Explorer.exe

[ROMIK]

Zdravím,mám takový dotaz průzkumník explorer.exe mi docela hodně ujídá RAM kolem 60MB.
Vytížení není problém.Na co bych se mněl zaměřit?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:47, on 16.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\ibmpmsvc.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Intel\WiFi\bin\S24EvMon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\crypserv.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\Intel\WiFi\bin\EvtEng.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Intel\WiFi\bin\WLKeeper.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\WINDOWS\system32\rundll32.exe
D:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
D:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
D:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
E:\Dokumenty\Pro system XP,98 atd!\speedswitchxp-czechbymikrom\SpeedswitchXP_CZ\SpeedswitchXP.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\wbem\unsecapp.exe
D:\Program Files\uTorrent\utorrent.exe
D:\Program Files\Maxthon\Maxthon.exe
E:\Dokumenty\Pro system XP,98 atd!\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.cz/home/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Dokumenty\Na stahování\FlashGetPortable\App\FlashGet\jccatch.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - D:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: CHelper Class - {99A7C4DD-B2E6-4CA0-BB6E-737A61364155} - D:\PROGRA~1\EUROTR~1\e2003i.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Dokumenty\Na stahování\FlashGetPortable\App\FlashGet\getflash.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] D:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe D:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe D:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] D:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] D:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [SynTPLpr] D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 D:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IntelZeroConfig] "D:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "D:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKCU\..\Run: [SpeedswitchXP] E:\Dokumenty\Pro system XP,98 atd!\speedswitchxp-czechbymikrom\SpeedswitchXP_CZ\SpeedswitchXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Stáhnout FlashGetem - E:\Dokumenty\Na stahování\FlashGetPortable\App\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stáhnout všechny FlashGetem - E:\Dokumenty\Na stahování\FlashGetPortable\App\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - D:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra 'Tools' menuitem: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - D:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-be ... canner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - D:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - D:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - D:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: organiser database (organiserservice) - Unknown owner - D:\PROGRA~1\VIVIDW~1\ORGANI~1.EXE (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - D:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - D:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - D:\Program Files\Intel\WiFi\bin\WLKeeper.exe

[motji]

Dobrý večer
Poprosím o log ze rsitu, viz můj podpis

[ROMIK]

Logfile of random's system information tool 1.06 (written by random/random)
Run by ROMAN at 2010-03-16 19:38:30
Systém Microsoft Windows XP Professional Service Pack 2
System drive D: has 59 GB (75%) free of 79 GB
Total RAM: 1023 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38:39, on 16.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\ibmpmsvc.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Intel\WiFi\bin\S24EvMon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\crypserv.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\Intel\WiFi\bin\EvtEng.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Intel\WiFi\bin\WLKeeper.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\WINDOWS\system32\rundll32.exe
D:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
D:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
D:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
E:\Dokumenty\Pro system XP,98 atd!\speedswitchxp-czechbymikrom\SpeedswitchXP_CZ\SpeedswitchXP.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\wbem\unsecapp.exe
D:\Program Files\uTorrent\utorrent.exe
D:\Program Files\Seznam\Postak\Postak.exe
D:\Program Files\Maxthon\Maxthon.exe
E:\Dokumenty\RSIT.exe
E:\Dokumenty\Pro system XP,98 atd!\HijackThis\ROMAN.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.cz/home/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Dokumenty\Na stahování\FlashGetPortable\App\FlashGet\jccatch.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - D:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: CHelper Class - {99A7C4DD-B2E6-4CA0-BB6E-737A61364155} - D:\PROGRA~1\EUROTR~1\e2003i.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Dokumenty\Na stahování\FlashGetPortable\App\FlashGet\getflash.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] D:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe D:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe D:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] D:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] D:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [SynTPLpr] D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 D:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IntelZeroConfig] "D:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "D:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKCU\..\Run: [SpeedswitchXP] E:\Dokumenty\Pro system XP,98 atd!\speedswitchxp-czechbymikrom\SpeedswitchXP_CZ\SpeedswitchXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Stáhnout FlashGetem - E:\Dokumenty\Na stahování\FlashGetPortable\App\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stáhnout všechny FlashGetem - E:\Dokumenty\Na stahování\FlashGetPortable\App\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - D:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra 'Tools' menuitem: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - D:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-be ... canner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - D:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - D:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - D:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: organiser database (organiserservice) - Unknown owner - D:\PROGRA~1\VIVIDW~1\ORGANI~1.EXE (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - D:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - D:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - D:\Program Files\Intel\WiFi\bin\WLKeeper.exe

