5.1.2600 ServicePack: 3.0
21:34:44:859 0196 Product type: Workstation
21:34:44:859 0196 ComputerName: ELIŠKA
21:34:44:859 0196 UserName: Mirek
21:34:44:859 0196 Windows directory: C:\WINDOWS
21:34:44:859 0196 Processor architecture: Intel x86
21:34:44:859 0196 Number of processors: 2
21:34:44:859 0196 Page size: 0x1000
21:34:44:859 0196 Boot type: Safe boot with network
21:34:44:859 0196 ================================================================================
21:34:44:859 0196 UnloadDriverW: NtUnloadDriver error 2
21:34:44:859 0196 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
21:34:44:875 0196 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
21:34:44:875 0196 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:34:44:875 0196 wfopen_ex: Trying to KLMD file open
21:34:44:875 0196 wfopen_ex: File opened ok (Flags 2)
21:34:44:875 0196 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
21:34:44:875 0196 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:34:44:875 0196 wfopen_ex: Trying to KLMD file open
21:34:44:875 0196 wfopen_ex: File opened ok (Flags 2)
21:34:44:875 0196 Initialize success
21:34:44:875 0196
21:34:44:890 0196 Scanning Services ...
21:34:45:359 0196 Raw services enum returned 363 services
21:34:45:375 0196
21:34:45:375 0196 Scanning Kernel memory ...
21:34:45:375 0196 Devices to scan: 20
21:34:45:375 0196
21:34:45:375 0196 Driver Name: Disk
21:34:45:375 0196 IRP_MJ_CREATE : F763DBB0
21:34:45:375 0196 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
21:34:45:375 0196 IRP_MJ_CLOSE : F763DBB0
21:34:45:375 0196 IRP_MJ_READ : F7637D1F
21:34:45:375 0196 IRP_MJ_WRITE : F7637D1F
21:34:45:375 0196 IRP_MJ_QUERY_INFORMATION : 804F9759
21:34:45:375 0196 IRP_MJ_SET_INFORMATION : 804F9759
21:34:45:375 0196 IRP_MJ_QUERY_EA : 804F9759
21:34:45:375 0196 IRP_MJ_SET_EA : 804F9759
21:34:45:375 0196 IRP_MJ_FLUSH_BUFFERS : F76382E2
21:34:45:375 0196 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
21:34:45:375 0196 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
21:34:45:375 0196 IRP_MJ_DIRECTORY_CONTROL : 804F9759
21:34:45:375 0196 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
21:34:45:375 0196 IRP_MJ_DEVICE_CONTROL : F76383BB
21:34:45:375 0196 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BF28
21:34:45:375 0196 IRP_MJ_SHUTDOWN : F76382E2
21:34:45:375 0196 IRP_MJ_LOCK_CONTROL : 804F9759
21:34:45:375 0196 IRP_MJ_CLEANUP : 804F9759
21:34:45:375 0196 IRP_MJ_CREATE_MAILSLOT : 804F9759
21:34:45:375 0196 IRP_MJ_QUERY_SECURITY : 804F9759
21:34:45:375 0196 IRP_MJ_SET_SECURITY : 804F9759
21:34:45:375 0196 IRP_MJ_POWER : F7639C82
21:34:45:375 0196 IRP_MJ_SYSTEM_CONTROL : F763E99E
21:34:45:375 0196 IRP_MJ_DEVICE_CHANGE : 804F9759
21:34:45:375 0196 IRP_MJ_QUERY_QUOTA : 804F9759
21:34:45:375 0196 IRP_MJ_SET_QUOTA : 804F9759
21:34:45:390 0196 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:34:45:390 0196
21:34:45:390 0196 Driver Name: Disk
21:34:45:390 0196 IRP_MJ_CREATE : F763DBB0
21:34:45:390 0196 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
21:34:45:390 0196 IRP_MJ_CLOSE : F763DBB0
21:34:45:390 0196 IRP_MJ_READ : F7637D1F
21:34:45:390 0196 IRP_MJ_WRITE : F7637D1F
21:34:45:390 0196 IRP_MJ_QUERY_INFORMATION : 804F9759
21:34:45:390 0196 IRP_MJ_SET_INFORMATION : 804F9759
21:34:45:390 0196 IRP_MJ_QUERY_EA : 804F9759
21:34:45:390 0196 IRP_MJ_SET_EA : 804F9759
21:34:45:390 0196 IRP_MJ_FLUSH_BUFFERS : F76382E2
21:34:45:390 0196 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
21:34:45:390 0196 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
21:34:45:390 0196 IRP_MJ_DIRECTORY_CONTROL : 804F9759
21:34:45:390 0196 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
21:34:45:390 0196 IRP_MJ_DEVICE_CONTROL : F76383BB
21:34:45:390 0196 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BF28
21:34:45:390 0196 IRP_MJ_SHUTDOWN : F76382E2
21:34:45:390 0196 IRP_MJ_LOCK_CONTROL : 804F9759
21:34:45:390 0196 IRP_MJ_CLEANUP : 804F9759
21:34:45:390 0196 IRP_MJ_CREATE_MAILSLOT : 804F9759
21:34:45:390 0196 IRP_MJ_QUERY_SECURITY : 804F9759
21:34:45:390 0196 IRP_MJ_SET_SECURITY : 804F9759
21:34:45:390 0196 IRP_MJ_POWER : F7639C82
21:34:45:390 0196 IRP_MJ_SYSTEM_CONTROL : F763E99E
21:34:45:390 0196 IRP_MJ_DEVICE_CHANGE : 804F9759
21:34:45:390 0196 IRP_MJ_QUERY_QUOTA : 804F9759
21:34:45:390 0196 IRP_MJ_SET_QUOTA : 804F9759
21:34:45:390 0196 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:34:45:390 0196
21:34:45:390 0196 Driver Name: Disk
21:34:45:390 0196 IRP_MJ_CREATE : F763DBB0
21:34:45:390 0196 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
21:34:45:390 0196 IRP_MJ_CLOSE : F763DBB0
21:34:45:390 0196 IRP_MJ_READ : F7637D1F
21:34:45:390 0196 IRP_MJ_WRITE : F7637D1F
21:34:45:390 0196 IRP_MJ_QUERY_INFORMATION : 804F9759
21:34:45:390 0196 IRP_MJ_SET_INFORMATION : 804F9759
21:34:45:390 0196 IRP_MJ_QUERY_EA : 804F9759
21:34:45:390 0196 IRP_MJ_SET_EA : 804F9759
21:34:45:390 0196 IRP_MJ_FLUSH_BUFFERS : F76382E2
21:34:45:390 0196 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
21:34:45:390 0196 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
21:34:45:390 0196 IRP_MJ_DIRECTORY_CONTROL : 804F9759
21:34:45:390 0196 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
21:34:45:390 0196 IRP_MJ_DEVICE_CONTROL : F76383BB
21:34:45:390 0196 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BF28
21:34:45:390 0196 IRP_MJ_SHUTDOWN : F76382E2
21:34:45:390 0196 IRP_MJ_LOCK_CONTROL : 804F9759
21:34:45:390 0196 IRP_MJ_CLEANUP : 804F9759
21:34:45:390 0196 IRP_MJ_CREATE_MAILSLOT : 804F9759
21:34:45:390 0196 IRP_MJ_QUERY_SECURITY : 804F9759
21:34:45:390 0196 IRP_MJ_SET_SECURITY : 804F9759
21:34:45:390 0196 IRP_MJ_POWER : F7639C82
21:34:45:390 0196 IRP_MJ_SYSTEM_CONTROL : F763E99E
21:34:45:390 0196 IRP_MJ_DEVICE_CHANGE : 804F9759
21:34:45:390 0196 IRP_MJ_QUERY_QUOTA : 804F9759
21:34:45:390 0196 IRP_MJ_SET_QUOTA : 804F9759
21:34:45:390 0196 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:34:45:390 0196
21:34:45:390 0196 Driver Name: Disk
21:34:45:390 0196 IRP_MJ_CREATE : F763DBB0
21:34:45:390 0196 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
21:34:45:390 0196 IRP_MJ_CLOSE : F763DBB0
21:34:45:390 0196 IRP_MJ_READ : F7637D1F
21:34:45:390 0196 IRP_MJ_WRITE : F7637D1F
21:34:45:390 0196 IRP_MJ_QUERY_INFORMATION : 804F9759
21:34:45:390 0196 IRP_MJ_SET_INFORMATION : 804F9759
21:34:45:390 0196 IRP_MJ_QUERY_EA : 804F9759
21:34:45:390 0196 IRP_MJ_SET_EA : 804F9759
21:34:45:390 0196 IRP_MJ_FLUSH_BUFFERS : F76382E2
21:34:45:390 0196 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
21:34:45:390 0196 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
21:34:45:390 0196 IRP_MJ_DIRECTORY_CONTROL : 804F9759
21:34:45:390 0196 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
21:34:45:390 0196 IRP_MJ_DEVICE_CONTROL : F76383BB
21:34:45:390 0196 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BF28
21:34:45:390 0196 IRP_MJ_SHUTDOWN : F76382E2
21:34:45:390 0196 IRP_MJ_LOCK_CONTROL : 804F9759
21:34:45:390 0196 IRP_MJ_CLEANUP : 804F9759
21:34:45:390 0196 IRP_MJ_CREATE_MAILSLOT : 804F9759
21:34:45:390 0196 IRP_MJ_QUERY_SECURITY : 804F9759
21:34:45:390 0196 IRP_MJ_SET_SECURITY : 804F9759
21:34:45:390 0196 IRP_MJ_POWER : F7639C82
21:34:45:390 0196 IRP_MJ_SYSTEM_CONTROL : F763E99E
21:34:45:390 0196 IRP_MJ_DEVICE_CHANGE : 804F9759
21:34:45:390 0196 IRP_MJ_QUERY_QUOTA : 804F9759
21:34:45:390 0196 IRP_MJ_SET_QUOTA : 804F9759
21:34:45:390 0196 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:34:45:390 0196
21:34:45:390 0196 Driver Name: usbstor
21:34:45:390 0196 IRP_MJ_CREATE : F77AC218
21:34:45:390 0196 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
21:34:45:390 0196 IRP_MJ_CLOSE : F77AC218
21:34:45:390 0196 IRP_MJ_READ : F77AC23C
21:34:45:390 0196 IRP_MJ_WRITE : F77AC23C
