Prosím o kontrolu logu-vir

Zpráva

štajny · #1 Příspěvek od **štajny** » 18 říj 2013 10:51

Ahoj,mám problem,včera jsem zapnul pc a vyskočilo mi okno NT AUTHORITY/system,příkazovým řádkem SHUTWODN/a jsem to dal pryč aby mi to neodpočítávalo,ale počítač je totálně zabržděný,když bych chtěl na něm něco dělat,tak je to lepší v nouzáku,prosím poradte co dál

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:03:54, on 18.10.2013
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\WebPlayer\FLV Player\WebPlayer.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\system32\crypserv.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\xampp\FileZillaFTP\FileZilla server.exe
C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
C:\Program Files (x86)\Java\jre7\bin\jqs.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\xampp\xampp_service_mercury.exe
C:\xampp\MercuryMail\mercury.exe
C:\Program Files\AVAST Software\Avast\setup\avast.setup
C:\xampp\apache\bin\httpd.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
C:\Program Files (x86)\Steam\steamerrorreporter.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dts.search.ask.com/sidebar.html? ... stemid=473
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10640A& ... 02-138&t=4
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search.ask.com/sidebar.html? ... stemid=473
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search.ask.com/sidebar.html? ... stemid=473
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\SysWOW64\dvmurl.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: Movies Toolbar (Dist. by Somoto Ltd.) - {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - C:\PROGRA~2\MOVIES~1\SAFETY~1\SRTOOL~1\IE\searchresultsDx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: DownloadnSave - {9D063D90-4577-6121-D7E6-AA40443B7F72} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Movies Toolbar (Dist. by Somoto Ltd.) - {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - C:\PROGRA~2\MOVIES~1\SAFETY~1\SRTOOL~1\IE\searchresultsDx.dll
O4 - HKLM\..\Run: [GEST] <B÷w\ü
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\SysWow64\NeroCheck.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files (x86)\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Device Detection] C:\Program Files (x86)\HF Designer\dd.exe
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIBZE.EXE /FU "C:\WINDOWS\TEMP\E_S39.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [ICQ] ~"C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto
O4 - HKCU\..\Run: [FLV Player] C:\Documents and Settings\Administrator\Local Settings\Application Data\WebPlayer\FLV Player\WebPlayer.exe
O4 - HKCU\..\Run: [SlimDrivers] "C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe" -boot
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-21-274209101-1402718703-3755381841-500\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (User '?')
O4 - HKUS\S-1-5-21-274209101-1402718703-3755381841-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-274209101-1402718703-3755381841-500\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-274209101-1402718703-3755381841-500\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent (User '?')
O4 - HKUS\S-1-5-21-274209101-1402718703-3755381841-500\..\Run: [ICQ] ~"C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4 (User '?')
O4 - HKUS\S-1-5-21-274209101-1402718703-3755381841-500\..\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto (User '?')
O4 - HKUS\S-1-5-21-274209101-1402718703-3755381841-500\..\Run: [FLV Player] C:\Documents and Settings\Administrator\Local Settings\Application Data\WebPlayer\FLV Player\WebPlayer.exe (User '?')
O4 - HKUS\S-1-5-21-274209101-1402718703-3755381841-500\..\Run: [SlimDrivers] "C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe" -boot (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - S-1-5-21-274209101-1402718703-3755381841-500 Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (User '?')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F88698B1-73B5-4777-A238-9B5B2802549C}: NameServer = 208.67.222.222
O20 - AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL C:\PROGRA~2\MOVIES~1\SAFETY~1\SAFETY~2.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SysWOW64\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SysWOW64\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: FileZilla Server - FileZilla Project - C:\xampp\FileZillaFTP\FileZilla server.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Služba modelu COM pro zápis na disk CD (IMAPI) (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files (x86)\Java\jre7\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Mercury - Apache Friends - C:\xampp\xampp_service_mercury.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Koordinátor DTC (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: MySQL - MySQL AB - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Správce relací nápovedy ke vzdálené ploše (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe (file missing)
O23 - Service: SafetyNut Manager (SafetyNutManager) - SafetyNut Inc. - C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: Adaptér výkonu služby WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: WorkshopDBService - Acresso - C:\PROGRA~2\VIVIDW~1\WORKSH~1.EXE

--
End of file - 13971 bytes

štajny · #2 Příspěvek od **štajny** » 18 říj 2013 17:15

poradí prosím někdo?

#3 Příspěvek od **Rudy** » 18 říj 2013 18:30

Zdravím!
On se do toho nikdo nehrne hlavně proto, že ne Win2003 nefunguje celá řada utilit, ktré používáme k čištění. Něco ale zkusíme. Zkuste tento postup: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .

štajny · #4 Příspěvek od **štajny** » 18 říj 2013 19:20

Aha,tak v tom je zakopaný pes....už jedu podle návodu,ale nevim jak dlouho mi to bude trvat,pc je totálně zabržděný,může se to dělat i přes nouzový režim??Pokusim se to ale nejdřív udělat normálně

#5 Příspěvek od **Rudy** » 18 říj 2013 19:44

Pokud to nepůjde, zkuste v nouz. režimu.

