Nezmazatelny Olmarik

[Moris9]

Ahoj,
uz dlhsi cas mame problem s trojskym konom Olmarikom -> "Kontrola pri štarte operačná pamäť Operačná pamäť Win32/Olmarik trójsky kôň"
Skusal som robit scan s RootRepeal ale neuspesne... sekne sa pri obrazkoch zo zalohy Google Chrome (C:\Documents and Settings\Peshu\Local Settings\Application Data\Googles\Chrome\Application\3.0.195.32\Resources\Inspector\Images\ -> 8 .png suborov) ktore nejdu zmazat (zakazany pristup) ani vo Windows XP Safe Mode a nedostane sa do nich ani Nod32. (Crash Report na konci)
Podarilo sa mi ale spravit log z ComboFix (ma tu pri tom skoro vystrelo ) ktory je nizsie.
Dufam ze to zatial staci.
Za pomoc DAKUJEM

Log z ComboFix

ComboFix 10-07-01.02 - Peshu . 07. 2010 13:33:32.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1023.704 [GMT 2:00]
Running from: c:\documents and settings\Peshu\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\Peshu\Desktop\EZ-Tracks.com.lnk
c:\documents and settings\Peshu\Start Menu\Programs\videosoft
C:\FirePassword.exe
C:\resycled
c:\windows\system32\drivers\msqpdxbhcvndes.sys
c:\windows\system32\drivers\msqpdxkbmnetqs.sys
c:\windows\system32\drivers\msqpdxomyfrlvr.sys
c:\windows\system32\drivers\msqpdxpdvbxhxi.sys
c:\windows\system32\drivers\msqpdxrnkvvvxe.sys
c:\windows\system32\drivers\msqpdxveuypdwk.sys
c:\windows\system32\drivers\msqpdxwvvmkhbo.sys
c:\windows\system32\msqpdxdqjnmewp.dll
D:\resycled
E:\resycled
F:\resycled

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_msqpdxserv.sys
-------\Legacy_msqpdxserv.sys


((((((((((((((((((((((((( Files Created from 2010-06-03 to 2010-07-03 )))))))))))))))))))))))))))))))
.