21:34:45:390 0196 IRP_MJ_QUERY_INFORMATION : 804F9759
21:34:45:390 0196 IRP_MJ_SET_INFORMATION : 804F9759
21:34:45:390 0196 IRP_MJ_QUERY_EA : 804F9759
21:34:45:390 0196 IRP_MJ_SET_EA : 804F9759
21:34:45:390 0196 IRP_MJ_FLUSH_BUFFERS : 804F9759
21:34:45:390 0196 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
21:34:45:390 0196 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
21:34:45:390 0196 IRP_MJ_DIRECTORY_CONTROL : 804F9759
21:34:45:390 0196 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
21:34:45:390 0196 IRP_MJ_DEVICE_CONTROL : F77AC180
21:34:45:390 0196 IRP_MJ_INTERNAL_DEVICE_CONTROL : F77A79E6
21:34:45:390 0196 IRP_MJ_SHUTDOWN : 804F9759
21:34:45:390 0196 IRP_MJ_LOCK_CONTROL : 804F9759
21:34:45:390 0196 IRP_MJ_CLEANUP : 804F9759
21:34:45:390 0196 IRP_MJ_CREATE_MAILSLOT : 804F9759
21:34:45:390 0196 IRP_MJ_QUERY_SECURITY : 804F9759
21:34:45:390 0196 IRP_MJ_SET_SECURITY : 804F9759
21:34:45:390 0196 IRP_MJ_POWER : F77AB5F0
21:34:45:390 0196 IRP_MJ_SYSTEM_CONTROL : F77A9A6E
21:34:45:390 0196 IRP_MJ_DEVICE_CHANGE : 804F9759
21:34:45:390 0196 IRP_MJ_QUERY_QUOTA : 804F9759
21:34:45:390 0196 IRP_MJ_SET_QUOTA : 804F9759
21:34:45:406 0196 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
21:34:45:406 0196
21:34:45:406 0196 Driver Name: usbstor
21:34:45:406 0196 IRP_MJ_CREATE : F77AC218
21:34:45:406 0196 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
21:34:45:406 0196 IRP_MJ_CLOSE : F77AC218
21:34:45:406 0196 IRP_MJ_READ : F77AC23C
21:34:45:406 0196 IRP_MJ_WRITE : F77AC23C
21:34:45:406 0196 IRP_MJ_QUERY_INFORMATION : 804F9759
21:34:45:406 0196 IRP_MJ_SET_INFORMATION : 804F9759
21:34:45:406 0196 IRP_MJ_QUERY_EA : 804F9759
21:34:45:406 0196 IRP_MJ_SET_EA : 804F9759
21:34:45:406 0196 IRP_MJ_FLUSH_BUFFERS : 804F9759
21:34:45:406 0196 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
21:34:45:406 0196 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
21:34:45:406 0196 IRP_MJ_DIRECTORY_CONTROL : 804F9759
21:34:45:406 0196 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
21:34:45:406 0196 IRP_MJ_DEVICE_CONTROL : F77AC180
21:34:45:406 0196 IRP_MJ_INTERNAL_DEVICE_CONTROL : F77A79E6
21:34:45:406 0196 IRP_MJ_SHUTDOWN : 804F9759
21:34:45:406 0196 IRP_MJ_LOCK_CONTROL : 804F9759
21:34:45:406 0196 IRP_MJ_CLEANUP : 804F9759
21:34:45:406 0196 IRP_MJ_CREATE_MAILSLOT : 804F9759
21:34:45:406 0196 IRP_MJ_QUERY_SECURITY : 804F9759
21:34:45:406 0196 IRP_MJ_SET_SECURITY : 804F9759
21:34:45:406 0196 IRP_MJ_POWER : F77AB5F0
21:34:45:406 0196 IRP_MJ_SYSTEM_CONTROL : F77A9A6E
21:34:45:406 0196 IRP_MJ_DEVICE_CHANGE : 804F9759
21:34:45:406 0196 IRP_MJ_QUERY_QUOTA : 804F9759
21:34:45:406 0196 IRP_MJ_SET_QUOTA : 804F9759
21:34:45:406 0196 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
21:34:45:406 0196
21:34:45:406 0196 Driver Name: usbstor
21:34:45:406 0196 IRP_MJ_CREATE : F77AC218
21:34:45:406 0196 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
21:34:45:406 0196 IRP_MJ_CLOSE : F77AC218
21:34:45:406 0196 IRP_MJ_READ : F77AC23C
21:34:45:406 0196 IRP_MJ_WRITE : F77AC23C
21:34:45:406 0196 IRP_MJ_QUERY_INFORMATION : 804F9759
21:34:45:406 0196 IRP_MJ_SET_INFORMATION : 804F9759
21:34:45:406 0196 IRP_MJ_QUERY_EA : 804F9759
21:34:45:406 0196 IRP_MJ_SET_EA : 804F9759
21:34:45:406 0196 IRP_MJ_FLUSH_BUFFERS : 804F9759
21:34:45:406 0196 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
21:34:45:406 0196 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
21:34:45:406 0196 IRP_MJ_DIRECTORY_CONTROL : 804F9759
21:34:45:406 0196 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
21:34:45:406 0196 IRP_MJ_DEVICE_CONTROL : F77AC180
21:34:45:406 0196 IRP_MJ_INTERNAL_DEVICE_CONTROL : F77A79E6
21:34:45:406 0196 IRP_MJ_SHUTDOWN : 804F9759
21:34:45:406 0196 IRP_MJ_LOCK_CONTROL : 804F9759
21:34:45:406 0196 IRP_MJ_CLEANUP : 804F9759
21:34:45:406 0196 IRP_MJ_CREATE_MAILSLOT : 804F9759
21:34:45:406 0196 IRP_MJ_QUERY_SECURITY : 804F9759
21:34:45:406 0196 IRP_MJ_SET_SECURITY : 804F9759
21:34:45:406 0196 IRP_MJ_POWER : F77AB5F0
21:34:45:406 0196 IRP_MJ_SYSTEM_CONTROL : F77A9A6E
21:34:45:406 0196 IRP_MJ_DEVICE_CHANGE : 804F9759
21:34:45:406 0196 IRP_MJ_QUERY_QUOTA : 804F9759
21:34:45:406 0196 IRP_MJ_SET_QUOTA : 804F9759
21:34:45:406 0196 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
21:34:45:406 0196
21:34:45:406 0196 Driver Name: usbstor
21:34:45:406 0196 IRP_MJ_CREATE : F77AC218
21:34:45:406 0196 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
21:34:45:406 0196 IRP_MJ_CLOSE : F77AC218
21:34:45:406 0196 IRP_MJ_READ : F77AC23C
21:34:45:406 0196 IRP_MJ_WRITE : F77AC23C
21:34:45:406 0196 IRP_MJ_QUERY_INFORMATION : 804F9759
21:34:45:406 0196 IRP_MJ_SET_INFORMATION : 804F9759
21:34:45:406 0196 IRP_MJ_QUERY_EA : 804F9759
21:34:45:406 0196 IRP_MJ_SET_EA : 804F9759
21:34:45:406 0196 IRP_MJ_FLUSH_BUFFERS : 804F9759
21:34:45:406 0196 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
21:34:45:406 0196 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
21:34:45:406 0196 IRP_MJ_DIRECTORY_CONTROL : 804F9759
21:34:45:406 0196 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
21:34:45:406 0196 IRP_MJ_DEVICE_CONTROL : F77AC180
21:34:45:406 0196 IRP_MJ_INTERNAL_DEVICE_CONTROL : F77A79E6
21:34:45:406 0196 IRP_MJ_SHUTDOWN : 804F9759
21:34:45:406 0196 IRP_MJ_LOCK_CONTROL : 804F9759
21:34:45:406 0196 IRP_MJ_CLEANUP : 804F9759
21:34:45:406 0196 IRP_MJ_CREATE_MAILSLOT : 804F9759
21:34:45:406 0196 IRP_MJ_QUERY_SECURITY : 804F9759
21:34:45:406 0196 IRP_MJ_SET_SECURITY : 804F9759
21:34:45:406 0196 IRP_MJ_POWER : F77AB5F0
21:34:45:406 0196 IRP_MJ_SYSTEM_CONTROL : F77A9A6E
21:34:45:406 0196 IRP_MJ_DEVICE_CHANGE : 804F9759
21:34:45:406 0196 IRP_MJ_QUERY_QUOTA : 804F9759
21:34:45:406 0196 IRP_MJ_SET_QUOTA : 804F9759
21:34:45:406 0196 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
21:34:45:406 0196
21:34:45:406 0196 Driver Name: Disk
21:34:45:406 0196 IRP_MJ_CREATE : F763DBB0
21:34:45:406 0196 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
21:34:45:406 0196 IRP_MJ_CLOSE : F763DBB0
21:34:45:406 0196 IRP_MJ_READ : F7637D1F
21:34:45:406 0196 IRP_MJ_WRITE : F7637D1F
21:34:45:406 0196 IRP_MJ_QUERY_INFORMATION : 804F9759
21:34:45:406 0196 IRP_MJ_SET_INFORMATION : 804F9759
21:34:45:406 0196 IRP_MJ_QUERY_EA : 804F9759
21:34:45:406 0196 IRP_MJ_SET_EA : 804F9759
21:34:45:406 0196 IRP_MJ_FLUSH_BUFFERS : F76382E2
21:34:45:406 0196 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
21:34:45:406 0196 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
21:34:45:406 0196 IRP_MJ_DIRECTORY_CONTROL : 804F9759
21:34:45:406 0196 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
21:34:45:406 0196 IRP_MJ_DEVICE_CONTROL : F76383BB
21:34:45:406 0196 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BF28
21:34:45:406 0196 IRP_MJ_SHUTDOWN : F76382E2
21:34:45:406 0196 IRP_MJ_LOCK_CONTROL : 804F9759
21:34:45:406 0196 IRP_MJ_CLEANUP : 804F9759
21:34:45:406 0196 IRP_MJ_CREATE_MAILSLOT : 804F9759
21:34:45:406 0196 IRP_MJ_QUERY_SECURITY : 804F9759
21:34:45:406 0196 IRP_MJ_SET_SECURITY : 804F9759
21:34:45:406 0196 IRP_MJ_POWER : F7639C82
21:34:45:406 0196 IRP_MJ_SYSTEM_CONTROL : F763E99E
21:34:45:406 0196 IRP_MJ_DEVICE_CHANGE : 804F9759
21:34:45:406 0196 IRP_MJ_QUERY_QUOTA : 804F9759
21:34:45:406 0196 IRP_MJ_SET_QUOTA : 804F9759
21:34:45:406 0196 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:34:45:406 0196
21:34:45:406 0196 Driver Name: Disk
21:34:45:406 0196 IRP_MJ_CREATE : F763DBB0
21:34:45:406 0196 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
21:34:45:406 0196 IRP_MJ_CLOSE : F763DBB0
21:34:45:406 0196 IRP_MJ_READ : F7637D1F
21:34:45:406 0196 IRP_MJ_WRITE : F7637D1F
21:34:45:406 0196 IRP_MJ_QUERY_INFORMATION : 804F9759
21:34:45:406 0196 IRP_MJ_SET_INFORMATION : 804F9759
21:34:45:406 0196 IRP_MJ_QUERY_EA : 804F9759
21:34:45:406 0196 IRP_MJ_SET_EA : 804F9759