štajny · #6 Příspěvek od **štajny** » 18 říj 2013 20:04

Tak jsem čekal na update asi pul hodiny a nic,tak jsem to dal přes nouzák a hned to naběhlo a začnul jsem skenovat,ale při tomto mi za chvíli naběhlo toto

#7 Příspěvek od **Rudy** » 18 říj 2013 20:09

Tak budeme muet zkoušet, co půjde. Zkuste toto:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

štajny · #8 Příspěvek od **štajny** » 18 říj 2013 20:34

tak tady je log z ADwCleaner,pc mi teď naběhl a zatim mi nevyběhlo nt authority/system,a už to posílám jsem i přes tento pc

# AdwCleaner v3.008 - Report created 18/10/2013 at 21:27:04
# Updated 17/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 1 (64 bits)
# Username : Administrator - FERDA
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner(1).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.3790.1830

-\\ Mozilla Firefox v24.0 (cs)

[ File : C:\Documents and Settings\Pavel\Application Data\Mozilla\Firefox\Profiles\5idtqnxz.default\prefs.js ]

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e8gtujw0.default\prefs.js ]

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q3m5jd3d.default\prefs.js ]

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q49278od.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [17986 octets] - [18/10/2013 21:19:01]
AdwCleaner[R1].txt - [1386 octets] - [18/10/2013 21:25:56]
AdwCleaner[S0].txt - [16433 octets] - [18/10/2013 21:20:39]
AdwCleaner[S1].txt - [1309 octets] - [18/10/2013 21:27:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1369 octets] ##########

#9 Příspěvek od **Rudy** » 18 říj 2013 20:42

Zkuste teď dát log RSIT: http://forum.viry.cz/viewtopic.php?f=24&t=130784 .

štajny · #10 Příspěvek od **štajny** » 18 říj 2013 20:49

tady to je

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2013-10-18 21:47:50
Microsoft(R) Windows(R) XP Professional x64 Edition Service Pack 1
System drive C: has 33 GB (7%) free of 477 GB
Total RAM: 4094 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:47:59, on 18.10.2013
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\WebPlayer\FLV Player\WebPlayer.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\xampp\FileZillaFTP\FileZilla server.exe
C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files (x86)\Java\jre7\bin\jqs.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\xampp\xampp_service_mercury.exe
C:\xampp\MercuryMail\mercury.exe
C:\xampp\mysql\bin\mysqld.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~2\VIVIDW~1\WORKSH~1.EXE
C:\Program Files (x86)\Vivid WorkshopData ATI\jre\bin\java.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\SysWOW64\dvmurl.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: Movies Toolbar (Dist. by Somoto Ltd.) - {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - C:\PROGRA~2\MOVIES~1\SAFETY~1\SRTOOL~1\IE\searchresultsDx.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Movies Toolbar (Dist. by Somoto Ltd.) - {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - C:\PROGRA~2\MOVIES~1\SAFETY~1\SRTOOL~1\IE\searchresultsDx.dll (file missing)
O4 - HKLM\..\Run: [GEST] <B÷w\ü
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\SysWow64\NeroCheck.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files (x86)\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Device Detection] C:\Program Files (x86)\HF Designer\dd.exe
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIBZE.EXE /FU "C:\WINDOWS\TEMP\E_S39.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [ICQ] ~"C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [FLV Player] C:\Documents and Settings\Administrator\Local Settings\Application Data\WebPlayer\FLV Player\WebPlayer.exe
O4 - HKCU\..\Run: [SlimDrivers] "C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe" -boot
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F88698B1-73B5-4777-A238-9B5B2802549C}: NameServer = 208.67.222.222
O20 - AppInit_DLLs: C:\PROGRA~2\MOVIES~1\SAFETY~1\SAFETY~2.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SysWOW64\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SysWOW64\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: FileZilla Server - FileZilla Project - C:\xampp\FileZillaFTP\FileZilla server.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Služba modelu COM pro zápis na disk CD (IMAPI) (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files (x86)\Java\jre7\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Mercury - Apache Friends - C:\xampp\xampp_service_mercury.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Koordinátor DTC (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: MySQL - MySQL AB - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Správce relací nápovedy ke vzdálené ploše (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe (file missing)
O23 - Service: SafetyNut Manager (SafetyNutManager) - Unknown owner - C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: Adaptér výkonu služby WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: WorkshopDBService - Acresso - C:\PROGRA~2\VIVIDW~1\WORKSH~1.EXE