2010-06-25 08:02 . 2010-06-25 08:02 1 ----a-w- c:\documents and settings\Peshu\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-25 08:02 . 2010-06-25 08:02 -------- d-----w- c:\documents and settings\Peshu\Application Data\OpenOffice.org
2010-06-25 08:00 . 2010-06-25 08:00 -------- d-----w- c:\program files\OpenOffice.org 3
2010-06-05 14:46 . 2010-06-05 14:46 388096 ----a-r- c:\documents and settings\Peshu\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-05 14:46 . 2010-06-05 14:46 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-03 11:23 . 2008-12-29 09:25 -------- d-----w- c:\documents and settings\Peshu\Application Data\Skype
2010-07-03 11:13 . 2008-12-29 10:34 70400 ----a-w- c:\documents and settings\Peshu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-03 10:11 . 2008-12-29 09:28 -------- d-----w- c:\documents and settings\Peshu\Application Data\skypePM
2010-06-28 09:50 . 2010-02-27 19:16 -------- d-----w- c:\program files\SPlayer
2010-06-28 09:50 . 2010-02-27 19:17 -------- d-----w- c:\documents and settings\Peshu\Application Data\SPlayer
2010-06-17 09:59 . 2010-03-27 13:52 -------- d-----w- c:\documents and settings\Peshu\Application Data\vlc
2010-05-26 16:56 . 2010-05-26 16:56 71960 ----a-w- c:\documents and settings\Peshu\Application Data\Mozilla\Plugins\npoctoshape.dll
2010-05-26 16:56 . 2010-05-26 16:56 -------- d-----w- c:\documents and settings\Peshu\Application Data\Octoshape
2010-05-25 06:56 . 2010-05-25 06:56 503808 ----a-w- c:\documents and settings\Peshu\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-49c10cda-n\msvcp71.dll
2010-05-25 06:56 . 2010-05-25 06:56 499712 ----a-w- c:\documents and settings\Peshu\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-49c10cda-n\jmc.dll
2010-05-25 06:56 . 2010-05-25 06:56 348160 ----a-w- c:\documents and settings\Peshu\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-49c10cda-n\msvcr71.dll
2010-05-17 19:48 . 2010-05-17 19:48 -------- d-----w- c:\documents and settings\Peshu\Application Data\HPAppData
2010-05-14 16:36 . 2009-04-01 14:09 -------- d-----w- c:\program files\Google
2010-05-09 12:16 . 2010-05-09 12:16 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2010-05-09 12:16 . 2010-05-09 12:14 -------- d-----w- c:\documents and settings\Peshu\Application Data\HP
2010-05-09 12:16 . 2010-05-09 12:04 166615 ----a-w- c:\windows\hpoins36.dat
2010-05-09 12:14 . 2010-05-09 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-05-09 12:10 . 2008-12-29 08:38 -------- d-----w- c:\program files\HP
2010-05-09 12:09 . 2010-05-09 12:09 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-05-09 12:08 . 2008-12-29 08:42 -------- d-----w- c:\program files\Common Files\HP
2010-04-24 13:32 . 2010-04-24 13:32 921632 ----a-w- C:\PA7311.DAT
2010-04-15 14:52 . 2008-12-29 16:21 65536 ----a-w- c:\windows\OLE2VBDB.DAT
2009-05-01 09:24 . 2009-05-01 09:23 24 --sh--w- c:\windows\S96149121.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 17:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Peshu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-29 133104]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2008-10-09 200136]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-12-06 2387968]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"Octoshape Streaming Services"="c:\documents and settings\Peshu\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2004-06-24 7932416]
"Gainward"="c:\windows\TBPanel.exe" [2006-09-14 2162688]
"Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488]
"TC UP"="e:\programs\TC UP\TC UP.exe" [2008-10-13 36352]
"WinampAgent"="e:\programs\Winamp\winampa.exe" [2008-09-12 36352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"InCD"="e:\programs\Nero\InCD\InCD.exe" [2006-03-23 1398272]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-28 111928]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-02-26 2140880]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Peshu\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-2-16 384512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Programs\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [26. 2. 2010 6:41 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10. 6. 2008 19:56 95872]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13. 1. 2006 15:00 15872]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [23. 1. 2009 17:51 51072]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [29. 12. 2008 12:34 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [29. 12. 2008 12:34 234888]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [26. 2. 2010 6:41 810120]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd5b.sys [29. 12. 2008 10:22 44032]
R3 PAC7311;VGA SoC PC-Camera;c:\windows\system32\drivers\PA707UCM.SYS [8. 11. 2006 10:59 530304]
S2 gupdate1c9b2d377bba8bc;Služba Google Update (gupdate1c9b2d377bba8bc);c:\program files\Google\Update\GoogleUpdate.exe [1. 4. 2009 16:09 133104]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [28. 3. 2010 14:20 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [28. 3. 2010 14:20 8456]
S3 pspdisp;pspdisp;c:\windows\system32\drivers\pspdisp.sys [4. 8. 2009 18:04 3072]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29. 12. 2008 15:13 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-12-06 22:18 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 14:09]

2010-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 14:09]

2010-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-484061587-839522115-1003Core.job
- c:\documents and settings\Peshu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-27 09:12]

2010-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-484061587-839522115-1003UA.job
- c:\documents and settings\Peshu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-27 09:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.ez-tracks.com/?fromOMB=1
mStart Page = hxxp://home.ez-tracks.com/?fromOMB=1
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-nwiz - nwiz.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-03 13:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-07-03 13:39:17
ComboFix-quarantined-files.txt 2010-07-03 11:39

Pre-Run: 1 136 123 904 bytes free
Post-Run: 1 269 858 304 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - B292DA82D2C5CE4210CD86DD1DFCDD5A


+ Crash report z RootRepeal

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows XP SP2
Exception Code: 0xc0000005
Exception Address: 0x0041102f
Attempt to read from address: 0x10f6a860

[Caroprd111]

Zdravím

Kdo vám poradil použít ComboFix Akorát jste mi zamaskoval stopy a můžete být rád, že Vám nezbořil systém.


Odinstalujte všechny emulátory virtuálních mechanik.