21:34:45:406 0196 IRP_MJ_FLUSH_BUFFERS : F76382E2
21:34:45:406 0196 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
21:34:45:406 0196 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
21:34:45:406 0196 IRP_MJ_DIRECTORY_CONTROL : 804F9759
21:34:45:406 0196 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
21:34:45:406 0196 IRP_MJ_DEVICE_CONTROL : F76383BB
21:34:45:406 0196 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BF28
21:34:45:406 0196 IRP_MJ_SHUTDOWN : F76382E2
21:34:45:406 0196 IRP_MJ_LOCK_CONTROL : 804F9759
21:34:45:406 0196 IRP_MJ_CLEANUP : 804F9759
21:34:45:406 0196 IRP_MJ_CREATE_MAILSLOT : 804F9759
21:34:45:406 0196 IRP_MJ_QUERY_SECURITY : 804F9759
21:34:45:406 0196 IRP_MJ_SET_SECURITY : 804F9759
21:34:45:406 0196 IRP_MJ_POWER : F7639C82
21:34:45:406 0196 IRP_MJ_SYSTEM_CONTROL : F763E99E
21:34:45:406 0196 IRP_MJ_DEVICE_CHANGE : 804F9759
21:34:45:406 0196 IRP_MJ_QUERY_QUOTA : 804F9759
21:34:45:406 0196 IRP_MJ_SET_QUOTA : 804F9759
21:34:45:406 0196 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:34:45:406 0196
21:34:45:406 0196 Driver Name: Disk
21:34:45:406 0196 IRP_MJ_CREATE : F763DBB0
21:34:45:406 0196 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
21:34:45:406 0196 IRP_MJ_CLOSE : F763DBB0
21:34:45:406 0196 IRP_MJ_READ : F7637D1F
21:34:45:406 0196 IRP_MJ_WRITE : F7637D1F
21:34:45:406 0196 IRP_MJ_QUERY_INFORMATION : 804F9759
21:34:45:406 0196 IRP_MJ_SET_INFORMATION : 804F9759
21:34:45:406 0196 IRP_MJ_QUERY_EA : 804F9759
21:34:45:406 0196 IRP_MJ_SET_EA : 804F9759
21:34:45:406 0196 IRP_MJ_FLUSH_BUFFERS : F76382E2
21:34:45:406 0196 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
21:34:45:406 0196 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
21:34:45:406 0196 IRP_MJ_DIRECTORY_CONTROL : 804F9759
21:34:45:406 0196 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
21:34:45:406 0196 IRP_MJ_DEVICE_CONTROL : F76383BB
21:34:45:406 0196 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BF28
21:34:45:406 0196 IRP_MJ_SHUTDOWN : F76382E2
21:34:45:406 0196 IRP_MJ_LOCK_CONTROL : 804F9759
21:34:45:406 0196 IRP_MJ_CLEANUP : 804F9759
21:34:45:406 0196 IRP_MJ_CREATE_MAILSLOT : 804F9759
21:34:45:406 0196 IRP_MJ_QUERY_SECURITY : 804F9759
21:34:45:406 0196 IRP_MJ_SET_SECURITY : 804F9759
21:34:45:406 0196 IRP_MJ_POWER : F7639C82
21:34:45:406 0196 IRP_MJ_SYSTEM_CONTROL : F763E99E
21:34:45:406 0196 IRP_MJ_DEVICE_CHANGE : 804F9759
21:34:45:406 0196 IRP_MJ_QUERY_QUOTA : 804F9759
21:34:45:406 0196 IRP_MJ_SET_QUOTA : 804F9759
21:34:45:421 0196 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:34:45:421 0196
21:34:45:421 0196 Driver Name: Disk
21:34:45:421 0196 IRP_MJ_CREATE : F763DBB0
21:34:45:421 0196 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
21:34:45:421 0196 IRP_MJ_CLOSE : F763DBB0
21:34:45:421 0196 IRP_MJ_READ : F7637D1F
21:34:45:421 0196 IRP_MJ_WRITE : F7637D1F
21:34:45:421 0196 IRP_MJ_QUERY_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_SET_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_EA : 804F9759
21:34:45:421 0196 IRP_MJ_SET_EA : 804F9759
21:34:45:421 0196 IRP_MJ_FLUSH_BUFFERS : F76382E2
21:34:45:421 0196 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_DIRECTORY_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_DEVICE_CONTROL : F76383BB
21:34:45:421 0196 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BF28
21:34:45:421 0196 IRP_MJ_SHUTDOWN : F76382E2
21:34:45:421 0196 IRP_MJ_LOCK_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_CLEANUP : 804F9759
21:34:45:421 0196 IRP_MJ_CREATE_MAILSLOT : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_SECURITY : 804F9759
21:34:45:421 0196 IRP_MJ_SET_SECURITY : 804F9759
21:34:45:421 0196 IRP_MJ_POWER : F7639C82
21:34:45:421 0196 IRP_MJ_SYSTEM_CONTROL : F763E99E
21:34:45:421 0196 IRP_MJ_DEVICE_CHANGE : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_QUOTA : 804F9759
21:34:45:421 0196 IRP_MJ_SET_QUOTA : 804F9759
21:34:45:421 0196 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:34:45:421 0196
21:34:45:421 0196 Driver Name: usbstor
21:34:45:421 0196 IRP_MJ_CREATE : F77AC218
21:34:45:421 0196 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
21:34:45:421 0196 IRP_MJ_CLOSE : F77AC218
21:34:45:421 0196 IRP_MJ_READ : F77AC23C
21:34:45:421 0196 IRP_MJ_WRITE : F77AC23C
21:34:45:421 0196 IRP_MJ_QUERY_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_SET_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_EA : 804F9759
21:34:45:421 0196 IRP_MJ_SET_EA : 804F9759
21:34:45:421 0196 IRP_MJ_FLUSH_BUFFERS : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_DIRECTORY_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_DEVICE_CONTROL : F77AC180
21:34:45:421 0196 IRP_MJ_INTERNAL_DEVICE_CONTROL : F77A79E6
21:34:45:421 0196 IRP_MJ_SHUTDOWN : 804F9759
21:34:45:421 0196 IRP_MJ_LOCK_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_CLEANUP : 804F9759
21:34:45:421 0196 IRP_MJ_CREATE_MAILSLOT : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_SECURITY : 804F9759
21:34:45:421 0196 IRP_MJ_SET_SECURITY : 804F9759
21:34:45:421 0196 IRP_MJ_POWER : F77AB5F0
21:34:45:421 0196 IRP_MJ_SYSTEM_CONTROL : F77A9A6E
21:34:45:421 0196 IRP_MJ_DEVICE_CHANGE : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_QUOTA : 804F9759
21:34:45:421 0196 IRP_MJ_SET_QUOTA : 804F9759
21:34:45:421 0196 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
21:34:45:421 0196
21:34:45:421 0196 Driver Name: usbstor
21:34:45:421 0196 IRP_MJ_CREATE : F77AC218
21:34:45:421 0196 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
21:34:45:421 0196 IRP_MJ_CLOSE : F77AC218
21:34:45:421 0196 IRP_MJ_READ : F77AC23C
21:34:45:421 0196 IRP_MJ_WRITE : F77AC23C
21:34:45:421 0196 IRP_MJ_QUERY_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_SET_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_EA : 804F9759
21:34:45:421 0196 IRP_MJ_SET_EA : 804F9759
21:34:45:421 0196 IRP_MJ_FLUSH_BUFFERS : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_DIRECTORY_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_DEVICE_CONTROL : F77AC180
21:34:45:421 0196 IRP_MJ_INTERNAL_DEVICE_CONTROL : F77A79E6
21:34:45:421 0196 IRP_MJ_SHUTDOWN : 804F9759
21:34:45:421 0196 IRP_MJ_LOCK_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_CLEANUP : 804F9759
21:34:45:421 0196 IRP_MJ_CREATE_MAILSLOT : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_SECURITY : 804F9759
21:34:45:421 0196 IRP_MJ_SET_SECURITY : 804F9759
21:34:45:421 0196 IRP_MJ_POWER : F77AB5F0
21:34:45:421 0196 IRP_MJ_SYSTEM_CONTROL : F77A9A6E
21:34:45:421 0196 IRP_MJ_DEVICE_CHANGE : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_QUOTA : 804F9759
21:34:45:421 0196 IRP_MJ_SET_QUOTA : 804F9759
21:34:45:421 0196 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
21:34:45:421 0196
21:34:45:421 0196 Driver Name: usbstor
21:34:45:421 0196 IRP_MJ_CREATE : F77AC218
21:34:45:421 0196 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
21:34:45:421 0196 IRP_MJ_CLOSE : F77AC218
21:34:45:421 0196 IRP_MJ_READ : F77AC23C
21:34:45:421 0196 IRP_MJ_WRITE : F77AC23C
21:34:45:421 0196 IRP_MJ_QUERY_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_SET_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_EA : 804F9759
21:34:45:421 0196 IRP_MJ_SET_EA : 804F9759
21:34:45:421 0196 IRP_MJ_FLUSH_BUFFERS : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_DIRECTORY_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_DEVICE_CONTROL : F77AC180
21:34:45:421 0196 IRP_MJ_INTERNAL_DEVICE_CONTROL : F77A79E6
21:34:45:421 0196 IRP_MJ_SHUTDOWN : 804F9759
21:34:45:421 0196 IRP_MJ_LOCK_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_CLEANUP : 804F9759
21:34:45:421 0196 IRP_MJ_CREATE_MAILSLOT : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_SECURITY : 804F9759
21:34:45:421 0196 IRP_MJ_SET_SECURITY : 804F9759