--
End of file - 11534 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Ati2evxx.exe -Client
"C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe"
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
"C:\Program Files\Logitech\Gaming Software\LWEMon.exe" /noui
"C:\WINDOWS\RTHDCPL.EXE"
"C:\WINDOWS\system32\ctfmon.exe"
"C:\Program Files\Messenger\msmsgs.exe" /background
"C:\Documents and Settings\Administrator\Local Settings\Application Data\WebPlayer\FLV Player\WebPlayer.exe"
"C:\WINDOWS\system32\ctfmon.exe"
"C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe" -boot
"C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe"
"C:\Program Files\WinFast\WFDTV\DTVSchdl.exe"
"C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe" /watchfiles
"C:\Program Files (x86)\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch
"C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe"
"C:\xampp\apache\bin\httpd.exe" -k runservice
"C:\WINDOWS\system32\cmd.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
crypserv.exe
"C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE"
C:\WINDOWS\System32\svchost.exe -k WinErr
"C:\xampp\FileZillaFTP\FileZilla server.exe"
"C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe"
"C:\Program Files (x86)\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files (x86)\Java\jre7\lib\deploy\jqs\jqs.conf"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
"C:\xampp\xampp_service_mercury.exe"
"C:\xampp\MercuryMail\mercury.exe" -M
"C:\xampp\mysql\bin\mysqld.exe" --defaults-file="C:\xampp\mysql\bin\my.ini" MySQL
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
"C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe"
C:\PROGRA~2\VIVIDW~1\WORKSH~1.EXE -zglaxservice WorkshopDBService
"C:\Program Files (x86)\Vivid WorkshopData ATI\jre\bin\java.exe" -Xrs -classpath "C:\Program Files (x86)\Vivid WorkshopData ATI\hsqldb.jar;C:\Program Files (x86)\Vivid WorkshopData ATI\lax.jar;" com.zerog.lax.LAX "C:/Program Files (x86)/Vivid WorkshopData ATI/WorkshopDBServer.lax" "C:/WINDOWS/TEMP/lax4.tmp"
C:\xampp\apache\bin\httpd.exe -d C:/xampp/apache -f C:\xampp\apache\conf\httpd.conf -E C:\xampp\apache\logs\error.log
"C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Documents and Settings\Administrator\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\WinZipDriverUpdater_UPDATES.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3444c3c5-6c56-4a16-a453-832b05bf6ea4}]
Movies Toolbar (Dist. by Somoto Ltd.) - C:\PROGRA~2\MOVIES~1\SAFETY~1\SRTOOL~1\IE\searchresultsDx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-02-15 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-02-15 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{3444c3c5-6c56-4a16-a453-832b05bf6ea4} - Movies Toolbar (Dist. by Somoto Ltd.) - C:\PROGRA~2\MOVIES~1\SAFETY~1\SRTOOL~1\IE\searchresultsDx.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2009-01-21 123400]
"UpdatePDRShortCut"=C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2013-03-12 20143688]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2010-11-03 84584]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2010-11-03 2815592]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2010-11-03 64104]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]
"Device Detection"=C:\Program Files (x86)\HF Designer\dd.exe [2012-11-02 958600]
"EPSON Stylus D92 Series"=C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIBZE.EXE [2006-09-27 139264]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-03-29 20992]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2007-02-18 1681920]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2013-10-09 1813928]
"ICQ"=~C:\Program Files (x86)\ICQ7.2\ICQ.exe silent loginmode=4 []
"FLV Player"=C:\Documents and Settings\Administrator\Local Settings\Application Data\WebPlayer\FLV Player\WebPlayer.exe [2012-10-26 202752]
"SlimDrivers"=C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-17 29395264]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GEST"=<B÷w\ü []
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2008-10-24 90112]
"ArcSoft Connection Service"=C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"NeroFilterCheck"=C:\WINDOWS\SysWow64\NeroCheck.exe [2001-07-09 155648]
"NokiaMServer"=C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []
"NexusServer"=C:\Program Files (x86)\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe [2008-08-05 520192]
"AdobeCS4ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-09-05 417792]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-08-30 4858968]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-04-05 98304]

[HKEY_CURRENT_USER\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2008-10-02 2916352]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BlueSoleil.lnk - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files (x86)\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\PROGRA~2\MOVIES~1\SAFETY~1\x64\SAFETY~2.DLL "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-06-22 254976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 154112]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=181