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

• Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
• zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

• Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

[Moris9]

ComboFix som pouzil na zaklade jedneho topicu kde sa riesil tento isty problem, za zamaskovanie stop sa ospravedlnujem a som velmi rad ze sa mi nezboril system (do istej miery)
Dalej som spravil vsetko podla Vasho navodu a tu su logy:

MBR log

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK


GMER logy
1.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-07-03 14:38:08
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Peshu\LOCALS~1\Temp\uwlcapoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

---- EOF - GMER 1.0.15 ----
2.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-03 15:42:12
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Peshu\LOCALS~1\Temp\uwlcapoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xF3625610]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xF3625C10]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xF3625730]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xF36254B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xF3625570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xF36256D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xF3625690]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xF3625650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xF36257D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xF3625510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xF3625590]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xF36254D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xF36255D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xF3625750]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 3A3 804E3074 2 Bytes [90, 56] {NOP ; PUSH ESI}
.text ntoskrnl.exe!_abnormal_termination + 3A6 804E3077 1 Byte [F3]
.text ntoskrnl.exe!_abnormal_termination + 443 804E3114 2 Bytes [10, 55]
.text ntoskrnl.exe!_abnormal_termination + 446 804E3117 5 Bytes [F3, 90, 55, 62, F3]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6C6B380, 0x566465, 0xE8000020]
? C:\DOCUME~1\Peshu\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

[Moris9]

pokracovanie

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[440] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F29C
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F330
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F4BD
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2308] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F29C
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F330
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F4BD
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2432] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2432] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2432] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2432] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2432] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2432] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2432] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F29C
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2432] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2432] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2432] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2432] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2432] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2432] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2432] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2432] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F330
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2432] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2432] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2432] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2432] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F4BD
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2432] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2432] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2432] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2432] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2432] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F29C
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F330
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F4BD
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F29C
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F330
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F4BD
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F29C
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F330
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F4BD
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F29C
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F330
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F4BD
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F29C
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F330
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F4BD
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F29C
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F330
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F4BD
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2500] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F29C
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F330
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F4BD
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F29C
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F330
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F4BD
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2524] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2524] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2524] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2524] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2524] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2524] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2524] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F29C
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2524] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2524] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2524] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2524] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2524] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2524] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2524] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2524] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F330
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2524] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2524] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2524] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2524] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F4BD
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2524] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2524] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2524] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2524] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2524] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device \FileSystem\Fastfat \Fat kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- EOF - GMER 1.0.15 ----

Dufam ze som uz nic nepokazil.

P.S. Po dokonceni prace ComboFixu mi uz Nod32 nevyhadzuje Olmarika po starte

[Caroprd111]

Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy.


Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter



Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

• Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
• Po použití program vymažte. Pozor, antiviry ho mohou falešně označit za vir.

Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe

• Spusťte.
• Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

• Spusťte.
• Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

• Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.
  
  Záložka Čistič
• Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
  
  Záložka Registry
• Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
  OK Zavřít

Dejte nový log z RSIT.

[Moris9]

Precistene a log z RSIT (zatial som sem iny nedaval )

Logfile of random's system information tool 1.07 (written by random/random)
Run by Peshu at 2010-07-03 17:38:41
Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (10%) free of 15 GB
Total RAM: 1023 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:38:47, on 3. 7. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Programs\Nero\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\TBPanel.exe
C:\WINDOWS\PixArt\PAC7311\Monitor.exe
E:\Programs\Winamp\winampa.exe
E:\Programs\TC UP\totalcmd.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
E:\Programs\Nero\InCD\InCD.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Peshu\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\~Download\RSIT.exe
C:\Program Files\trend micro\Peshu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.ez-tracks.com/?fromOMB=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.ez-tracks.com/?fromOMB=1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [TC UP] "E:\Programs\TC UP\TC UP.exe" /wnd=max
O4 - HKLM\..\Run: [WinampAgent] E:\Programs\Winamp\winampa.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] E:\Programs\Nero\InCD\InCD.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Peshu\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate1c9b2d377bba8bc) (gupdate1c9b2d377bba8bc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Programs\Nero\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10235 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-484061587-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-484061587-839522115-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-12-09 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-12-09 333192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"=C:\Program Files\VIAudioi\SBADeck\ADeck.exe [2004-06-24 7932416]
"Gainward"=C:\WINDOWS\TBPanel.exe [2006-09-14 2162688]
"Monitor"=C:\WINDOWS\PixArt\PAC7311\Monitor.exe [2006-11-03 319488]
"TC UP"=E:\Programs\TC UP\TC UP.exe [2008-10-13 36352]
"WinampAgent"=E:\Programs\Winamp\winampa.exe [2008-09-12 36352]
"Device Detector"=DevDetect.exe -autorun []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"InCD"=E:\Programs\Nero\InCD\InCD.exe [2006-03-23 1398272]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-01-28 111928]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-03-16 13670504]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-03-16 110696]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-02-26 2140880]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Peshu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-29 133104]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-12-07 2387968]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]
"Octoshape Streaming Services"=C:\Documents and Settings\Peshu\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [2009-01-08 70936]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Peshu\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"E:\Programs\Vuze\Azureus.exe"="E:\Programs\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"