21:34:45:421 0196 IRP_MJ_POWER : F77AB5F0
21:34:45:421 0196 IRP_MJ_SYSTEM_CONTROL : F77A9A6E
21:34:45:421 0196 IRP_MJ_DEVICE_CHANGE : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_QUOTA : 804F9759
21:34:45:421 0196 IRP_MJ_SET_QUOTA : 804F9759
21:34:45:421 0196 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
21:34:45:421 0196
21:34:45:421 0196 Driver Name: usbstor
21:34:45:421 0196 IRP_MJ_CREATE : F77AC218
21:34:45:421 0196 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
21:34:45:421 0196 IRP_MJ_CLOSE : F77AC218
21:34:45:421 0196 IRP_MJ_READ : F77AC23C
21:34:45:421 0196 IRP_MJ_WRITE : F77AC23C
21:34:45:421 0196 IRP_MJ_QUERY_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_SET_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_EA : 804F9759
21:34:45:421 0196 IRP_MJ_SET_EA : 804F9759
21:34:45:421 0196 IRP_MJ_FLUSH_BUFFERS : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_DIRECTORY_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_DEVICE_CONTROL : F77AC180
21:34:45:421 0196 IRP_MJ_INTERNAL_DEVICE_CONTROL : F77A79E6
21:34:45:421 0196 IRP_MJ_SHUTDOWN : 804F9759
21:34:45:421 0196 IRP_MJ_LOCK_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_CLEANUP : 804F9759
21:34:45:421 0196 IRP_MJ_CREATE_MAILSLOT : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_SECURITY : 804F9759
21:34:45:421 0196 IRP_MJ_SET_SECURITY : 804F9759
21:34:45:421 0196 IRP_MJ_POWER : F77AB5F0
21:34:45:421 0196 IRP_MJ_SYSTEM_CONTROL : F77A9A6E
21:34:45:421 0196 IRP_MJ_DEVICE_CHANGE : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_QUOTA : 804F9759
21:34:45:421 0196 IRP_MJ_SET_QUOTA : 804F9759
21:34:45:421 0196 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
21:34:45:421 0196
21:34:45:421 0196 Driver Name: Disk
21:34:45:421 0196 IRP_MJ_CREATE : F763DBB0
21:34:45:421 0196 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
21:34:45:421 0196 IRP_MJ_CLOSE : F763DBB0
21:34:45:421 0196 IRP_MJ_READ : F7637D1F
21:34:45:421 0196 IRP_MJ_WRITE : F7637D1F
21:34:45:421 0196 IRP_MJ_QUERY_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_SET_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_EA : 804F9759
21:34:45:421 0196 IRP_MJ_SET_EA : 804F9759
21:34:45:421 0196 IRP_MJ_FLUSH_BUFFERS : F76382E2
21:34:45:421 0196 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_DIRECTORY_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_DEVICE_CONTROL : F76383BB
21:34:45:421 0196 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BF28
21:34:45:421 0196 IRP_MJ_SHUTDOWN : F76382E2
21:34:45:421 0196 IRP_MJ_LOCK_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_CLEANUP : 804F9759
21:34:45:421 0196 IRP_MJ_CREATE_MAILSLOT : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_SECURITY : 804F9759
21:34:45:421 0196 IRP_MJ_SET_SECURITY : 804F9759
21:34:45:421 0196 IRP_MJ_POWER : F7639C82
21:34:45:421 0196 IRP_MJ_SYSTEM_CONTROL : F763E99E
21:34:45:421 0196 IRP_MJ_DEVICE_CHANGE : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_QUOTA : 804F9759
21:34:45:421 0196 IRP_MJ_SET_QUOTA : 804F9759
21:34:45:421 0196 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:34:45:421 0196
21:34:45:421 0196 Driver Name: Disk
21:34:45:421 0196 IRP_MJ_CREATE : F763DBB0
21:34:45:421 0196 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
21:34:45:421 0196 IRP_MJ_CLOSE : F763DBB0
21:34:45:421 0196 IRP_MJ_READ : F7637D1F
21:34:45:421 0196 IRP_MJ_WRITE : F7637D1F
21:34:45:421 0196 IRP_MJ_QUERY_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_SET_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_EA : 804F9759
21:34:45:421 0196 IRP_MJ_SET_EA : 804F9759
21:34:45:421 0196 IRP_MJ_FLUSH_BUFFERS : F76382E2
21:34:45:421 0196 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_DIRECTORY_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_DEVICE_CONTROL : F76383BB
21:34:45:421 0196 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BF28
21:34:45:421 0196 IRP_MJ_SHUTDOWN : F76382E2
21:34:45:421 0196 IRP_MJ_LOCK_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_CLEANUP : 804F9759
21:34:45:421 0196 IRP_MJ_CREATE_MAILSLOT : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_SECURITY : 804F9759
21:34:45:421 0196 IRP_MJ_SET_SECURITY : 804F9759
21:34:45:421 0196 IRP_MJ_POWER : F7639C82
21:34:45:421 0196 IRP_MJ_SYSTEM_CONTROL : F763E99E
21:34:45:421 0196 IRP_MJ_DEVICE_CHANGE : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_QUOTA : 804F9759
21:34:45:421 0196 IRP_MJ_SET_QUOTA : 804F9759
21:34:45:421 0196 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:34:45:421 0196
21:34:45:421 0196 Driver Name: Disk
21:34:45:421 0196 IRP_MJ_CREATE : F763DBB0
21:34:45:421 0196 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
21:34:45:421 0196 IRP_MJ_CLOSE : F763DBB0
21:34:45:421 0196 IRP_MJ_READ : F7637D1F
21:34:45:421 0196 IRP_MJ_WRITE : F7637D1F
21:34:45:421 0196 IRP_MJ_QUERY_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_SET_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_EA : 804F9759
21:34:45:421 0196 IRP_MJ_SET_EA : 804F9759
21:34:45:421 0196 IRP_MJ_FLUSH_BUFFERS : F76382E2
21:34:45:421 0196 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_DIRECTORY_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_DEVICE_CONTROL : F76383BB
21:34:45:421 0196 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BF28
21:34:45:421 0196 IRP_MJ_SHUTDOWN : F76382E2
21:34:45:421 0196 IRP_MJ_LOCK_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_CLEANUP : 804F9759
21:34:45:421 0196 IRP_MJ_CREATE_MAILSLOT : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_SECURITY : 804F9759
21:34:45:421 0196 IRP_MJ_SET_SECURITY : 804F9759
21:34:45:421 0196 IRP_MJ_POWER : F7639C82
21:34:45:421 0196 IRP_MJ_SYSTEM_CONTROL : F763E99E
21:34:45:421 0196 IRP_MJ_DEVICE_CHANGE : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_QUOTA : 804F9759
21:34:45:421 0196 IRP_MJ_SET_QUOTA : 804F9759
21:34:45:421 0196 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:34:45:421 0196
21:34:45:421 0196 Driver Name: atapi
21:34:45:421 0196 IRP_MJ_CREATE : F74A46F2
21:34:45:421 0196 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
21:34:45:421 0196 IRP_MJ_CLOSE : F74A46F2
21:34:45:421 0196 IRP_MJ_READ : 804F9759
21:34:45:421 0196 IRP_MJ_WRITE : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_SET_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_EA : 804F9759
21:34:45:421 0196 IRP_MJ_SET_EA : 804F9759
21:34:45:421 0196 IRP_MJ_FLUSH_BUFFERS : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
21:34:45:421 0196 IRP_MJ_DIRECTORY_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_DEVICE_CONTROL : F74A4712
21:34:45:421 0196 IRP_MJ_INTERNAL_DEVICE_CONTROL : F74A0852
21:34:45:421 0196 IRP_MJ_SHUTDOWN : 804F9759
21:34:45:421 0196 IRP_MJ_LOCK_CONTROL : 804F9759
21:34:45:421 0196 IRP_MJ_CLEANUP : 804F9759
21:34:45:421 0196 IRP_MJ_CREATE_MAILSLOT : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_SECURITY : 804F9759
21:34:45:421 0196 IRP_MJ_SET_SECURITY : 804F9759
21:34:45:421 0196 IRP_MJ_POWER : F74A473C
21:34:45:421 0196 IRP_MJ_SYSTEM_CONTROL : F74AB336
21:34:45:421 0196 IRP_MJ_DEVICE_CHANGE : 804F9759
21:34:45:421 0196 IRP_MJ_QUERY_QUOTA : 804F9759
21:34:45:421 0196 IRP_MJ_SET_QUOTA : 804F9759
21:34:45:437 0196 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
21:34:45:437 0196
21:34:45:437 0196 Completed
21:34:45:437 0196
21:34:45:437 0196 Results:
21:34:45:437 0196 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
21:34:45:437 0196 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
21:34:45:437 0196 File objects infected / cured / cured on reboot: 0 / 0 / 0
21:34:45:437 0196
21:34:45:437 0196 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
21:34:45:437 0196 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
21:34:45:453 0196 KLMD(ARK) unloaded successfully