--
End of file - 10021 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\1-Click Maintenance.job
D:\WINDOWS\tasks\BMMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-06-28 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - E:\Dokumenty\Na stahování\FlashGetPortable\App\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - D:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99A7C4DD-B2E6-4CA0-BB6E-737A61364155}]
CHelper Class - D:\PROGRA~1\EUROTR~1\e2003i.dll [2008-03-17 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - E:\Dokumenty\Na stahování\FlashGetPortable\App\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-06-28 520192]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=D:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE [2007-02-06 344064]
"SoundMAXPnP"=D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-04-01 1368064]
"SynTPEnh"=D:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-08-10 512000]
"BMMMONWND"=D:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll [2005-04-20 396288]
"BLOG"=D:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL [2005-04-20 208896]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"TPHOTKEY"=D:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [2006-10-02 94208]
"BMMLREF"=D:\Program Files\ThinkPad\Utilities\BMMLREF.EXE [2005-04-20 20480]
"SynTPLpr"=D:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2007-08-10 110592]
"BMMGAG"=RunDll32 D:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor []
"egui"=D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-10-07 1461080]
"IntelZeroConfig"=D:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [2008-10-16 1368064]
"IntelWireless"=D:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2008-10-16 1191936]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpeedswitchXP"=E:\Dokumenty\Pro system XP,98 atd!\speedswitchxp-czechbymikrom\SpeedswitchXP_CZ\SpeedswitchXP.exe [2006-07-14 626688]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-10-24 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
D:\WINDOWS\system32\Ati2evxx.dll [2007-02-06 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
D:\WINDOWS\system32\notifyf2.dll [2005-07-05 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
D:\WINDOWS\system32\tphklock.dll [2005-11-30 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"MaxRecentDocs"=6
"NoDriveAutoRun"=0
"NoDrives"=00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe"="D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"D:\Program Files\uTorrent\utorrent.exe"="D:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"E:\Dokumenty\Na stahování\FlashGetPortable\App\FlashGet\FlashGet.exe"="E:\Dokumenty\Na stahování\FlashGetPortable\App\FlashGet\FlashGet.exe:*:Enabled:FlashGet"
"D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe"="D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe:*:Enabled:ESET NOD32 Antivirus"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba36d0a3-f43d-11dc-ba9d-00096b42b2fb}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2010-03-16 19:38:30 ----D---- D:\rsit
2010-03-15 19:44:57 ----D---- D:\Documents and Settings\ROMAN\Data aplikací\Intel
2010-03-15 19:44:32 ----D---- D:\Program Files\Common Files\Intel
2010-03-15 19:44:32 ----D---- D:\Documents and Settings\All Users\Data aplikací\Intel
2010-03-15 19:33:10 ----D---- D:\Program Files\Intel
2010-03-10 15:10:57 ----HDC---- D:\WINDOWS\$NtUninstallKB975561$
2010-03-07 18:38:42 ----AD---- D:\Program Files\Opera
2010-02-24 17:17:20 ----HDC---- D:\WINDOWS\$NtUninstallKB979306$
2010-02-17 18:07:30 ----A---- D:\WINDOWS\system32\softingedicdriver.ini
2010-02-17 18:07:30 ----A---- D:\WINDOWS\system32\conmansrv.exe
2010-02-17 18:07:00 ----A---- D:\WINDOWS\system32\conmansrv.ini