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files (x86)\GIGABYTE\EnergySaver\run.exe"="C:\Program Files (x86)\GIGABYTE\EnergySaver\run.exe:*:Enabled:update"
"C:\Program Files (x86)\ICQ6.5\ICQ.exe"="C:\Program Files (x86)\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files (x86)\Winamp Remote\bin\Orb.exe"="C:\Program Files (x86)\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe"="C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files (x86)\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files (x86)\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"="C:\Program Files (x86)\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files (x86)\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files (x86)\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Firewall GUI"
"C:\Program Files\WinFast\WFDTV\DVBTAP.exe"="C:\Program Files\WinFast\WFDTV\DVBTAP.exe:*:Enabled:WinFast DTV Application"
"C:\Program Files (x86)\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files (x86)\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files (x86)\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files (x86)\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files (x86)\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files (x86)\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Documents and Settings\Administrator\Desktop\rbrnet1.4\Lobby.exe"="C:\Documents and Settings\Administrator\Desktop\rbrnet1.4\Lobby.exe:*:Enabled:Lobby"
"C:\Documents and Settings\Administrator\Desktop\rbrnet1.4\RBRnet.exe"="C:\Documents and Settings\Administrator\Desktop\rbrnet1.4\RBRnet.exe:*:Enabled:RBRnet"
"C:\Documents and Settings\Administrator\My Documents\ICQ\288000657\ReceivedFiles\360496620 Aleš\RBRnet\RBRnet.exe"="C:\Documents and Settings\Administrator\My Documents\ICQ\288000657\ReceivedFiles\360496620 Aleš\RBRnet\RBRnet.exe:*:Enabled:RBRnet"
"C:\WINDOWS\SysWOW64\dpnsvr.exe"="C:\WINDOWS\SysWOW64\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Documents and Settings\Administrator\Desktop\rbrnet3.0\rbrnet3.0\RBRnet.exe"="C:\Documents and Settings\Administrator\Desktop\rbrnet3.0\rbrnet3.0\RBRnet.exe:*:Enabled:RBRnet"
"C:\ComplexWebServer\apache\bin\Apache.exe"="C:\ComplexWebServer\apache\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files (x86)\BitTorrent\bittorrent.exe"="C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files (x86)\Steam\SteamApps\ferda911\race 07\Race_Steam.exe"="C:\Program Files (x86)\Steam\SteamApps\ferda911\race 07\Race_Steam.exe:*:Disabled:RACE 07"
"C:\Documents and Settings\Administrator\Desktop\P1753577.JPG-www.facebook.exe"="C:\Program Files (x86)\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Program Files (x86)\nvsvc32.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Program Files (x86)\ICQ7.2\ICQ.exe"="C:\Program Files (x86)\ICQ7.2\ICQ.exe:*:Enabled:ICQ"
"C:\Program Files (x86)\Vivid WorkshopData ATI\sed.exe"="C:\Program Files (x86)\Vivid WorkshopData ATI\sed.exe:*:Enabled:sed"
"C:\WINDOWS\system32\dmwu.exe"="C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu"
"C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe"="C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe:*:Enabled:aTube Catcher to download and convert videos."

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.i420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iv50"=ir50_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"mixer"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 month======

2013-10-18 21:47:50 ----D---- C:\rsit
2013-10-18 21:47:50 ----D---- C:\Program Files\trend micro
2013-10-18 21:18:57 ----D---- C:\AdwCleaner
2013-10-18 20:57:12 ----D---- C:\FRST
2013-10-18 10:45:02 ----A---- C:\WINDOWS\ntbtlog.txt
2013-10-17 19:19:54 ----D---- C:\Documents and Settings\All Users\Application Data\Wincert
2013-10-17 19:19:17 ----D---- C:\Documents and Settings\Administrator\Application Data\somotomoviestoolbar1
2013-10-17 19:18:20 ----D---- C:\Documents and Settings\All Users\Application Data\SafetyNut
2013-10-09 10:13:10 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerInstaller.exe
2013-10-02 12:50:06 ----D---- C:\Documents and Settings\Administrator\Application Data\dvdcss
2013-09-21 11:22:47 ----D---- C:\Program Files (x86)\SlimDrivers
2013-09-21 11:20:24 ----A---- C:\WINDOWS\system32\drivers\SWDUMon.sys