miruska27 · Příspěvekod **miruska27** » 12 dub 2010 21:59

Druhý.......

ComboFix 10-04-11.03 - Mirek 12.04.2010 21:38:27.5.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1762 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mirek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Mirek\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\windows\system32\ezsidmv.dat"
"c:\windows\system32\mlfcache.dat"
"c:\windows\Tasks\GlaryInitialize.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ezsidmv.dat
c:\windows\system32\mlfcache.dat
c:\windows\Tasks\GlaryInitialize.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-12 do 2010-04-12 )))))))))))))))))))))))))))))))
.

2010-04-11 22:14 . 2010-04-11 22:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-11 22:13 . 2010-04-11 22:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-08 08:00 . 2010-04-08 08:01 -------- d-----w- c:\windows\system32\NtmsData
2010-04-07 21:19 . 2010-04-07 21:19 -------- d-----w- c:\program files\Glary Utilities
2010-04-07 15:33 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-04-07 15:33 . 2010-04-07 15:33 -------- d-----w- c:\program files\PC Connectivity Solution
2010-04-07 15:32 . 2009-12-30 09:25 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2010-04-07 15:32 . 2009-12-30 09:25 137344 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2010-04-07 15:32 . 2009-12-30 09:30 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-04-07 15:32 . 2009-12-30 09:30 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-04-07 15:32 . 2009-12-30 09:30 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-04-07 15:32 . 2010-01-21 12:53 18048 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-04-07 15:32 . 2009-12-30 09:30 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-04-07 15:32 . 2009-10-06 09:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-04-04 16:48 . 2010-04-04 16:48 -------- d-----w- c:\windows\PixArt
2010-04-04 16:47 . 2007-06-14 13:29 457856 ----a-w- c:\windows\system32\drivers\PAC7302.SYS
2010-04-04 16:47 . 2006-11-20 07:04 6656 ----a-w- c:\windows\system32\CoInst.dll
2010-04-04 06:32 . 2010-04-04 06:34 -------- d-----w- c:\program files\Google
2010-04-02 18:56 . 2010-04-02 18:56 -------- d-----w- c:\program files\Common Files\Java
2010-04-02 18:55 . 2010-04-02 18:55 -------- d-----w- c:\program files\Java
2010-03-24 19:53 . 2010-03-24 19:53 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-24 19:51 . 2010-03-24 19:53 -------- d-----w- c:\program files\DivX
2010-03-21 17:58 . 2010-04-11 20:18 -------- d-----w- c:\documents and settings\Mirek\.dvdcss
2010-03-21 17:42 . 2010-03-21 17:42 -------- d-----w- c:\program files\DVD Audio Extractor
2010-03-18 21:31 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-03-18 21:31 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-03-18 21:31 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-03-18 21:31 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2010-03-18 21:31 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2010-03-18 21:31 . 2010-03-10 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-18 21:31 . 2010-03-18 21:32 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-14 15:13 . 2010-03-14 15:13 -------- d-----w- c:\program files\IObit
2010-03-14 15:03 . 2010-03-14 15:03 -------- d-----w- c:\program files\CleanMyPC
2010-03-14 11:02 . 2010-03-14 11:02 -------- d-----r- c:\program files\Skype
2010-03-14 07:15 . 2010-04-04 07:20 -------- d-----w- c:\program files\Common Files\Scanner
2010-03-14 07:15 . 2002-02-21 17:56 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-03-14 07:15 . 2010-04-04 07:20 -------- d-----w- c:\program files\Yahoo!
2010-03-14 07:04 . 2010-03-14 15:28 -------- d-----w- c:\program files\Common Files\LogiShared

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 20:45 . 2001-10-25 14:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2010-04-11 20:45 . 2001-10-25 14:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2010-04-11 20:39 . 2010-01-14 19:04 -------- d-----w- c:\program files\Common Files\Nokia
2010-04-11 20:39 . 2010-01-12 08:32 -------- d-----w- c:\program files\Nokia
2010-04-04 16:47 . 2010-01-12 08:07 -------- d-----w- c:\program files\Logitech
2010-04-04 16:47 . 2010-01-11 20:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-02 18:55 . 2010-01-11 21:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-01 19:25 . 2010-02-07 23:41 -------- d-----w- c:\program files\ICQ7.0
2010-03-29 22:01 . 2010-01-12 21:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 20:42 . 2010-01-11 22:39 -------- d-----w- c:\program files\CCleaner
2010-03-29 13:24 . 2010-01-12 21:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 13:24 . 2010-01-12 21:36 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-15 22:28 . 2010-01-12 00:41 -------- d-----w- c:\program files\DVDFab 6
2010-03-14 06:58 . 2010-01-12 08:07 -------- d-----w- c:\program files\Common Files\Logitech
2010-03-10 07:08 . 2010-03-10 07:08 -------- d-----w- c:\program files\Auslogics
2010-02-27 16:03 . 2010-02-27 15:03 -------- d-----w- c:\program files\TomTom International B.V
2010-02-25 06:18 . 2004-08-17 13:49 916480 ------w- c:\windows\system32\wininet.dll
2010-02-21 19:29 . 2010-01-11 21:08 -------- d-----w- c:\program files\ESET
2010-02-18 04:28 . 2010-02-11 12:19 -------- d-----w- c:\program files\CDex_170b2
2010-02-17 08:49 . 2010-02-17 08:49 -------- d-----w- c:\program files\WIDCOMM
2010-02-12 11:05 . 2010-02-12 11:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-02-12 10:03 . 2010-03-06 05:55 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 06:57 . 2010-02-12 06:57 -------- d-----w- c:\program files\Trend Micro
2010-02-11 22:43 . 2010-02-11 22:43 -------- d-----w- c:\program files\CDex
2010-02-10 17:13 . 2010-02-09 10:34 165376 ----a-w- c:\windows\system32\unrar.dll
2010-01-22 13:09 . 2010-01-22 13:09 230432 ----a-w- C:\PA7302.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-04-12_10.39.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-12 19:43 . 2010-04-12 19:43 16384 c:\windows\temp\Perflib_Perfdata_658.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2010-01-12 26624]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"Google Update"="c:\documents and settings\Mirek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-03-03 135664]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-11 16342528]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Mirek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-6-7 553021]
SecureDoc.lnk - c:\program files\MSI\SecureDoc\Logon.exe [2010-1-12 82944]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 12:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18.8.2008 14:27 35168]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 10:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2010 10:15 66632]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [18.8.2008 14:25 472280]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12.1.2010 23:36 303952]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12.1.2010 23:36 20824]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 14:20 12648]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2010 10:15 12872]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4.4.2010 8:32 136176]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [7.4.2010 17:32 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [7.4.2010 17:32 8320]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-12 21:44
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2496)
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\IoctlSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\documents and settings\Mirek\Local Settings\Data aplikací\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Celkový čas: 2010-04-12 21:47:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-12 19:47
ComboFix2.txt 2010-04-12 10:40

Před spuštěním: Volných bajtů: 65 809 903 616
Po spuštění: Volných bajtů: 63 574 896 640

- - End Of File - - 494BE06AD829C478B28354B6EB88AAF4

miruska27 · Příspěvekod **miruska27** » 12 dub 2010 22:00

A poslední....

Kód: Vybrat vše


2010-04-12,21:50:55

System Repair Engineer 2.8.2.1321
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Running Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan
    Scheduled Tasks
    Windows Security Update Check
    API HOOK
    Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <OEXPRESS><C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE>  []
    <BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe">  [(Verified)Nero AG]
    <Google Update><"C:\Documents and Settings\Mirek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c>  [(Verified)Google Inc]
    <SUPERAntiSpyware><C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe>  [(Verified)SuperAdBlocker.com]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RTHDCPL><RTHDCPL.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <PAC7302_Monitor><C:\WINDOWS\PixArt\PAC7302\Monitor.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <egui><"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice>  [(Verified)ESET, spol. s r.o.]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)NVIDIA Corporation]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)NVIDIA Corporation]
    <DivXUpdate><"C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW>  [(Verified)DivX, Inc.]
    <Malwarebytes' Anti-Malware><"C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray>  [(Verified)Malwarebytes Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}><C:\Program Files\SUPERAntiSpyware\SASSEH.DLL>  [SuperAdBlocker.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%Systemroot%\system32\webcheck.dll>  [(Verified)Microsoft Windows]
    <SysTray><%systemroot%\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
    <WinlogonNotify: !SASWinLogon><C:\Program Files\SUPERAntiSpyware\SASWINLO.dll>  [SUPERAntiSpyware.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <Aktualizace verze aplikace Internet Explorer><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{BBC016FF-30FB-40B7-8209-6B7967B9A8F7}]
    <Úpravy nastavení prohlížeče><RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Adresář 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Aktualizace plochy systému Windows><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\logon.scr>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <PC Suite Tray><; "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray>  [Nokia]

==================================
Startup Folders
[Bluetooth]
  <C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk --> C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [Broadcom Corporation.]><N>
[SecureDoc]
  <C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\SecureDoc.lnk --> C:\PROGRA~1\MSI\SECURE~1\Logon.exe [msi]><N>
[Secunia PSI]
  <C:\Documents and Settings\Mirek\Nabídka Start\Programy\Po spuštění\Secunia PSI.lnk --> C:\PROGRA~1\Secunia\PSI\psi.exe [Secunia]><N>

==================================
Services
[Bluetooth Service / btwdins][Running/Auto Start]
  <C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe><Broadcom Corporation.>
[Eset HTTP Server / EhttpSrv][Stopped/Manual Start]
  <"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"><ESET>
[Eset Service / ekrn][Running/Auto Start]
  <"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"><ESET>
[Služba Google Update (gupdate) / gupdate][Stopped/Auto Start]
  <"C:\Program Files\Google\Update\GoogleUpdate.exe" /svc><Google Inc.>
[Java Quick Starter / JavaQuickStarterService][Running/Auto Start]
  <"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"><Sun Microsystems, Inc.>
[MBAMService / MBAMService][Running/Auto Start]
  <"C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"><Malwarebytes Corporation>
[NBService / NBService][Stopped/Manual Start]
  <C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe><Nero AG>
[NMIndexingService / NMIndexingService][Running/Manual Start]
  <"C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"><Nero AG>
[NVIDIA Display Driver Service / nvsvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[PLFlash DeviceIoControl Service / PLFlash DeviceIoControl Service][Running/Auto Start]
  <C:\WINDOWS\system32\IoctlSvc.exe><Prolific Technology Inc.>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
  <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia>