======List of files/folders modified in the last 1 months======

2010-03-16 19:38:35 ----D---- D:\WINDOWS\Prefetch
2010-03-16 19:38:19 ----D---- D:\Documents and Settings\ROMAN\Data aplikací\uTorrent
2010-03-16 19:37:32 ----D---- D:\WINDOWS\Temp
2010-03-16 18:17:28 ----D---- D:\WINDOWS\system32\CatRoot2
2010-03-16 15:18:55 ----AD---- D:\WINDOWS
2010-03-15 22:14:19 ----N---- D:\WINDOWS\SchedLgU.Txt
2010-03-15 22:04:26 ----A---- D:\WINDOWS\wincmd.ini
2010-03-15 22:03:55 ----A---- D:\WINDOWS\wcx_ftp.ini
2010-03-15 20:04:12 ----SHD---- D:\WINDOWS\Installer
2010-03-15 19:45:39 ----D---- D:\WINDOWS\system32\drivers
2010-03-15 19:45:37 ----HD---- D:\WINDOWS\inf
2010-03-15 19:45:21 ----D---- D:\WINDOWS\system32
2010-03-15 19:45:14 ----D---- D:\WINDOWS\system32\CatRoot
2010-03-15 19:44:32 ----D---- D:\Program Files\Common Files
2010-03-15 19:43:10 ----A---- D:\WINDOWS\system32\results.txt
2010-03-15 19:33:10 ----RD---- D:\Program Files
2010-03-15 17:47:26 ----D---- D:\WINDOWS\system32\ReinstallBackups
2010-03-15 16:52:03 ----D---- D:\WINDOWS\Debug
2010-03-15 16:19:39 ----DC---- D:\WINDOWS\system32\DRVSTORE
2010-03-14 17:50:40 ----A---- D:\WINDOWS\TRNCOM.INI
2010-03-11 21:26:55 ----A---- D:\WINDOWS\NeroDigital.ini
2010-03-10 16:14:50 ----A---- D:\WINDOWS\WTRAN32.INI
2010-03-10 15:11:06 ----RSHDC---- D:\WINDOWS\system32\dllcache
2010-03-10 15:11:03 ----D---- D:\Program Files\Movie Maker
2010-03-10 15:10:01 ----HD---- D:\WINDOWS\$hf_mig$
2010-03-08 15:26:36 ----A---- D:\WINDOWS\MAILTRAN.INI
2010-03-02 19:06:22 ----D---- D:\Documents and Settings\ROMAN\Data aplikací\MxBoost
2010-03-02 06:30:12 ----A---- D:\WINDOWS\system32\MRT.exe
2010-02-23 21:44:21 ----A---- D:\WINDOWS\netedic.ini
2010-02-23 21:44:21 ----A---- D:\WINDOWS\hwedic.ini
2010-02-17 18:34:11 ----RSD---- D:\WINDOWS\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; D:\WINDOWS\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdir;epfwtdir; D:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-10-07 35168]
R1 fwdrv;Firewall Driver; D:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 286720]
R1 intelppm;Řadič procesoru Intel; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 khips;Kerio HIPS Driver; D:\WINDOWS\system32\drivers\khips.sys [2005-09-26 81920]
R1 NetworkX;NetworkX; D:\WINDOWS\system32\ckldrv.sys [2008-08-22 21638]
R1 SASDIFSV;SASDIFSV; \??\D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 TPHKDRV;TPHKDRV; D:\WINDOWS\system32\drivers\TPHKDRV.sys [2005-07-05 17699]
R1 TPPWR;TPPWR; D:\WINDOWS\System32\drivers\Tppwr.sys [2005-04-20 16384]
R2 eamon;EAMON; D:\WINDOWS\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R2 irda;Protokol IrDA; D:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 s24trans;WLAN Transport; D:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-08-13 11904]
R3 aeaudio;aeaudio; D:\WINDOWS\system32\drivers\aeaudio.sys [2004-04-07 116176]
R3 AgereSoftModem;Agere Systems Soft Modem; D:\WINDOWS\system32\DRIVERS\AGRSM.sys [2003-06-27 1196352]
R3 ati2mtag;ati2mtag; D:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-02-06 1133568]
R3 CmBatt;Microsoft AC Adapter Driver; D:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 E100B;Intel(R) PRO Adapter Driver; D:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-09-25 140800]
R3 esihdrv;esihdrv; \??\D:\DOCUME~1\ROMAN\LOCALS~1\Temp\esihdrv.sys []
R3 IBMPMDRV;IBMPMDRV; D:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2009-03-19 25000]
R3 NSCIRDA;NSC Infrared Device Driver; D:\WINDOWS\system32\DRIVERS\nscirda.sys [2004-08-04 28672]
R3 Rasirda;WAN Miniport (IrDA); D:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smwdm;smwdm; D:\WINDOWS\system32\drivers\smwdm.sys [2004-06-23 266880]
R3 SynTP;Synaptics TouchPad Driver; D:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-08-10 177664]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; D:\WINDOWS\system32\DRIVERS\w29n51.sys [2008-01-07 2216064]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller; D:\WINDOWS\System32\Drivers\ousbehci.sys [2002-12-24 39040]