======List of files/folders created in the last 1 months======

2010-07-03 17:38:41 ----D---- C:\rsit
2010-07-03 17:33:08 ----D---- C:\Program Files\CCleaner
2010-07-03 17:24:35 ----SHD---- C:\RECYCLER
2010-07-03 17:18:09 ----D---- C:\WINDOWS\system32\appmgmt
2010-07-03 13:29:03 ----A---- C:\Boot.bak
2010-07-03 13:29:00 ----RASHD---- C:\cmdcons
2010-07-03 12:48:54 ----A---- C:\RootRepeal report 07-03-10 (12-48-54).txt
2010-06-25 10:02:47 ----D---- C:\Documents and Settings\Peshu\Application Data\OpenOffice.org
2010-06-25 10:00:17 ----D---- C:\Program Files\OpenOffice.org 3
2010-06-05 16:46:16 ----D---- C:\Program Files\Trend Micro

======List of files/folders modified in the last 1 months======

2010-07-03 17:38:42 ----D---- C:\WINDOWS\Temp
2010-07-03 17:38:38 ----D---- C:\WINDOWS\Prefetch
2010-07-03 17:34:51 ----D---- C:\WINDOWS\Debug
2010-07-03 17:34:51 ----D---- C:\WINDOWS
2010-07-03 17:34:51 ----D---- C:\Documents and Settings\Peshu\Application Data\Azureus
2010-07-03 17:34:04 ----A---- C:\WINDOWS\DFC.INI
2010-07-03 17:33:08 ----RD---- C:\Program Files
2010-07-03 17:30:20 ----D---- C:\Documents and Settings\Peshu\Application Data\Skype
2010-07-03 17:28:22 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-07-03 17:24:34 ----D---- C:\WINDOWS\system32
2010-07-03 17:22:48 ----D---- C:\WINDOWS\Minidump
2010-07-03 17:21:59 ----SHD---- C:\System Volume Information
2010-07-03 17:21:59 ----D---- C:\WINDOWS\system32\Restore
2010-07-03 17:18:31 ----D---- C:\Documents and Settings\Peshu\Application Data\HPAppData
2010-07-03 17:18:09 ----SHD---- C:\WINDOWS\Installer
2010-07-03 17:18:09 ----D---- C:\Program Files\SweetIM
2010-07-03 17:17:57 ----D---- C:\Documents and Settings\All Users\Application Data\SweetIM
2010-07-03 14:27:04 ----D---- C:\WINDOWS\system32\drivers
2010-07-03 13:38:13 ----A---- C:\WINDOWS\system.ini
2010-07-03 13:36:07 ----D---- C:\WINDOWS\AppPatch
2010-07-03 13:36:03 ----D---- C:\Program Files\Common Files
2010-07-03 13:32:44 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-03 13:29:03 ----RASH---- C:\boot.ini
2010-07-03 12:11:22 ----D---- C:\Documents and Settings\Peshu\Application Data\skypePM
2010-06-28 11:50:46 ----D---- C:\Program Files\SPlayer
2010-06-28 11:50:17 ----D---- C:\Documents and Settings\Peshu\Application Data\SPlayer
2010-06-25 19:56:06 ----A---- C:\WINDOWS\WDICT32.INI
2010-06-25 10:01:20 ----RSD---- C:\WINDOWS\assembly
2010-06-25 10:00:31 ----RSD---- C:\WINDOWS\Fonts
2010-06-20 20:02:59 ----D---- C:\ALFA
2010-06-17 11:59:19 ----D---- C:\Documents and Settings\Peshu\Application Data\vlc
2010-06-13 18:51:55 ----D---- C:\WINDOWS\system32\wbem
2010-06-13 18:51:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-05 16:46:17 ----SD---- C:\Documents and Settings\Peshu\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-02-26 114984]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-02-26 95872]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2006-03-23 29440]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-03-23 33536]
R1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2009-12-22 51072]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-02-26 139192]
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2002-07-27 5306]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\getnd5b.sys [2003-09-02 44032]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-03-16 10232352]
R3 PAC7311;VGA SoC PC-Camera; C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2006-11-08 530304]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudios.sys [2004-05-24 141696]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2006-03-23 102016]
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys []
S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys []
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-10-28 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-10-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-10-28 21568]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 pspdisp;pspdisp; C:\WINDOWS\system32\DRIVERS\pspdisp.sys [2009-08-04 3072]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-01-19 503144]
S3 WinUSB;WinUSB driver; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2008-12-09 464264]
R2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-09 234888]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-02-26 810120]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 InCDsrv;InCD Helper; E:\Programs\Nero\InCD\InCDsrv.exe [2006-03-23 880128]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-12-07 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-03-16 154216]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 gupdate1c9b2d377bba8bc;Služba Google Update (gupdate1c9b2d377bba8bc); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-01 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-02-26 33560]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