==================================
Drivers
[Ovladač procesoru HwPState AMD / AmdPPM][Running/System Start]
  <system32\DRIVERS\AmdPPM.sys><Advanced Micro Devices>
[Bluetooth Audio Service / BlueletAudio][Stopped/Manual Start]
  <system32\DRIVERS\blueletaudio.sys><N/A>
[Bluetooth SCO Audio Service / BlueletSCOAudio][Stopped/Manual Start]
  <system32\DRIVERS\BlueletSCOAudio.sys><N/A>
[Bluetooth PAN Network Adapter / BT][Stopped/Manual Start]
  <system32\DRIVERS\btnetdrv.sys><N/A>
[Bluetooth Audio Device / btaudio][Running/Manual Start]
  <system32\drivers\btaudio.sys><Broadcom Corporation.>
[Bluetooth USB For Bluetooth Service / Btcsrusb][Stopped/Manual Start]
  <System32\Drivers\btcusb.sys><N/A>
[Bluetooth Virtual Communications Driver / BTDriver][Running/Manual Start]
  <system32\DRIVERS\btport.sys><Broadcom Corporation.>
[Bluetooth HID Enumerator / BTHidEnum][Stopped/Boot Start]
  <\SystemRoot\System32\Drivers\vbtenum.sys><N/A>
[Bluetooth HID Manager Service / BTHidMgr][Stopped/Boot Start]
  <\SystemRoot\System32\Drivers\BTHidMgr.sys><N/A>
[Bluetooth Bus Enumerator / BTKRNL][Running/Manual Start]
  <system32\DRIVERS\btkrnl.sys><Broadcom Corporation.>
[Bluetooth LAN Access Server / BTWDNDIS][Running/Manual Start]
  <system32\DRIVERS\btwdndis.sys><Broadcom Corporation.>
[btwhid / btwhid][Running/Manual Start]
  <system32\DRIVERS\btwhid.sys><Broadcom Corporation.>
[Bluetooth Modem / btwmodem][Stopped/Manual Start]
  <system32\DRIVERS\btwmodem.sys><Broadcom Corporation.>
[WIDCOMM USB Bluetooth Driver / BTWUSB][Running/Manual Start]
  <System32\Drivers\btwusb.sys><Broadcom Corporation.>
[catchme / catchme][Running/Manual Start]
  <\??\C:\ComboFix\catchme.sys><N/A>
[eamon / eamon][Running/Auto Start]
  <system32\DRIVERS\eamon.sys><ESET>
[easdrv / easdrv][Running/System Start]
  <system32\DRIVERS\easdrv.sys><ESET>
[epfwtdir / epfwtdir][Running/System Start]
  <system32\DRIVERS\epfwtdir.sys><N/A>
[Ovladač Microsoft UAA pro sběrnici High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[Logitech SetPoint KMDF HID Filter Driver / LHidFilt][Stopped/Manual Start]
  <system32\DRIVERS\LHidFilt.Sys><Logitech, Inc.>
[Logitech SetPoint KMDF Mouse Filter Driver / LMouFilt][Stopped/Manual Start]
  <system32\DRIVERS\LMouFilt.Sys><Logitech, Inc.>
[MBAMProtector / MBAMProtector][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\mbam.sys><Malwarebytes Corporation>
[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
  <system32\drivers\ccdcmb.sys><Nokia>
[Nokia USB Generic / nmwcdc][Stopped/Manual Start]
  <system32\drivers\ccdcmbo.sys><Nokia>
[Nokia USB Flashing Phone Parent / nmwcdnsu][Stopped/Manual Start]
  <system32\drivers\nmwcdnsu.sys><Nokia>
[Nokia USB Flashing Generic / nmwcdnsuc][Stopped/Manual Start]
  <system32\drivers\nmwcdnsuc.sys><Nokia>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PAC7302 VGA USB Camera / PAC7302][Running/Manual Start]
  <system32\DRIVERS\PAC7302.SYS><PixArt Imaging Inc.>
[PCCS Mode Change Filter Driver / pccsmcfd][Stopped/Manual Start]
  <system32\DRIVERS\pccsmcfd.sys><Nokia>
[VSO Software pcouffin / pcouffin][Running/Manual Start]
  <System32\Drivers\pcouffin.sys><VSO Software>
[PSI / PSI][Running/Manual Start]
  <system32\DRIVERS\psi_mf.sys><Secunia>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SASDIFSV / SASDIFSV][Running/System Start]
  <\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS><SUPERAdBlocker.com and SUPERAntiSpyware.com>
[SASENUM / SASENUM][Running/Manual Start]
  <\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS><SUPERAdBlocker.com and SUPERAntiSpyware.com>
[SASKUTIL / SASKUTIL][Running/System Start]
  <\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS><SUPERAdBlocker.com and SUPERAntiSpyware.com>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[upperdev / upperdev][Stopped/Manual Start]
  <system32\DRIVERS\usbser_lowerflt.sys><Nokia>
[UsbserFilt / UsbserFilt][Stopped/Manual Start]
  <system32\DRIVERS\usbser_lowerfltj.sys><Nokia>
[Virtual Serial port driver / VComm][Stopped/Manual Start]
  <system32\DRIVERS\VComm.sys><N/A>
[Bluetooth VComm Manager Service / VcommMgr][Stopped/Manual Start]
  <System32\Drivers\VcommMgr.sys><N/A>

==================================
Browser Add-ons
[WebTransBHO Class]
  {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} <C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll, >
[Easy Photo Print]
  {9421DD08-935F-4701-A9CA-22DF90AC4EA6} <C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll, SEIKO EPSON CORPORATION / CyCom Technology Corp.>
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435b-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, (Signed) Sun Microsystems, Inc.>
[JQSIEStartDetectorImpl Class]
  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, (Signed) Sun Microsystems, Inc.>
[EpsonToolBandKicker Class]
  {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, SEIKO EPSON CORPORATION>
[ToolBarButton Class]
  {7E6A20FB-153F-402c-A84B-1A64E1955D3D} <C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll, >
[ICQ7]
  {88EB38EF-4D2C-436D-ABD3-56B232674062} <C:\Program Files\ICQ7.0\ICQ.exe, (Signed) ICQ, LLC.>
[&Zdroje informací]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[MenuItem3 Class]
  {CC963627-B1DC-40E0-B52A-CF21EE748449} <C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll, >
[MenuItem4 Class]
  {CC963627-B1DC-40E0-B52A-CF21EE748450} <C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll, >
[MenuItem2 Class]
  {CC963627-B1DC-40E0-B52A-CF21EE748451} <C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll, >
[MenuItem1 Class]
  {CC963627-B1DC-40E0-B52A-CF21EE748452} <C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll, >
[@btrez.dll,-4015]
  {CCA281CA-C863-46ef-9331-5C8D4460577F} <, >
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[WebTranslator]
  {BFC32E1D-EE75-4A48-BC60-104E11EE2431} <C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll, >
[EPSON Web-To-Page]
  {EE5D279F-081B-4404-994D-C6B60AAEBA6D} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, SEIKO EPSON CORPORATION>
[Easy Photo Print]
  {9421DD08-935F-4701-A9CA-22DF90AC4EA6} <C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll, SEIKO EPSON CORPORATION / CyCom Technology Corp.>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[Java Plug-in 1.6.0_19]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_19]
  {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_19]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_19.dll, (Signed) Sun Microsystems, Inc.>
[]
  {00000000-0000-0000-0000-000000000000} <, >
[]
  {000123B4-9B42-4900-B3F7-F4B073EFC214} <, >
[]
  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <, >
[]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <, >
[]
  {22BF413B-C6D2-4D91-82A9-A0F997BA588C} <, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <, >
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[WebTransBHO Class]
  {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} <C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll, >
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation>
[Microsoft Office Control]
  {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~2\OFFICE11\AUTHZAX.DLL, (Signed) Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Microsoft Terminal Services Client Control (redist)]
  {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
  {5067A26B-1337-4436-8AFE-EE169C2DA79F} <, >
[isInstalled Class]
  {5852F5ED-8BF4-11D4-A245-0080C6F74284} <C:\Program Files\Java\jre6\bin\wsdetect.dll, (Signed) Sun Microsystems, Inc.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[]
  {67DABFBF-D0AB-41FA-9C46-CC0F21721616} <, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[Microsoft Terminal Services Client Control (redist)]
  {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
  {7530BFB8-7293-4D34-9923-61A11451AFC5} <, >
[Microsoft Terminal Services Client Control (redist)]
  {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
  {77BF5300-1474-4EC7-9980-D32B190E9B07} <, >
[]
  {7854F00C-DC77-477E-A10E-603F48442D3B} <, >
[ToolBarButton Class]
  {7E6A20FB-153F-402C-A84B-1A64E1955D3D} <C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll, >
[]
  {855F3B16-6D32-4FE6-8A56-BBB695989046} <, >
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[XML DOM Document 6.0]
  {88D96A05-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 6.0]
  {88D96A06-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[XSL Template 6.0]
  {88D96A08-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[XML HTTP 6.0]
  {88D96A0A-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[]
  {88EB38EF-4D2C-436D-ABD3-56B232674062} <, >
[Microsoft Terminal Services Client Control (redist)]
  {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[Easy Photo Print]
  {9421DD08-935F-4701-A9CA-22DF90AC4EA6} <C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll, SEIKO EPSON CORPORATION / CyCom Technology Corp.>
[]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <, >
[]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <, >
[&Diskuse]
  {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} <shdocvw.dll, Microsoft Corporation>
[WebTranslator]
  {BFC32E1D-EE75-4A48-BC60-104E11EE2431} <C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll, >
[]
  {C55BBCD6-41AD-48AD-9953-3609C48EACC7} <, >
[Adobe PDF Reader]
  {CA8A9780-280D-11CF-A24D-444553540000} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll, (Signed) Adobe Systems, Inc.>
[Java Plug-in 1.6.0_17]
  {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Deployment Toolkit]
  {CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} <C:\WINDOWS\system32\deploytk.dll, (Signed) Sun Microsystems, Inc.>
[MenuItem3 Class]
  {CC963627-B1DC-40E0-B52A-CF21EE748449} <C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll, >
[MenuItem4 Class]
  {CC963627-B1DC-40E0-B52A-CF21EE748450} <C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll, >
[MenuItem2 Class]
  {CC963627-B1DC-40E0-B52A-CF21EE748451} <C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll, >
[MenuItem1 Class]
  {CC963627-B1DC-40E0-B52A-CF21EE748452} <C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll, >
[]
  {CCA281CA-C863-46EF-9331-5C8D4460577F} <, >
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__AVI Moniker Class]
  {CD3AFA88-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Microsoft Url Search Hook]
  {CFBFAE00-17A6-11D0-99CB-00C04FD64497} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx, (Signed) Adobe Systems, Inc.>
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435B-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, (Signed) Sun Microsystems, Inc.>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[]
  {E59EB121-F339-4851-A3BA-FE49C35617C2} <, >
[JQSIEStartDetectorImpl Class]
  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, (Signed) Sun Microsystems, Inc.>
[EpsonToolBandKicker Class]
  {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, SEIKO EPSON CORPORATION>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[EPSON Web-To-Page]
  {EE5D279F-081B-4404-994D-C6B60AAEBA6D} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, SEIKO EPSON CORPORATION>
[]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <, >
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[&Zdroje informací]
  {FF059E31-CC5A-4E2E-BF3B-96E929D65503} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[Google Update Plugin]
  {FF4E22ED-17D0-4D43-AD6F-E53D11FA3C61} <C:\Documents and Settings\Mirek\Local Settings\Data aplikací\Google\Update\1.2.183.23\npGoogleOneClick8.dll, (Signed) Google Inc.>
[E&xportovat do aplikace Microsoft Office Excel]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[Send to &Bluetooth Device...]
  <C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm, N/A>
[WikiKomentáře Google...]
  <res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html, N/A>