S3 ac97intc;Služba instalace zvukového ovladače Intel(r) (WDM); D:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\D:\WINDOWS\system32\ASNDIS5.SYS []
S3 BthEnum;Ovladač pro Bluetooth Request Block; D:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; D:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); D:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Ovladač portu Bluetooth; D:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHprint;Třída tiskárny protokolu Bluetooth (Microsoft); D:\WINDOWS\system32\DRIVERS\bthprint.sys [2004-08-03 35456]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; D:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 FTD2XX;OPCOMUSB.SYS OP-COM USB device driver; D:\WINDOWS\System32\Drivers\OPCOMUSB.sys [2005-12-15 34639]
S3 FTDIBUS;USB Serial Converter Driver; D:\WINDOWS\system32\drivers\ftdibus.sys [2006-05-18 47249]
S3 FTSER2K;USB Serial Port Driver; D:\WINDOWS\system32\drivers\ftser2k.sys [2006-05-18 61067]
S3 HidBth;Miniport Bluetooth HID Microsoft; D:\WINDOWS\system32\DRIVERS\hidbth.sys [2004-08-17 25600]
S3 HidUsb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 LucentSoftModem;Lucent Technologies Soft Modem; D:\WINDOWS\system32\DRIVERS\LTSM.sys [2001-08-17 802683]
S3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSIRCOMM;Microsoft IR Communications Driver; D:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-03 22016]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support; D:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2002-12-24 54016]
S3 PC2TVMirror;PC2TVMirror_Display_Driver; D:\WINDOWS\system32\DRIVERS\PC2TVMirror.sys []
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); D:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 RT2500;AsusTek RT2500 Wireless Driver; D:\WINDOWS\system32\DRIVERS\RT2500.sys [2004-07-29 211072]
S3 RT-USB;Ross-Tech USB driver; D:\WINDOWS\system32\drivers\RT-USB.sys [2009-05-21 58880]
S3 SASENUM;SASENUM; \??\D:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SmokXX;SmokXX.SYS FT8U2XX device driver; D:\WINDOWS\System32\Drivers\SmokXX.sys [2008-08-14 29292]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); D:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 TpUsb;TpUsb Driver (TpUsb.sys); D:\WINDOWS\System32\Drivers\TpUsb.sys [2003-07-24 77952]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; D:\WINDOWS\system32\Ati2evxx.exe [2007-02-06 364544]
R2 BthServ;Bluetooth Support Service; D:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 Crypkey License;Crypkey License; D:\WINDOWS\system32\crypserv.exe [2008-05-08 122880]
R2 ekrn;Eset Service; D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-07 472280]
R2 EvtEng;Intel® PROSet/Wireless Event Log; D:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-10-16 860160]
R2 IBMPMSVC;ThinkPad PM Service; D:\WINDOWS\system32\ibmpmsvc.exe [2009-03-19 38176]
R2 Irmon;Sledování infračerveného přenosu; D:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 KPF4;Kerio Personal Firewall 4; D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe [2005-10-10 1617920]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-10-16 466944]
R2 S24EventMonitor;Intel® PROSet/Wireless WiFi Service; D:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2008-10-16 905216]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UxTuneUp;TuneUp Theme Extension; D:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; D:\Program Files\Intel\WiFi\bin\WLKeeper.exe [2008-10-16 348160]
S2 organiserservice;organiser database; D:\PROGRA~1\VIVIDW~1\ORGANI~1.EXE -zglaxservice organiserservice []
S3 EhttpSrv;Eset HTTP Server; D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-10-07 20680]
S3 WiselinkPro;SAMSUNG WiselinkPro Service; D:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2009-10-20 4708864]