[Caroprd111]

Doinstalujte SP3 http://www.viry.cz/forum/viewtopic.php?f=46&t=86100


V logu nevidím firewall, doinstalujte Přehled: http://www.viry.cz/forum/viewtopic.php?f=41&t=6523

[Moris9]

OK... nainstaloval som Sunbelt Kerio Personal Firewall... ak je to vsetko tak to zanamena ze uz mam cisty PC? Bez nejakych vacsich skod? Ak ano tak velmi pekne DAKUJEM za ochotu a cas

[Caroprd111]

Ano, je to vše.

[mojamoja]

Mám podobný problém pri štarte eset piše hlášku -operačná pamäť win32/Olmarik trojsky kôň.
Skušal som ho odstránit s malwarebytes ale neuspešne.Vie niekto pomôct prikladam log s rsit,Ďakujem.
Logfile of random's system information tool 1.08 (written by random/random)
Run by I5 at 2011-02-27 13:44:23
Microsoft Windows 7 Ultimate
System drive C: has 83 GB (73%) free of 113 GB
Total RAM: 3582 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:44:31, on 27. 2. 2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\GIGABYTE\GIGABYTE Sim Series7\Mouse.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ConMet\ConMet.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Users\I5\Desktop\RSIT.exe
C:\Program Files\trend micro\I5.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GIGABYTEMOUSE] C:\Program Files\GIGABYTE\GIGABYTE Sim Series7\Mouse.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ConMet] C:\Program Files\ConMet\ConMet.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19D9E8BD-2B13-4C13-843C-A46EE6D986BD}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{19D9E8BD-2B13-4C13-843C-A46EE6D986BD}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{19D9E8BD-2B13-4C13-843C-A46EE6D986BD}: NameServer = 192.168.1.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