==================================
Running Processes
[PID: 548 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 656 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 680 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\Program Files\SUPERAntiSpyware\SASWINLO.dll]  [SUPERAntiSpyware.com, 1, 0, 0, 1054]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
[PID: 724 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
[PID: 736 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
[PID: 904 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 4.00.1381.9621]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
    [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.9621]
[PID: 932 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
[PID: 980 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
[PID: 1096 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
[PID: 1132 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
[PID: 1240 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
[PID: 1352 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
[PID: 1484 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
    [C:\WINDOWS\system32\bthcrp.dll]  [Broadcom Corporation., 5.1.0.1700]
    [C:\WINDOWS\system32\WidcommSdk.dll]  [Broadcom Corporation., 5.1.0.1700]
    [C:\WINDOWS\system32\wbtapi.dll]  [Broadcom Corporation., 5.1.0.1700]
    [C:\WINDOWS\system32\E_FLBEDE.DLL]  [SEIKO EPSON CORPORATION, 2, 8, 0, 0]
[PID: 284 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
[PID: 612 / SYSTEM][C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe]  [Broadcom Corporation., 5.1.0.1700]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
[PID: 632 / SYSTEM][C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe]  [ESET, 3.0.695 ]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnScan.dll]  [ESET, 3.0.695 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnAmon.dll]  [ESET, 3.0.695 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEmon.dll]  [ESET, 3.0.695 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll]  [ESET, 3.0.695 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll]  [ESET, 3.0.695 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\updater.dll]  [ESET, 3.0.695 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll]  [ESET, 3.0.695 ]
[PID: 1616 / SYSTEM][C:\Program Files\Google\Update\GoogleUpdate.exe]  [Google Inc., 1.2.183.21]
    [C:\Program Files\Google\Update\1.2.183.23\goopdate.dll]  [Google Inc., 1.2.183.23]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
[PID: 1624 / SYSTEM][C:\Program Files\Java\jre6\bin\jqs.exe]  [Sun Microsystems, Inc., 6.0.190.4]
    [C:\Program Files\Java\jre6\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
    [C:\WINDOWS\system32\netfxperf.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll]  [Microsoft Corporation, 1.1.4322.2443]
[PID: 432 / SYSTEM][C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe]  [Malwarebytes Corporation, 1.45]
    [C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll]  [Malwarebytes Corporation, 1.45]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
[PID: 1088 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
[PID: 2044 / SYSTEM][C:\WINDOWS\system32\IoctlSvc.exe]  [Prolific Technology Inc., 1, 6, 0, 0]
[PID: 248 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
[PID: 1032 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [(Verified) Microsoft Corporation, 7.4.7600.226 (winmain_wtr_wsus3sp2(wmbla).090806-1834)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
[PID: 1912 / Mirek][C:\WINDOWS\RTHDCPL.EXE]  [Realtek Semiconductor Corp., 2.1.3.6]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
    [C:\Documents and Settings\All Users\Data aplikací\LangSoft\TrnOEH.dll]  [N/A, ]
[PID: 1992 / Mirek][C:\WINDOWS\PixArt\PAC7302\Monitor.exe]  [PixArt Imaging Incorporation, 0001.0004.2006.1103]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
    [C:\Documents and Settings\All Users\Data aplikací\LangSoft\TrnOEH.dll]  [N/A, ]
[PID: 2020 / Mirek][C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe]  [ESET, 3.0.695 ]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.4053]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
    [C:\Documents and Settings\All Users\Data aplikací\LangSoft\TrnOEH.dll]  [N/A, ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\eguiScan.dll]  [ESET, 3.0.695 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll]  [ESET, 3.0.695 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll]  [ESET, 3.0.695 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll]  [ESET, 3.0.695 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll]  [ESET, 3.0.695 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll]  [ESET, 3.0.695 ]
[PID: 2060 / Mirek][C:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
    [C:\WINDOWS\system32\NvMcTray.dll]  [NVIDIA Corporation, 6.14.11.9621]
    [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.9621]
    [C:\Documents and Settings\All Users\Data aplikací\LangSoft\TrnOEH.dll]  [N/A, ]
    [C:\WINDOWS\system32\NVRSCS.DLL]  [NVIDIA Corporation, 6.14.11.9062]
[PID: 2084 / Mirek][C:\Program Files\DivX\DivX Update\DivXUpdate.exe]  [, 1.0.0.455]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
    [C:\Documents and Settings\All Users\Data aplikací\LangSoft\TrnOEH.dll]  [N/A, ]
    [C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll]  [, 1.0.0.455]
[PID: 2108 / Mirek][C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe]  [Malwarebytes Corporation, 1.45]
    [C:\Documents and Settings\All Users\Data aplikací\LangSoft\TrnOEH.dll]  [N/A, ]
[PID: 2656 / Mirek][C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE]  [, 1.0.0]
    [C:\Documents and Settings\All Users\Data aplikací\LangSoft\TrnOEH.dll]  [N/A, ]
    [C:\Documents and Settings\All Users\Data aplikací\LangSoft\TrnOET.dll]  [N/A, ]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
[PID: 2952 / Mirek][C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe]  [Nero AG, 2,0,17,0]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Documents and Settings\All Users\Data aplikací\LangSoft\TrnOEH.dll]  [N/A, ]
    [C:\Program Files\Common Files\Ahead\Lib\AdvrCntr2.dll]  [Nero AG, 10,1,7, 10900]
    [C:\Program Files\Common Files\Ahead\Lib\NMIndexingServicePS.dll]  [Nero AG, 2,0,17,0]
    [C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll]  [Nero AG, 2,0,17,0]
    [C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll]  [Nero AG, 2,0,17,0]
[PID: 3736 / Mirek][C:\Documents and Settings\Mirek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe]  [Google Inc., 1.2.183.9]
    [C:\Documents and Settings\Mirek\Local Settings\Data aplikací\Google\Update\1.2.183.23\goopdate.dll]  [Google Inc., 1.2.183.23]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
    [C:\Documents and Settings\All Users\Data aplikací\LangSoft\TrnOEH.dll]  [N/A, ]
[PID: 3760 / Mirek][C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe]  [SUPERAntiSpyware.com, 4, 34, 0, 1000]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
    [C:\Program Files\SUPERAntiSpyware\deupx.dll]  [SuperAntiSpyware.com, 1, 0, 0, 2]
    [C:\Documents and Settings\All Users\Data aplikací\LangSoft\TrnOEH.dll]  [N/A, ]
    [C:\Documents and Settings\Mirek\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL]  [N/A, ]
    [C:\Documents and Settings\Mirek\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll]  [N/A, ]
    [C:\Program Files\SUPERAntiSpyware\SASSEH.DLL]  [SuperAdBlocker.com, 1, 0, 0, 1012]
[PID: 3864 / Mirek][C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe]  [Broadcom Corporation., 5.1.0.1700]
    [C:\WINDOWS\system32\wbtapi.dll]  [Broadcom Corporation., 5.1.0.1700]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
    [C:\WINDOWS\system32\btosif.dll]  [Broadcom Corporation., 5.1.0.1700]
    [C:\WINDOWS\system32\btwhidcs.DLL]  [Broadcom Corporation., 5.1.0.1700]
    [C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll]  [Broadcom Corporation., 5.1.0.1700]
    [C:\WINDOWS\system32\btrez.dll]  [Broadcom Corporation., 5.1.0.1700]
    [C:\WINDOWS\system32\CSH.dll]  [Blue Sky Software Corporation, 2.00.039]
    [C:\Documents and Settings\All Users\Data aplikací\LangSoft\TrnOEH.dll]  [N/A, ]
    [C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll]  [N/A, ]
[PID: 3880 / Mirek][C:\Documents and Settings\Mirek\Local Settings\Data aplikací\Google\Update\1.2.183.23\GoogleCrashHandler.exe]  [Google Inc., 1.2.183.23]
    [C:\Documents and Settings\Mirek\Local Settings\Data aplikací\Google\Update\1.2.183.23\goopdate.dll]  [Google Inc., 1.2.183.23]
[PID: 3940 / Mirek][C:\Program Files\MSI\SecureDoc\Logon.exe]  [msi, 1, 1, 3E, 2]
    [C:\Documents and Settings\All Users\Data aplikací\LangSoft\TrnOEH.dll]  [N/A, ]
[PID: 4004 / Mirek][C:\Program Files\Secunia\PSI\psi.exe]  [Secunia, 1.5.0.1]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
    [C:\Documents and Settings\All Users\Data aplikací\LangSoft\TrnOEH.dll]  [N/A, ]
    [C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx]  [Adobe Systems, Inc., 10,0,45,2]
    [C:\Program Files\Secunia\PSI\psires.dll]  [N/A, ]
[PID: 2192 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
[PID: 3092 / Mirek][C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE]  [Broadcom Corporation., 5.1.0.1700]
    [C:\WINDOWS\system32\btins.dll]  [Broadcom Corporation., 5.1.0.1700]
    [C:\WINDOWS\system32\btosif.dll]  [Broadcom Corporation., 5.1.0.1700]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
    [C:\WINDOWS\system32\BtAudioHelper.dll]  [Broadcom Corporation., 5.1.0.1700]
    [C:\WINDOWS\system32\btrez.dll]  [Broadcom Corporation., 5.1.0.1700]
    [C:\WINDOWS\system32\CSH.dll]  [Blue Sky Software Corporation, 2.00.039]
    [C:\WINDOWS\system32\btosif_ol.dll]  [Broadcom Corporation., 5.1.0.1700]
    [C:\WINDOWS\system32\btosif_olx.dll]  [Broadcom Corporation., 5.1.0.1700]
    [C:\WINDOWS\system32\btosif_notes.dll]  [Broadcom Corporation., 5.1.0.1700]
    [C:\Documents and Settings\All Users\Data aplikací\LangSoft\TrnOEH.dll]  [N/A, ]
[PID: 3008 / SYSTEM][C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe]  [Nero AG, 2,0,17,0]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Ahead\Lib\NMIndexingServicePS.dll]  [Nero AG, 2,0,17,0]
    [C:\Program Files\Common Files\Ahead\Lib\NMLogCxx.dll]  [Nero AG, 2,0,17,0]
    [C:\Program Files\Common Files\Ahead\Lib\log4cxx.dll]  [Nero AG, 1, 0, 0, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll]  [Nero AG, 2,0,17,0]
[PID: 1844 / Mirek][C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe]  [Nero AG, 2,0,17,0]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
    [C:\Program Files\Common Files\Ahead\Lib\NMSQLDB.dll]  [Nero AG, 2,0,17,0]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Documents and Settings\All Users\Data aplikací\LangSoft\TrnOEH.dll]  [N/A, ]
    [C:\Program Files\Common Files\Ahead\Lib\NMLogCxx.dll]  [Nero AG, 2,0,17,0]
    [C:\Program Files\Common Files\Ahead\Lib\log4cxx.dll]  [Nero AG, 1, 0, 0, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMIndexingServicePS.dll]  [Nero AG, 2,0,17,0]
    [C:\Program Files\Common Files\Ahead\Lib\NMCoFoundation.dll]  [Nero AG, 2,0,17,0]
    [C:\Program Files\Common Files\Ahead\Lib\NMPluginBase.dll]  [Nero AG, 2,0,17,0]
    [C:\Program Files\Common Files\Ahead\Lib\NMFullTextExtraction.dll]  [Nero AG, 2,0,17,0]
    [C:\Program Files\Common Files\Ahead\Lib\NMSearchPluginSimilarImages.dll]  [Nero AG, 2,0,17,0]
    [C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll]  [Nero AG, 2,0,17,0]
    [C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll]  [Nero AG, 2,0,17,0]
[PID: 2496 / Mirek][C:\WINDOWS\explorer.exe]  [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\BROWSEUI.dll]  [Společnost Microsoft, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
    [C:\Documents and Settings\All Users\Data aplikací\LangSoft\TrnOEH.dll]  [N/A, ]
    [C:\WINDOWS\system32\btncopy.dll]  [Broadcom Corporation., 5.1.0.1700]
    [C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll]  [Nokia, 7, 1, 108, 0]
    [C:\Program Files\Nokia\Nokia PC Suite 7\NGSCM.DLL]  [Nokia, 7, 1, 156, 0]
    [C:\Program Files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr]  [Nokia, 7, 1, 69, 0]
    [C:\Program Files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr]  [Nokia, 7, 1, 21, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll]  [Nero AG, 3, 0, 0, 6]
    [C:\Program Files\Common Files\Ahead\Lib\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 9.3.0.148]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.11.9621]
    [C:\WINDOWS\system32\NVRSCS.DLL]  [NVIDIA Corporation, 6.14.11.9062]
    [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.9621]
    [C:\Program Files\NVIDIA Corporation\nView\nvshell.dll]  [, ]
    [C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll]  [N/A, ]
    [C:\Program Files\SUPERAntiSpyware\SASSEH.DLL]  [SuperAdBlocker.com, 1, 0, 0, 1012]
[PID: 3556 / Mirek][C:\WINDOWS\system32\notepad.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
    [C:\Documents and Settings\All Users\Data aplikací\LangSoft\TrnOEH.dll]  [N/A, ]
[PID: 3148 / Mirek][C:\PROGRA~1\WINZIP\winzip32.exe]  [WinZip Computing, S.L., 24.0 (32-bit)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
    [C:\PROGRA~1\WINZIP\WZEAY32.DLL]  [WinZip Computing, S.L., 0.9.7j (32-bit)]
    [C:\Documents and Settings\All Users\Data aplikací\LangSoft\TrnOEH.dll]  [N/A, ]
    [C:\PROGRA~1\WINZIP\WZCKTREE.DLL]  [WinZip Computing, S.L., 1.1 (32-bit)]
    [C:\PROGRA~1\WINZIP\WZSMTP.DLL]  [WinZip Computing, S.L., 1, 0, 8246, 0]
    [C:\PROGRA~1\WINZIP\WZVINFO.DLL]  [WinZip Computing, S.L., 1.1 (32-bit)]
    [C:\PROGRA~1\WINZIP\WZGDIP32.DLL]  [WinZip Computing, S.L., 1.1 (32-bit)]
    [C:\PROGRA~1\WINZIP\WZCAB3.DLL]  [WinZip Computing, S.L., 3.1 (32-bit)]
    [C:\PROGRA~1\WINZIP\wz32.dll]  [WinZip Computing, S.L., 24.0 (32-bit)]
    [C:\PROGRA~1\WINZIP\UNRAR.DLL]  [N/A, ]
    [C:\PROGRA~1\WINZIP\lha.dll]  [N/A, ]
    [C:\PROGRA~1\WINZIP\7zxa.dll]  [Igor Pavlov, 4.57]
    [C:\PROGRA~1\WINZIP\LDCdBldr.dll]  [Corel Inc., 1, 2, 7, 104]
    [C:\PROGRA~1\WINZIP\VirtCDRDrv.dll]  [Corel Inc., 2, 0, 4, 20]
    [C:\Program Files\SUPERAntiSpyware\SASSEH.DLL]  [SuperAdBlocker.com, 1, 0, 0, 1012]
[PID: 1864 / Mirek][C:\Documents and Settings\Mirek\Local Settings\temp\wz2b0a\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.2.1321]
[PID: 3988 / Mirek][C:\Documents and Settings\Mirek\Local Settings\temp\wz2b0a\SREcc119a52.EXE]  [Smallfrogs Studio, 2.8.2.1321]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
    [C:\Documents and Settings\All Users\Data aplikací\LangSoft\TrnOEH.dll]  [N/A, ]
[PID: 2792 / Mirek][C:\WINDOWS\system32\NOTEPAD.EXE]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3266]
    [C:\Documents and Settings\All Users\Data aplikací\LangSoft\TrnOEH.dll]  [N/A, ]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["%SYSTEMROOT%\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1       localhost