======List of files/folders modified in the last 1 month======

2013-10-18 21:47:58 ----D---- C:\WINDOWS\Prefetch
2013-10-18 21:47:50 ----RD---- C:\Program Files
2013-10-18 21:35:59 ----D---- C:\WINDOWS\system32\CatRoot2
2013-10-18 21:32:37 ----D---- C:\WINDOWS\Temp
2013-10-18 21:29:59 ----D---- C:\Documents and Settings\All Users\Application Data\organiser
2013-10-18 21:29:01 ----D---- C:\Program Files (x86)\Steam
2013-10-18 21:21:10 ----D---- C:\WINDOWS\system32
2013-10-18 21:20:53 ----D---- C:\WINDOWS\SysWOW64
2013-10-18 21:20:52 ----D---- C:\Program Files (x86)
2013-10-18 21:20:40 ----D---- C:\Documents and Settings\All Users\Application Data\ICQ
2013-10-18 20:57:16 ----D---- C:\WINDOWS
2013-10-17 21:01:54 ----SH---- C:\boot.ini
2013-10-17 20:22:57 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2013-10-10 17:59:32 ----D---- C:\WINDOWS\system32\drivers
2013-10-09 10:13:27 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2013-10-08 22:30:31 ----D---- C:\Documents and Settings\Administrator\Application Data\BitTorrent
2013-10-02 12:50:31 ----D---- C:\Documents and Settings\Administrator\Application Data\vlc
2013-09-22 09:15:56 ----HD---- C:\WINDOWS\inf
2013-09-21 11:22:49 ----SHD---- C:\WINDOWS\Installer
2013-09-21 11:18:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-09-21 11:17:57 ----D---- C:\WINDOWS\system32\ReinstallBackups
2013-09-21 11:17:53 ----D---- C:\CIMTEMP
2013-09-19 19:12:32 ----AH---- C:\aaw7boot.cmd
2013-09-19 19:00:02 ----D---- C:\WINDOWS\Debug
2013-09-19 19:00:01 ----D---- C:\WINDOWS\Minidump
2013-09-19 17:47:24 ----SD---- C:\WINDOWS\Tasks
2013-09-19 17:07:47 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-09-19 17:07:33 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-08-30 65336]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-08-30 204880]
R0 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys [2007-03-05 24976]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2007-03-05 49680]
R0 crcdisk;CRC Disk Filter Driver; C:\WINDOWS\system32\DRIVERS\crcdisk.sys [2005-03-24 19968]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2011-11-03 69376]
R0 PxHlpa64;PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [2007-03-08 52856]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 95744]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2013-08-30 59144]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-08-30 378944]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-08-30 64288]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2006-03-29 23040]
R1 NetworkX;NetworkX; C:\WINDOWS\syswow64\ckldrv.sys [2006-01-10 31846]
R2 aksdf;aksdf; C:\WINDOWS\system32\DRIVERS\aksdf.sys [2006-12-13 65024]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-08-30 33400]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R2 CdaC15BA;CdaC15BA; C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys [2006-03-29 13312]
R2 CdaD10BA;CdaD10BA; C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys [2006-03-29 13312]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-06-23 6262272]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP6.sys [2012-05-14 151168]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-05-11 38160]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 37648]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 25360]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-07-13 239616]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-03-29 18944]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKHDA64.SYS [2013-03-29 7156808]
R3 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-29 49152]
R3 ksthunk;Kernel Streaming WOW64 Thunk Service; C:\WINDOWS\system32\drivers\ksthunk.sys [2006-03-29 24192]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\WINDOWS\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-29 19456]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-29 11776]
R3 RTL8023x64;Realtek 10/100/1000 PCI NIC Family NDIS XP(x64) Driver; C:\WINDOWS\system32\DRIVERS\Rtnic64.sys [2006-12-14 128000]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-03-29 42496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-03-29 32512]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 47120]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 63248]
R3 VHidMinidrv;Bluetooth HID Device Service; C:\WINDOWS\system32\drivers\VHIDMini.sys [2007-03-05 23184]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2009-01-13 22024]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2009-01-13 57608]
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-05-02 871408]
S1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-08-30 1030952]
S2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys []
S2 Ca1528av;SPCA1528 Video Camera Service; C:\WINDOWS\System32\Drivers\Ca1528av.sys []
S3 Ambfilt64;Ambfilt64; C:\WINDOWS\system32\drivers\Ambft64.sys [2009-11-18 1801304]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2010-05-17 153104]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-05-09 44688]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\Program Files (x86)\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys []
S3 Bulk1528;SPCA1528 Still Camera Service; C:\WINDOWS\System32\Drivers\Bulk1528.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2005-03-24 24576]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files (x86)\MediaCoder\SysInfoX64.sys []
S3 CX88VID;WinFast CX2388x AvStream Driver; C:\WINDOWS\system32\drivers\cxavsvid.sys [2006-07-21 469888]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-07-25 33344]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 255552]
S3 Monfilt64;Monfilt64; C:\WINDOWS\system32\drivers\Monft64.sys [2009-11-18 1861720]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2006-03-29 23040]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2005-03-24 8064]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2005-03-24 103680]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2006-03-29 17408]
S3 nmwcdcx64;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbox64.sys [2009-02-09 25088]
S3 nmwcdx64;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmbx64.sys [2009-02-09 18944]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL39A64.SYS [2005-03-24 59904]
S3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver; C:\WINDOWS\system32\DRIVERS\Rtenic64.sys [2008-06-16 137216]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2006-03-29 19968]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2006-03-29 24576]
S3 SWDUMon;SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [2013-09-21 16152]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltx64.sys [2009-02-09 8192]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2005-03-24 29696]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2005-03-24 28160]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2006-03-29 42496]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltx64j.sys [2009-02-09 8192]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-29 48128]
S3 vga;vga; C:\WINDOWS\system32\DRIVERS\vgapnp.sys [2005-03-24 33792]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 880864]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2009-01-13 34440]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2009-01-13 36360]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2009-01-13 15752]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-03-24 29696]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2005-03-24 24192]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 108544]
S4 adpu320;adpu320; C:\WINDOWS\system32\drivers\adpu320.sys []
S4 AmdIde;AmdIde; C:\WINDOWS\system32\drivers\AmdIde.sys []
S4 arc;arc; C:\WINDOWS\system32\drivers\arc.sys []
S4 iirsp;iirsp; C:\WINDOWS\system32\drivers\iirsp.sys []
S4 symmpi;symmpi; C:\WINDOWS\system32\drivers\symmpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AeLookupSvc;Application Experience Lookup Service; C:\WINDOWS\system32\svchost.exe [2006-03-29 25088]
R2 Apache2.2;Apache2.2; C:\xampp\apache\bin\httpd.exe [2009-12-20 29416]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-06-22 892416]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-08-30 46808]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2008-05-08 122880]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE [2006-04-18 102400]
R2 FileZilla Server;FileZilla Server; C:\xampp\FileZillaFTP\FileZilla server.exe [2009-12-20 1029776]
R2 GEST Service;GEST Service for program management.; C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2008-07-11 80392]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files (x86)\Java\jre7\bin\jqs.exe [2013-02-15 170912]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-05-26 2152720]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 Mercury;Mercury; C:\xampp\xampp_service_mercury.exe [2009-12-20 78480]
R2 MySQL;MySQL; C:\xampp\mysql\bin\mysqld.exe [2009-12-20 6095504]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2006-03-29 62976]
R2 WorkshopDBService;WorkshopDBService; C:\PROGRA~2\VIVIDW~1\WORKSH~1.EXE [2013-03-25 114688]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-29 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe []
S2 SafetyNutManager;SafetyNut Manager; C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09 257416]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-10 655624]
S3 IASJet;IAS Jet Database Access; C:\WINDOWS\SysWOW64\svchost.exe [2006-03-29 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-09-19 118680]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 vds;Virtual Disk Service; C:\WINDOWS\System32\vds.exe [2006-03-29 428032]
S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service; C:\WINDOWS\system32\svchost.exe [2006-03-29 25088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 clr_optimization_v2.0.50727_64;.NET Runtime Optimization Service v2.0.50727_x64; C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-25 93184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#11 Příspěvek od **Rudy** » 18 říj 2013 20:56