-----------------EOF-----------------

[motji]

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe


- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

[ROMIK]

ComboFix 10-03-16.01 - ROMAN 17.03.2010 12:28:22.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.631 [GMT 1:00]
Spuštěný z: d:\documents and settings\ROMAN\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *disabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
* Rezidentní štít AV je zapnutý


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\d.ini
d:\windows\system32\ieuinit.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-17 do 2010-03-17 )))))))))))))))))))))))))))))))
.

2010-03-16 18:38 . 2010-03-16 18:38 -------- d-----w- D:\rsit
2010-03-15 18:44 . 2010-03-15 18:44 -------- d-----w- d:\program files\Common Files\Intel
2010-03-15 18:33 . 2010-03-15 18:44 -------- d-----w- d:\program files\Intel
2010-03-07 17:38 . 2010-03-16 19:30 -------- d---a-w- d:\program files\Opera
2010-02-17 17:08 . 2003-07-24 15:43 77952 ----a-w- d:\windows\system32\drivers\TpUsb.sys
2010-02-17 17:07 . 2008-11-05 15:39 79112 ----a-w- d:\windows\system32\conmansrv.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-20 18:03 . 2010-02-20 18:00 14985 ----a-w- d:\windows\system32\drivers\fwdrv.err
2010-02-11 14:19 . 2010-01-03 12:35 -------- d-----w- d:\program files\Vivid WorkshopData ATI
2010-02-08 15:03 . 2008-03-27 16:18 4 ----a-w- d:\windows\vx86036.dat
2010-01-31 13:06 . 2010-01-30 13:22 -------- d-----w- d:\program files\Canon
2010-01-31 10:38 . 2008-04-17 17:28 -------- d-----w- d:\program files\WinHex
2010-01-30 13:25 . 2010-01-30 13:25 -------- d--h--w- d:\program files\CanonBJ
2009-12-31 16:14 . 2004-08-03 22:14 352640 ----a-w- d:\windows\system32\drivers\srv.sys
2009-12-25 09:37 . 2001-10-25 12:00 46394 ----a-w- d:\windows\system32\perfc005.dat
2009-12-25 09:37 . 2001-10-25 12:00 310228 ----a-w- d:\windows\system32\perfh005.dat
2009-12-22 05:42 . 2004-08-17 14:49 663040 ----a-w- d:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-17 14:49 81920 ----a-w- d:\windows\system32\ieencode.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedswitchXP"="e:\dokumenty\Pro system XP" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="d:\program files\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [2007-02-06 344064]
"SoundMAXPnP"="d:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"SynTPEnh"="d:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-10 512000]
"BMMMONWND"="d:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-20 396288]
"BLOG"="d:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-20 208896]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
"TPHOTKEY"="d:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 94208]
"BMMLREF"="d:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480]
"SynTPLpr"="d:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-10 110592]
"BMMGAG"="d:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 110592]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"IntelZeroConfig"="d:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-10-16 1368064]
"IntelWireless"="d:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-10-16 1191936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 6 (0x6)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="d:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-24 06:35 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 22:45 28672 ----a-w- d:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 19:16 24576 ----a-w- d:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe"
"NeroFilterCheck"=d:\windows\system32\NeroCheck.exe
"SoundMAX"="d:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"CanonMyPrinter"=d:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"IJNetworkScanUtility"=d:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
"CanonSolutionMenu"=d:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"d:\\Program Files\\uTorrent\\utorrent.exe"=
"e:\\Dokumenty\\Na stahování\\FlashGetPortable\\App\\FlashGet\\FlashGet.exe"=
"d:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 d347bus;d347bus;d:\windows\system32\drivers\d347bus.sys [17.3.2008 17:43 155136]
R0 d347prt;d347prt;d:\windows\system32\drivers\d347prt.sys [17.3.2008 17:43 5248]
R1 epfwtdir;epfwtdir;d:\windows\system32\drivers\epfwtdir.sys [24.10.2008 19:53 35168]
R1 fwdrv;Firewall Driver;d:\windows\system32\drivers\fwdrv.sys [26.9.2005 10:05 286720]
R1 khips;Kerio HIPS Driver;d:\windows\system32\drivers\khips.sys [26.9.2005 10:05 81920]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV.SYS [28.5.2008 10:33 9968]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.5.2008 10:33 74480]
R1 TPPWR;TPPWR;d:\windows\system32\drivers\TPPWR.SYS [17.3.2008 10:11 16384]
R2 ekrn;Eset Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.10.2009 9:16 472280]
S2 organiserservice;organiser database;d:\progra~1\VIVIDW~1\ORGANI~1.EXE -zglaxservice organiserservice --> d:\progra~1\VIVIDW~1\ORGANI~1.EXE -zglaxservice organiserservice [?]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;d:\windows\system32\drivers\ousbehci.sys [31.1.2002 23:39 39040]
S3 BTHprint;Třída tiskárny protokolu Bluetooth (Microsoft);d:\windows\system32\drivers\BTHPRINT.SYS [23.1.2009 21:32 35456]
S3 esihdrv;esihdrv;\??\d:\docume~1\ROMAN\LOCALS~1\Temp\esihdrv.sys --> d:\docume~1\ROMAN\LOCALS~1\Temp\esihdrv.sys [?]
S3 FTD2XX;OPCOMUSB.SYS OP-COM USB device driver;d:\windows\system32\drivers\OPCOMUSB.sys [30.4.2009 14:56 34639]
S3 LucentSoftModem;Lucent Technologies Soft Modem;d:\windows\system32\drivers\LTSM.sys [17.3.2008 9:42 802683]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;d:\windows\system32\drivers\ousb2hub.sys [31.1.2002 23:39 54016]
S3 PC2TVMirror;PC2TVMirror_Display_Driver;d:\windows\system32\DRIVERS\PC2TVMirror.sys --> d:\windows\system32\DRIVERS\PC2TVMirror.sys [?]
S3 RT-USB;Ross-Tech USB driver;d:\windows\system32\drivers\RT-USB.SYS [15.4.2008 17:38 58880]
S3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [28.5.2008 10:33 7408]
S3 SmokXX;SmokXX.SYS FT8U2XX device driver;d:\windows\system32\drivers\SmokXX.sys [7.9.2008 9:13 29292]
S3 TpUsb;TpUsb Driver (TpUsb.sys);d:\windows\system32\drivers\TpUsb.sys [17.2.2010 18:08 77952]
S3 WiselinkPro;SAMSUNG WiselinkPro Service;d:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [20.10.2009 14:49 4708864]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-02-19 d:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 12:39]