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 612, C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BIN\BTWDINS.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2656, C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\LANGSOFT\OETRN.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3864, C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BTTRAY.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3940, C:\PROGRAM FILES\MSI\SECUREDOC\LOGON.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3092, C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3148, C:\PROGRA~1\WINZIP\WINZIP32.EXE]

==================================
Scheduled Tasks
N/A

==================================
Windows Security Update Check
KB940157,  Služba Windows Search 4.0 pro systém Windows XP (KB940157) 
KB928416,  Sada Microsoft .NET Framework 3.0: x86 Language Pack (KB928416) 
KB909520,  Balíček Základní zprostředkovatel kryptografických služeb společnosti Microsoft pro čipové karty: x86 (KB909520) 
KB909520,  Office Live Add-in 1.4 
KB909520,  Windows Live Essentials 
KB979202,  Microsoft Silverlight (KB979202) 

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

miruska27 · Příspěvekod **miruska27** » 13 dub 2010 08:13

Přidám ještě log z HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:11:59, on 13.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mirek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SecureDoc.lnk = C:\Program Files\MSI\SecureDoc\Logon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8174778140
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8356 bytes

Příspěvekod **jaro3** » 13 dub 2010 11:43

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

Zkontroluj chyby na HDD a RAM Memtestem, vypadá to spíše na chby v HW.
SREng taky nic neukázal.

Můžeš ještě provést celkovou náhradu souborů windows:

Stáhni si Dial-a-fix

Klikni na kladívko-další možnosti:

SFC scan - Spustí nástroj pro kontrolu systémových souborů (případná potřeba instalačního media Windows).

Klikni na službu a potom na GO.

Tady je to vše..

Prosím o kontrolu logu HJT

Prosím o kontrolu logu HJT

Re: Prosím o kontrolu logu HJT

Re: Prosím o kontrolu logu HJT

Re: Prosím o kontrolu logu HJT

Re: Prosím o kontrolu logu HJT

Re: Prosím o kontrolu logu HJT

Re: Prosím o kontrolu logu HJT

Re: Prosím o kontrolu logu HJT

Re: Prosím o kontrolu logu HJT

Kdo je online