--
End of file - 8294 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2011-01-13 241464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2010-08-29 798771]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2010-08-29 798771]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2011-01-13 687808]
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-11-08 2219184]
"GIGABYTEMOUSE"=C:\Program Files\GIGABYTE\GIGABYTE Sim Series7\Mouse.exe [2009-11-26 1278464]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-12-20 443728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ConMet"=C:\Program Files\ConMet\ConMet.exe [2010-11-12 4252160]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
C:\Windows\RaidTool\xInsIDE.exe [2009-10-19 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome 4]
C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe [2010-03-08 5174568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Detector 4.lnk]
C:\PROGRA~1\OLYMPUS\DEVICE~1\DEVICE~1.EXE []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-02-27 13:44:25 ----D---- C:\Program Files\trend micro
2011-02-27 13:44:23 ----D---- C:\rsit
2011-02-26 18:40:38 ----A---- C:\Windows\system32\drivers\pavboot.sys
2011-02-26 18:40:36 ----D---- C:\Program Files\Panda Security
2011-02-26 17:53:18 ----D---- C:\Windows\temp
2011-02-26 17:52:40 ----SHD---- C:\$RECYCLE.BIN
2011-02-26 12:49:43 ----D---- C:\Users\I5\AppData\Roaming\Malwarebytes
2011-02-26 12:49:36 ----D---- C:\ProgramData\Malwarebytes
2011-02-26 12:49:36 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-02-26 12:49:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-02-26 12:49:33 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-02-26 11:42:39 ----AD---- C:\ProgramData\TEMP
2011-02-25 20:07:55 ----D---- C:\Windows\system32\EventProviders
2011-02-25 20:07:49 ----D---- C:\20443756df1c75b80f
2011-02-20 13:55:13 ----A---- C:\Windows\system32\OpenCL.dll
2011-02-20 13:55:12 ----A---- C:\Windows\system32\nvwgf2um.dll
2011-02-20 13:55:12 ----A---- C:\Windows\system32\nvoglv32.dll
2011-02-20 13:55:12 ----A---- C:\Windows\system32\nvgenco322040.dll
2011-02-20 13:55:12 ----A---- C:\Windows\system32\nvdispco322090.dll
2011-02-20 13:55:12 ----A---- C:\Windows\system32\nvcuvid.dll
2011-02-20 13:55:12 ----A---- C:\Windows\system32\nvcuvenc.dll
2011-02-20 13:55:12 ----A---- C:\Windows\system32\nvcuda.dll
2011-02-20 13:55:12 ----A---- C:\Windows\system32\nvcompiler.dll
2011-02-20 13:55:12 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2011-02-20 13:54:37 ----D---- C:\NVIDIA
2011-02-19 10:10:55 ----D---- C:\Users\I5\AppData\Roaming\MozBackup
2011-02-16 18:14:20 ----D---- C:\Program Files\GIGABYTE
2011-02-11 19:42:21 ----D---- C:\Program Files\Graboid
2011-02-09 17:50:46 ----A---- C:\Windows\system32\mshtml.dll
2011-02-09 17:50:43 ----A---- C:\Windows\system32\wininet.dll
2011-02-09 17:50:43 ----A---- C:\Windows\system32\urlmon.dll
2011-02-09 17:50:42 ----A---- C:\Windows\system32\ieframe.dll
2011-02-09 17:50:41 ----A---- C:\Windows\system32\mstime.dll
2011-02-09 17:50:41 ----A---- C:\Windows\system32\msfeeds.dll
2011-02-09 17:50:41 ----A---- C:\Windows\system32\ieui.dll
2011-02-09 17:50:41 ----A---- C:\Windows\system32\iedkcs32.dll
2011-02-09 17:50:40 ----A---- C:\Windows\system32\mshtmled.dll
2011-02-09 17:50:40 ----A---- C:\Windows\system32\msfeedssync.exe
2011-02-09 17:50:40 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-02-09 17:50:40 ----A---- C:\Windows\system32\licmgr10.dll
2011-02-09 17:50:40 ----A---- C:\Windows\system32\jsproxy.dll
2011-02-09 17:50:40 ----A---- C:\Windows\system32\iertutil.dll
2011-02-09 17:50:40 ----A---- C:\Windows\system32\iepeers.dll
2011-02-09 17:50:34 ----A---- C:\Windows\system32\vbscript.dll
2011-02-09 17:50:34 ----A---- C:\Windows\system32\jscript.dll
2011-02-09 17:50:33 ----A---- C:\Windows\system32\kerberos.dll
2011-02-09 17:50:32 ----A---- C:\Windows\system32\win32k.sys
2011-02-09 17:50:31 ----A---- C:\Windows\system32\atmlib.dll
2011-02-09 17:50:31 ----A---- C:\Windows\system32\atmfd.dll
2011-02-09 17:50:05 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-02-09 17:50:05 ----A---- C:\Windows\system32\ntdll.dll
2011-02-09 17:50:04 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-02-03 21:14:46 ----A---- C:\Windows\system32\TURegOpt.exe
2011-02-03 21:14:11 ----A---- C:\Windows\system32\uxtuneup.dll
2011-02-03 21:14:11 ----A---- C:\Windows\system32\authuitu.dll
2011-02-03 21:14:01 ----D---- C:\Program Files\TuneUp Utilities 2011
2011-02-03 21:13:05 ----SHD---- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-02-03 20:43:06 ----D---- C:\Program Files\Ashampoo