2010-01-24 d:\windows\Tasks\BMMTask.job
- d:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2008-03-17 00:38]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.tiscali.cz/home/
IE: &Stáhnout FlashGetem - e:\dokumenty\Na stahování\FlashGetPortable\App\FlashGet\jc_link.htm
IE: &Stáhnout všechny FlashGetem - e:\dokumenty\Na stahování\FlashGetPortable\App\FlashGet\jc_all.htm
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - d:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - d:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - d:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - d:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: {{572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - {DB7FBFE3-82CB-49E0-9C41-39C2A80B4966} - d:\progra~1\EUROTR~1\e2003i.dll
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
Trusted Zone: mojebanka.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-HijackThis - e:\dokumenty\Pro system XP



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-17 12:40
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86393918]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf78a5fc3
\Driver\ACPI -> ACPI.sys @ 0xf77f2cb8
\Driver\atapi -> 0x86393918
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1008)
d:\windows\system32\IWPDGINA.DLL
d:\program files\Intel\WiFi\bin\LangResources\CSY\SsoGnCSY.dll
d:\program files\SUPERAntiSpyware\SASWINLO.DLL
d:\windows\system32\Ati2evxx.dll
d:\windows\system32\tphklock.dll
d:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(4060)
d:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
d:\windows\system32\netprovcredman.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\windows\system32\ibmpmsvc.exe
d:\windows\system32\Ati2evxx.exe
d:\program files\Intel\WiFi\bin\S24EvMon.exe
d:\windows\system32\crypserv.exe
d:\program files\Intel\WiFi\bin\EvtEng.exe
d:\program files\Kerio\Personal Firewall 4\kpf4ss.exe
d:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
d:\program files\Analog Devices\SoundMAX\SMAgent.exe
d:\program files\Intel\WiFi\bin\WLKeeper.exe
d:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
d:\windows\system32\Ati2evxx.exe
d:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
d:\windows\system32\rundll32.exe
d:\windows\system32\RunDll32.exe
d:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
e:\dokumenty\Pro system XP,98 atd!\speedswitchxp-czechbymikrom\SpeedswitchXP_CZ\SpeedswitchXP.exe
d:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2010-03-17 12:45:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-17 11:45

Před spuštěním: Volných bajtů: 62 625 300 480
Po spuštění: Volných bajtů: 62 611 644 416

- - End Of File - - 3F40B95C1BCC4CB64EEC32D19BAC96B1

[motji]

používáte Daemon nebo alcohol?

Otestujte na www.virustotal.com

d:\windows\system32\drivers\OPCOMUSB.sys
d:\windows\system32\drivers\TpUsb.sys
d:\windows\system32\DRIVERS\PC2TVMirror.sys
d:\progra~1\VIVIDW~1\ORGANI~1.EXe
d:\windows\system32\drivers\TpUsb.sys
d:\windows\system32\conmansrv.exe



-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.

[ROMIK]

Ano pužívám Daemon v3.47 ,kdysi jsem používal alcohol.
Jinak tohle "d:\windows\system32\DRIVERS\PC2TVMirror.sys" jsem nenašel
ale vím co to bylo kdy jsem to používal.Je to drivers pro WELL PTI-5020 PC2TV
bezdrátový přenos obrazu.
Jinak v tom vašém seznamu na otestování jsou dva stejné soubory "d:\windows\system32\drivers\TpUsb.sys"

http://www.virustotal.com/cs/analisis/a ... 1268831742
http://www.virustotal.com/cs/analisis/d ... 1268832071
-----Nenašel jsem----
http://www.virustotal.com/cs/analisis/3 ... 1268833299
http://www.virustotal.com/cs/analisis/d ... 1268833700
http://www.virustotal.com/cs/analisis/c ... 1268834101

[motji]

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Collect::
d:\windows\system32\conmansrv.exe
d:\docume~1\ROMAN\LOCALS~1\Temp\esihdrv.sys

Driver::
esihdrv

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci



Ještě prosím otestujte na http://www.virustotal.com
d:\windows\system32\drivers\SmokXX.sys

[ROMIK]

Tu je sken d:\windows\system32\drivers\SmokXX.sys ale ten by mněl být ok

http://www.virustotal.com/cs/analisis/5 ... 1268839488

ComboFix 10-03-16.01 - ROMAN 17.03.2010 17:11:06.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.617 [GMT 1:00]
Spuštěný z: d:\documents and settings\ROMAN\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\ROMAN\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *disabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
* Rezidentní štít AV je zapnutý


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

file zipped: d:\windows\system32\conmansrv.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\system32\conmansrv.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ESIHDRV
-------\Service_esihdrv


((((((((((((((((((((((((( Soubory vytvořené od 2010-02-17 do 2010-03-17 )))))))))))))))))))))))))))))))
.