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3444c3c5-6c56-4a16-a453-832b05bf6ea4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.

štajny · #12 Příspěvek od **štajny** » 18 říj 2013 21:08

zde,zatim to jde dobře,sice nevím vůbec co dělám,ale důvěřuji Vám

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2013-10-18 22:06:58
Microsoft(R) Windows(R) XP Professional x64 Edition Service Pack 1
System drive C: has 33 GB (7%) free of 477 GB
Total RAM: 4094 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:07:39, on 18.10.2013
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\WebPlayer\FLV Player\WebPlayer.exe
C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\xampp\FileZillaFTP\FileZilla server.exe
C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files (x86)\Java\jre7\bin\jqs.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\xampp\xampp_service_mercury.exe
C:\xampp\MercuryMail\mercury.exe
C:\xampp\mysql\bin\mysqld.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~2\VIVIDW~1\WORKSH~1.EXE
C:\Program Files (x86)\Vivid WorkshopData ATI\jre\bin\java.exe
C:\Program Files\AVAST Software\Avast\setup\avast.setup
C:\xampp\apache\bin\httpd.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\SysWOW64\dvmurl.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GEST] <B÷w\ü
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\SysWow64\NeroCheck.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files (x86)\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Device Detection] C:\Program Files (x86)\HF Designer\dd.exe
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIBZE.EXE /FU "C:\WINDOWS\TEMP\E_S39.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [ICQ] ~"C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [FLV Player] C:\Documents and Settings\Administrator\Local Settings\Application Data\WebPlayer\FLV Player\WebPlayer.exe
O4 - HKCU\..\Run: [SlimDrivers] "C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe" -boot
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F88698B1-73B5-4777-A238-9B5B2802549C}: NameServer = 208.67.222.222
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SysWOW64\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SysWOW64\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: FileZilla Server - FileZilla Project - C:\xampp\FileZillaFTP\FileZilla server.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Služba modelu COM pro zápis na disk CD (IMAPI) (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files (x86)\Java\jre7\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Mercury - Apache Friends - C:\xampp\xampp_service_mercury.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Koordinátor DTC (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: MySQL - MySQL AB - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Správce relací nápovedy ke vzdálené ploše (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe (file missing)
O23 - Service: SafetyNut Manager (SafetyNutManager) - Unknown owner - C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: Adaptér výkonu služby WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: WorkshopDBService - Acresso - C:\PROGRA~2\VIVIDW~1\WORKSH~1.EXE