======List of files/folders modified in the last 1 months======

2011-02-27 13:44:31 ----D---- C:\Windows\Prefetch
2011-02-27 13:44:25 ----RD---- C:\Program Files
2011-02-27 13:40:47 ----D---- C:\Program Files\Fausto
2011-02-27 13:37:56 ----D---- C:\Windows\System32
2011-02-27 13:37:56 ----D---- C:\Windows\inf
2011-02-27 13:37:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-27 13:32:29 ----D---- C:\Users\I5\AppData\Roaming\ConMet
2011-02-27 13:32:13 ----D---- C:\ProgramData\ConMet
2011-02-27 13:32:01 ----D---- C:\ProgramData\NVIDIA
2011-02-27 13:31:55 ----AD---- C:\Windows
2011-02-27 13:22:45 ----D---- C:\Windows\system32\config
2011-02-27 12:57:52 ----D---- C:\Windows\Minidump
2011-02-27 12:56:53 ----D---- C:\Program Files\CCleaner
2011-02-27 12:56:08 ----D---- C:\Users\I5\AppData\Roaming\Orbit
2011-02-27 10:32:24 ----D---- C:\Windows\system32\drivers
2011-02-27 10:32:20 ----SHD---- C:\System Volume Information
2011-02-27 10:18:10 ----D---- C:\Windows\system32\Tasks
2011-02-27 10:16:02 ----D---- C:\Program Files\SlySoft
2011-02-26 21:39:23 ----D---- C:\Program Files\ESET
2011-02-26 21:38:10 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-02-26 18:40:12 ----D---- C:\Windows\Downloaded Program Files
2011-02-26 17:52:12 ----A---- C:\Windows\system.ini
2011-02-26 17:50:35 ----D---- C:\Windows\AppPatch
2011-02-26 17:50:34 ----D---- C:\Program Files\Common Files
2011-02-26 17:47:52 ----D---- C:\Windows\system32\catroot2
2011-02-26 17:03:48 ----D---- C:\Windows\system32\drivers\etc
2011-02-26 12:49:36 ----D---- C:\ProgramData
2011-02-26 12:22:35 ----SHD---- C:\Windows\Installer
2011-02-26 11:00:34 ----D---- C:\Users\I5\AppData\Roaming\uTorrent
2011-02-26 09:47:50 ----D---- C:\Windows\Tasks
2011-02-26 09:47:50 ----D---- C:\Windows\system32\wfp
2011-02-26 09:47:50 ----D---- C:\Windows\system32\wbem
2011-02-26 09:47:50 ----D---- C:\Windows\system32\sk-SK
2011-02-26 09:47:50 ----D---- C:\Windows\system32\en-US
2011-02-26 09:47:49 ----D---- C:\Windows\winsxs
2011-02-26 09:46:12 ----D---- C:\Windows\system32\sysprep
2011-02-26 09:46:08 ----RSD---- C:\Windows\Fonts
2011-02-26 09:46:08 ----D---- C:\Windows\TAPI
2011-02-26 09:46:08 ----D---- C:\Windows\system32\sppui
2011-02-26 09:46:08 ----D---- C:\Windows\system32\Setup
2011-02-26 09:46:08 ----D---- C:\Windows\system32\oobe
2011-02-26 09:46:08 ----D---- C:\Windows\system32\migwiz
2011-02-26 09:46:08 ----D---- C:\Windows\system32\migration
2011-02-26 09:46:08 ----D---- C:\Windows\system32\manifeststore
2011-02-26 09:46:08 ----D---- C:\Windows\system32\es-ES
2011-02-26 09:46:08 ----D---- C:\Windows\system32\en
2011-02-26 09:46:08 ----D---- C:\Windows\system32\DriverStore
2011-02-26 09:46:08 ----D---- C:\Windows\system32\drivers\UMDF
2011-02-26 09:46:08 ----D---- C:\Windows\system32\drivers\en-US
2011-02-26 09:46:08 ----D---- C:\Windows\system32\Dism
2011-02-26 09:46:08 ----D---- C:\Windows\system32\da-DK
2011-02-26 09:46:08 ----D---- C:\Windows\system32\cs-CZ
2011-02-26 09:46:08 ----D---- C:\Windows\system32\Boot
2011-02-26 09:46:08 ----D---- C:\Windows\system32\AdvancedInstallers
2011-02-26 09:46:08 ----D---- C:\Windows\servicing
2011-02-26 09:46:08 ----D---- C:\Windows\PolicyDefinitions
2011-02-26 09:46:07 ----SHD---- C:\Windows\BitLockerDiscoveryVolumeContents
2011-02-26 09:46:07 ----D---- C:\Windows\ehome
2011-02-26 09:46:07 ----D---- C:\Program Files\Windows Sidebar
2011-02-26 09:46:07 ----D---- C:\Program Files\Windows Photo Viewer
2011-02-26 09:46:07 ----D---- C:\Program Files\Windows Media Player
2011-02-26 09:46:07 ----D---- C:\Program Files\Windows Mail
2011-02-26 09:46:07 ----D---- C:\Program Files\Windows Defender
2011-02-26 09:46:07 ----D---- C:\Program Files\Internet Explorer
2011-02-26 09:46:07 ----D---- C:\Program Files\DVD Maker
2011-02-26 09:45:58 ----D---- C:\Windows\system32\spp
2011-02-26 09:45:58 ----D---- C:\Windows\system32\Speech
2011-02-26 09:45:58 ----D---- C:\Windows\system32\MUI
2011-02-26 09:45:52 ----D---- C:\Windows\system32\CodeIntegrity
2011-02-26 09:45:47 ----D---- C:\Program Files\ConMet
2011-02-26 09:45:44 ----D---- C:\Program Files\Windows Portable Devices
2011-02-26 09:44:44 ----D---- C:\Windows\registration
2011-02-26 09:42:31 ----D---- C:\Windows\Microsoft.NET
2011-02-26 09:42:02 ----RSD---- C:\Windows\assembly
2011-02-25 19:53:25 ----D---- C:\Windows\system32\catroot
2011-02-20 15:25:38 ----D---- C:\Program Files\JDownloader
2011-02-20 14:19:56 ----D---- C:\Users\I5\AppData\Roaming\vlc
2011-02-20 13:57:03 ----D---- C:\Config.Msi
2011-02-20 13:55:32 ----D---- C:\Program Files\NVIDIA Corporation
2011-02-20 09:29:57 ----D---- C:\Users\I5\AppData\Roaming\Skype
2011-02-19 09:16:46 ----D---- C:\Program Files\Duolabs
2011-02-19 09:12:33 ----D---- C:\Windows\Downloaded Installations
2011-02-09 20:38:48 ----D---- C:\ProgramData\Win7codecs
2011-02-09 19:48:30 ----D---- C:\Windows\debug
2011-02-09 17:51:23 ----A---- C:\Windows\system32\MRT.exe
2011-02-09 17:47:00 ----D---- C:\Users\I5\AppData\Roaming\dvdcss
2011-02-05 18:22:44 ----D---- C:\Users\I5\AppData\Roaming\MOBILedit
2011-02-03 21:19:32 ----D---- C:\ProgramData\TuneUp Software
2011-02-03 21:14:04 ----D---- C:\Users\I5\AppData\Roaming\TuneUp Software
2011-01-30 13:27:56 ----D---- C:\Users\I5\AppData\Roaming\Canon
2011-01-29 12:19:12 ----D---- C:\Program Files\Opera