2010-03-16 18:38 . 2010-03-16 18:38 -------- d-----w- D:\rsit
2010-03-15 18:44 . 2010-03-15 18:44 -------- d-----w- d:\program files\Common Files\Intel
2010-03-15 18:33 . 2010-03-15 18:44 -------- d-----w- d:\program files\Intel
2010-03-07 17:38 . 2010-03-16 19:30 -------- d---a-w- d:\program files\Opera
2010-02-17 17:08 . 2003-07-24 15:43 77952 ----a-w- d:\windows\system32\drivers\TpUsb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-17 14:43 . 2010-01-03 12:35 -------- d-----w- d:\program files\Vivid WorkshopData ATI
2010-02-20 18:03 . 2010-02-20 18:00 14985 ----a-w- d:\windows\system32\drivers\fwdrv.err
2010-02-08 15:03 . 2008-03-27 16:18 4 ----a-w- d:\windows\vx86036.dat
2010-01-31 13:06 . 2010-01-30 13:22 -------- d-----w- d:\program files\Canon
2010-01-31 10:38 . 2008-04-17 17:28 -------- d-----w- d:\program files\WinHex
2010-01-30 13:25 . 2010-01-30 13:25 -------- d--h--w- d:\program files\CanonBJ
2009-12-31 16:14 . 2004-08-03 22:14 352640 ----a-w- d:\windows\system32\drivers\srv.sys
2009-12-25 09:37 . 2001-10-25 12:00 46394 ----a-w- d:\windows\system32\perfc005.dat
2009-12-25 09:37 . 2001-10-25 12:00 310228 ----a-w- d:\windows\system32\perfh005.dat
2009-12-22 05:42 . 2004-08-17 14:49 663040 ------w- d:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-17 14:49 81920 ----a-w- d:\windows\system32\ieencode.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedswitchXP"="e:\dokumenty\Pro system XP" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="d:\program files\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [2007-02-06 344064]
"SoundMAXPnP"="d:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"SynTPEnh"="d:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-10 512000]
"BMMMONWND"="d:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-20 396288]
"BLOG"="d:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-20 208896]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
"TPHOTKEY"="d:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 94208]
"BMMLREF"="d:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480]
"SynTPLpr"="d:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-10 110592]
"BMMGAG"="d:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 110592]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"IntelZeroConfig"="d:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-10-16 1368064]
"IntelWireless"="d:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-10-16 1191936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 6 (0x6)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="d:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-24 06:35 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 22:45 28672 ----a-w- d:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 19:16 24576 ----a-w- d:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe"
"NeroFilterCheck"=d:\windows\system32\NeroCheck.exe
"SoundMAX"="d:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"CanonMyPrinter"=d:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"IJNetworkScanUtility"=d:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
"CanonSolutionMenu"=d:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"d:\\Program Files\\uTorrent\\utorrent.exe"=
"e:\\Dokumenty\\Na stahování\\FlashGetPortable\\App\\FlashGet\\FlashGet.exe"=
"d:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 d347bus;d347bus;d:\windows\system32\drivers\d347bus.sys [17.3.2008 17:43 155136]
R0 d347prt;d347prt;d:\windows\system32\drivers\d347prt.sys [17.3.2008 17:43 5248]
R1 epfwtdir;epfwtdir;d:\windows\system32\drivers\epfwtdir.sys [24.10.2008 19:53 35168]
R1 fwdrv;Firewall Driver;d:\windows\system32\drivers\fwdrv.sys [26.9.2005 10:05 286720]
R1 khips;Kerio HIPS Driver;d:\windows\system32\drivers\khips.sys [26.9.2005 10:05 81920]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV.SYS [28.5.2008 10:33 9968]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.5.2008 10:33 74480]
R1 TPPWR;TPPWR;d:\windows\system32\drivers\TPPWR.SYS [17.3.2008 10:11 16384]
R2 ekrn;Eset Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.10.2009 9:16 472280]
R2 organiserservice;organiser database;d:\progra~1\VIVIDW~1\ORGANI~1.EXE -zglaxservice organiserservice --> d:\progra~1\VIVIDW~1\ORGANI~1.EXE -zglaxservice organiserservice [?]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;d:\windows\system32\drivers\ousbehci.sys [31.1.2002 23:39 39040]
S3 BTHprint;Třída tiskárny protokolu Bluetooth (Microsoft);d:\windows\system32\drivers\BTHPRINT.SYS [23.1.2009 21:32 35456]
S3 FTD2XX;OPCOMUSB.SYS OP-COM USB device driver;d:\windows\system32\drivers\OPCOMUSB.sys [30.4.2009 14:56 34639]
S3 LucentSoftModem;Lucent Technologies Soft Modem;d:\windows\system32\drivers\LTSM.sys [17.3.2008 9:42 802683]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;d:\windows\system32\drivers\ousb2hub.sys [31.1.2002 23:39 54016]
S3 PC2TVMirror;PC2TVMirror_Display_Driver;d:\windows\system32\DRIVERS\PC2TVMirror.sys --> d:\windows\system32\DRIVERS\PC2TVMirror.sys [?]
S3 RT-USB;Ross-Tech USB driver;d:\windows\system32\drivers\RT-USB.SYS [15.4.2008 17:38 58880]
S3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [28.5.2008 10:33 7408]
S3 SmokXX;SmokXX.SYS FT8U2XX device driver;d:\windows\system32\drivers\SmokXX.sys [7.9.2008 9:13 29292]
S3 TpUsb;TpUsb Driver (TpUsb.sys);d:\windows\system32\drivers\TpUsb.sys [17.2.2010 18:08 77952]
S3 WiselinkPro;SAMSUNG WiselinkPro Service;d:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [20.10.2009 14:49 4708864]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-02-19 d:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 12:39]