--
End of file - 11050 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Ati2evxx.exe -Client
"C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe"
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
"C:\WINDOWS\notepad.exe" C:\_OTM\MovedFiles\10182013_220324.log
"C:\Program Files\Logitech\Gaming Software\LWEMon.exe" /noui
"C:\WINDOWS\RTHDCPL.EXE"
"C:\WINDOWS\system32\ctfmon.exe"
"C:\Program Files\Messenger\msmsgs.exe" /background
"C:\Program Files (x86)\Steam\steam.exe" -silent
"C:\Documents and Settings\Administrator\Local Settings\Application Data\WebPlayer\FLV Player\WebPlayer.exe"
"C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe" -boot
"C:\WINDOWS\system32\ctfmon.exe"
"C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe"
"C:\Program Files\WinFast\WFDTV\DTVSchdl.exe"
"C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe" /watchfiles
"C:\Program Files (x86)\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch
"C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe"
"C:\xampp\apache\bin\httpd.exe" -k runservice
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
crypserv.exe
"C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE"
C:\WINDOWS\System32\svchost.exe -k WinErr
"C:\xampp\FileZillaFTP\FileZilla server.exe"
"C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe"
"C:\Program Files (x86)\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files (x86)\Java\jre7\lib\deploy\jqs\jqs.conf"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
"C:\xampp\xampp_service_mercury.exe"
"C:\xampp\MercuryMail\mercury.exe" -M
"C:\xampp\mysql\bin\mysqld.exe" --defaults-file="C:\xampp\mysql\bin\my.ini" MySQL
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
"C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe"
C:\PROGRA~2\VIVIDW~1\WORKSH~1.EXE -zglaxservice WorkshopDBService
"C:\Program Files (x86)\Vivid WorkshopData ATI\jre\bin\java.exe" -Xrs -classpath "C:\Program Files (x86)\Vivid WorkshopData ATI\hsqldb.jar;C:\Program Files (x86)\Vivid WorkshopData ATI\lax.jar;" com.zerog.lax.LAX "C:/Program Files (x86)/Vivid WorkshopData ATI/WorkshopDBServer.lax" "C:/WINDOWS/TEMP/lax4.tmp"
"C:\Program Files\AVAST Software\Avast\setup\avast.setup" /checkupdate /verysilent
C:\xampp\apache\bin\httpd.exe -d C:/xampp/apache -f C:\xampp\apache\conf\httpd.conf -E C:\xampp\apache\logs\error.log
"C:\Documents and Settings\Administrator\Desktop\RSITx64.exe"
"C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\WinZipDriverUpdater_UPDATES.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-02-15 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-02-15 170912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2009-01-21 123400]
"UpdatePDRShortCut"=C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2013-03-12 20143688]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2010-11-03 84584]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2010-11-03 2815592]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2010-11-03 64104]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]
"Device Detection"=C:\Program Files (x86)\HF Designer\dd.exe [2012-11-02 958600]
"EPSON Stylus D92 Series"=C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIBZE.EXE [2006-09-27 139264]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-03-29 20992]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2007-02-18 1681920]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2013-10-09 1813928]
"ICQ"=~C:\Program Files (x86)\ICQ7.2\ICQ.exe silent loginmode=4 []
"FLV Player"=C:\Documents and Settings\Administrator\Local Settings\Application Data\WebPlayer\FLV Player\WebPlayer.exe [2012-10-26 202752]
"SlimDrivers"=C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-17 29395264]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GEST"=<B÷w\ü []
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2008-10-24 90112]
"ArcSoft Connection Service"=C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"NeroFilterCheck"=C:\WINDOWS\SysWow64\NeroCheck.exe [2001-07-09 155648]
"NokiaMServer"=C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []
"NexusServer"=C:\Program Files (x86)\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe [2008-08-05 520192]
"AdobeCS4ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-09-05 417792]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-08-30 4858968]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-04-05 98304]

[HKEY_CURRENT_USER\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2008-10-02 2916352]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BlueSoleil.lnk - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files (x86)\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\PROGRA~2\MOVIES~1\SAFETY~1\x64\SAFETY~2.DLL "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-06-22 254976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 154112]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=181

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files (x86)\GIGABYTE\EnergySaver\run.exe"="C:\Program Files (x86)\GIGABYTE\EnergySaver\run.exe:*:Enabled:update"
"C:\Program Files (x86)\ICQ6.5\ICQ.exe"="C:\Program Files (x86)\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files (x86)\Winamp Remote\bin\Orb.exe"="C:\Program Files (x86)\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe"="C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files (x86)\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files (x86)\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"="C:\Program Files (x86)\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files (x86)\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files (x86)\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Firewall GUI"
"C:\Program Files\WinFast\WFDTV\DVBTAP.exe"="C:\Program Files\WinFast\WFDTV\DVBTAP.exe:*:Enabled:WinFast DTV Application"
"C:\Program Files (x86)\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files (x86)\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files (x86)\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files (x86)\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files (x86)\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files (x86)\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Documents and Settings\Administrator\Desktop\rbrnet1.4\Lobby.exe"="C:\Documents and Settings\Administrator\Desktop\rbrnet1.4\Lobby.exe:*:Enabled:Lobby"
"C:\Documents and Settings\Administrator\Desktop\rbrnet1.4\RBRnet.exe"="C:\Documents and Settings\Administrator\Desktop\rbrnet1.4\RBRnet.exe:*:Enabled:RBRnet"
"C:\Documents and Settings\Administrator\My Documents\ICQ\288000657\ReceivedFiles\360496620 Aleš\RBRnet\RBRnet.exe"="C:\Documents and Settings\Administrator\My Documents\ICQ\288000657\ReceivedFiles\360496620 Aleš\RBRnet\RBRnet.exe:*:Enabled:RBRnet"
"C:\WINDOWS\SysWOW64\dpnsvr.exe"="C:\WINDOWS\SysWOW64\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Documents and Settings\Administrator\Desktop\rbrnet3.0\rbrnet3.0\RBRnet.exe"="C:\Documents and Settings\Administrator\Desktop\rbrnet3.0\rbrnet3.0\RBRnet.exe:*:Enabled:RBRnet"
"C:\ComplexWebServer\apache\bin\Apache.exe"="C:\ComplexWebServer\apache\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files (x86)\BitTorrent\bittorrent.exe"="C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files (x86)\Steam\SteamApps\ferda911\race 07\Race_Steam.exe"="C:\Program Files (x86)\Steam\SteamApps\ferda911\race 07\Race_Steam.exe:*:Disabled:RACE 07"
"C:\Documents and Settings\Administrator\Desktop\P1753577.JPG-www.facebook.exe"="C:\Program Files (x86)\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Program Files (x86)\nvsvc32.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Program Files (x86)\ICQ7.2\ICQ.exe"="C:\Program Files (x86)\ICQ7.2\ICQ.exe:*:Enabled:ICQ"
"C:\Program Files (x86)\Vivid WorkshopData ATI\sed.exe"="C:\Program Files (x86)\Vivid WorkshopData ATI\sed.exe:*:Enabled:sed"
"C:\WINDOWS\system32\dmwu.exe"="C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu"
"C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe"="C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe:*:Enabled:aTube Catcher to download and convert videos."