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2009-10-19 99440]
R0 pavboot;pavboot; C:\Windows\system32\drivers\pavboot.sys [2009-06-30 28552]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2010-08-14 158272]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258); C:\Windows\system32\DRIVERS\tdrpm258.sys [2010-08-14 911680]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2010-08-14 581984]
R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2009-08-04 11296]
R1 AsUpIO;AsUpIO; C:\Windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-09-03 137144]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-07-29 134512]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2005-07-28 685056]
R2 NSHE;Guardant Emulator Driver; \??\C:\Windows\system32\Drivers\NSHE.SYS [2008-12-18 97792]
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2007-10-28 96832]
R3 ElbyDelay;ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-07-29 32608]
R3 KMWDFILTERx86;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2010-12-20 20952]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 13216]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2009-10-26 58240]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2009-10-26 136704]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-09-17 1086976]
R3 vmlitediskmp;vmlitediskmp; C:\Windows\system32\DRIVERS\vmlitediskmp.sys [2009-11-11 115800]
R3 WinDriver6;WinDriver6; C:\Windows\system32\drivers\windrvr6.sys [2007-06-17 186592]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2010-08-14 160288]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BCM43XX;ASUS 802.11 - ovládač sieťového adaptéru; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-10-23 2494968]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 dc3d;MS Hardware Device Detection Driver (USB); C:\Windows\system32\DRIVERS\dc3d.sys [2010-07-21 44432]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-09-04 23152]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2009-10-22 57800]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2010-03-30 72520]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32.sys [2010-07-21 40848]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 rockusb;Driver for rockusb Device; C:\Windows\system32\DRIVERS\rockusb.sys [2006-03-22 73984]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-05-23 29696]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WINUSB;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUSB.SYS [2009-07-14 34944]
S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 APC UPS Service;APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [2007-07-19 689408]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-11-08 810144]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-01-07 608872]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-11-08 33584]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe [2009-11-26 661008]
S4 afcdpsrv;Acronis Nonstop Backup service; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-08-14 2480048]
S4 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-03-25 490280]
S4 Olympus DVR Service;Olympus DVR Service; C:\Program Files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [2010-04-21 176128]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-10-20 630272]

-----------------EOF-----------------

[Márty84]

Mám podobný problém

Hezke nedelni odpoledne

Zalozte si prosim vlastni nove tema.
Zaprve, tim, ze lezete nekomu do tematu s vlastnim problemem, porusujete pravidla fora.
A zadruhe, je to pro vas vyhodnejsi, protoze si vas nekdo z radcu vsimne o hodne drive

[Caroprd111]

Zdravím

Jak píše kolega, založte si, prosím, své vlastní téma.

Zde zamykám