2010-01-24 d:\windows\Tasks\BMMTask.job
- d:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2008-03-17 00:38]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.tiscali.cz/home/
IE: &Stáhnout FlashGetem - e:\dokumenty\Na stahování\FlashGetPortable\App\FlashGet\jc_link.htm
IE: &Stáhnout všechny FlashGetem - e:\dokumenty\Na stahování\FlashGetPortable\App\FlashGet\jc_all.htm
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - d:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - d:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - d:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - d:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: {{572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - {DB7FBFE3-82CB-49E0-9C41-39C2A80B4966} - d:\progra~1\EUROTR~1\e2003i.dll
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
Trusted Zone: mojebanka.cz
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-17 17:23
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x863B02D8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf78a5fc3
\Driver\ACPI -> ACPI.sys @ 0xf77f2cb8
\Driver\atapi -> 0x863b02d8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1004)
d:\windows\system32\IWPDGINA.DLL
d:\program files\Intel\WiFi\bin\LangResources\CSY\SsoGnCSY.dll
d:\program files\SUPERAntiSpyware\SASWINLO.DLL
d:\windows\system32\Ati2evxx.dll
d:\windows\system32\tphklock.dll
d:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(1152)
d:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
d:\windows\system32\netprovcredman.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\windows\system32\ibmpmsvc.exe
d:\windows\system32\Ati2evxx.exe
d:\program files\Intel\WiFi\bin\S24EvMon.exe
d:\windows\system32\crypserv.exe
d:\program files\Intel\WiFi\bin\EvtEng.exe
d:\program files\Kerio\Personal Firewall 4\kpf4ss.exe
d:\progra~1\VIVIDW~1\ORGANI~1.EXE
d:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
d:\program files\Vivid WorkshopData ATI\jre\bin\javaw.exe
d:\program files\Analog Devices\SoundMAX\SMAgent.exe
d:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
d:\program files\Intel\WiFi\bin\WLKeeper.exe
d:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
d:\windows\system32\Ati2evxx.exe
d:\windows\system32\rundll32.exe
d:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
d:\windows\system32\RunDll32.exe
e:\dokumenty\Pro system XP,98 atd!\speedswitchxp-czechbymikrom\SpeedswitchXP_CZ\SpeedswitchXP.exe
d:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2010-03-17 17:28:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-17 16:28
ComboFix2.txt 2010-03-17 11:45

Před spuštěním: Volných bajtů: 62 657 646 592
Po spuštění: Volných bajtů: 62 620 786 688

- - End Of File - - F00911A66561454EB05CE0220A6B0C02

[motji]

Jak to vypadá s počítačem?


odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer


Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu


start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde

[ROMIK]

No je to pořád stejné pořád explorer.exe hodně ujídá RAM koukák teď 64MB.
Nemá na to vliv mooc hodně složek a podsložek v dokumentech?
Jinak vytížení procesů je OK žadné velké vytížení.

[motji]

můžete dát screen?

[ROMIK]

No podařilo se mi log1 a 2 s Gmer.
SPTD když spustím tak mi dáva jen na výběr install,uninstall ne.
Píše "no SPDT version was detected"
MBR exe když spustím tak jen problikne a hned se zavře,takže tam
nejde nic vepsat.
V logu je jen tohle:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Tu jsou zbylé logy:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-17 20:11:11
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: D:\DOCUME~1\ROMAN\LOCALS~1\Temp\pxtdrpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Kerio Technologies)
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Kerio Technologies)
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Kerio Technologies)
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Kerio Technologies)
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

Ten druhý log je strašně dlouhý,je tu třeba celý dát,budu ho muset rozdělit.

[ROMIK]

Teď koukám ještě jednou na ten návod na ten druhý log, hm tak nevím proč mi to udělalo takový dlouhý a trvalo to dost dlouho.

[motji]

Ten druhý log z GMeru dejte třeba na www.leteckaposta.cz
U Mbr .exe - musíte ho spustit jinak, tak jak je v návodu, přes start - spustit