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.i420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iv50"=ir50_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"mixer"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 month======

2013-10-18 21:58:39 ----D---- C:\_OTM
2013-10-18 21:47:50 ----D---- C:\rsit
2013-10-18 21:47:50 ----D---- C:\Program Files\trend micro
2013-10-18 21:18:57 ----D---- C:\AdwCleaner
2013-10-18 20:57:12 ----D---- C:\FRST
2013-10-18 10:45:02 ----A---- C:\WINDOWS\ntbtlog.txt
2013-10-17 19:19:54 ----D---- C:\Documents and Settings\All Users\Application Data\Wincert
2013-10-17 19:19:17 ----D---- C:\Documents and Settings\Administrator\Application Data\somotomoviestoolbar1
2013-10-17 19:18:20 ----D---- C:\Documents and Settings\All Users\Application Data\SafetyNut
2013-10-09 10:13:10 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerInstaller.exe
2013-10-02 12:50:06 ----D---- C:\Documents and Settings\Administrator\Application Data\dvdcss
2013-09-21 11:22:47 ----D---- C:\Program Files (x86)\SlimDrivers
2013-09-21 11:20:24 ----A---- C:\WINDOWS\system32\drivers\SWDUMon.sys

======List of files/folders modified in the last 1 month======

2013-10-18 22:07:41 ----D---- C:\Program Files (x86)\Steam
2013-10-18 22:07:14 ----D---- C:\WINDOWS\Prefetch
2013-10-18 22:06:46 ----D---- C:\WINDOWS\system32\CatRoot2
2013-10-18 22:05:52 ----D---- C:\Documents and Settings\All Users\Application Data\organiser
2013-10-18 22:05:46 ----D---- C:\WINDOWS\Temp
2013-10-18 21:58:54 ----D---- C:\WINDOWS\SysWOW64
2013-10-18 21:58:54 ----D---- C:\WINDOWS
2013-10-18 21:47:50 ----RD---- C:\Program Files
2013-10-18 21:21:10 ----D---- C:\WINDOWS\system32
2013-10-18 21:20:52 ----D---- C:\Program Files (x86)
2013-10-18 21:20:40 ----D---- C:\Documents and Settings\All Users\Application Data\ICQ
2013-10-17 21:01:54 ----SH---- C:\boot.ini
2013-10-17 20:22:57 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2013-10-10 17:59:32 ----D---- C:\WINDOWS\system32\drivers
2013-10-09 10:13:27 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2013-10-08 22:30:31 ----D---- C:\Documents and Settings\Administrator\Application Data\BitTorrent
2013-10-02 12:50:31 ----D---- C:\Documents and Settings\Administrator\Application Data\vlc
2013-09-22 09:15:56 ----HD---- C:\WINDOWS\inf
2013-09-21 11:22:49 ----SHD---- C:\WINDOWS\Installer
2013-09-21 11:18:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-09-21 11:17:57 ----D---- C:\WINDOWS\system32\ReinstallBackups
2013-09-21 11:17:53 ----D---- C:\CIMTEMP
2013-09-19 19:12:32 ----AH---- C:\aaw7boot.cmd
2013-09-19 19:00:02 ----D---- C:\WINDOWS\Debug
2013-09-19 19:00:01 ----D---- C:\WINDOWS\Minidump
2013-09-19 17:47:24 ----SD---- C:\WINDOWS\Tasks
2013-09-19 17:07:47 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-09-19 17:07:33 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-08-30 65336]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-08-30 204880]
R0 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys [2007-03-05 24976]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2007-03-05 49680]
R0 crcdisk;CRC Disk Filter Driver; C:\WINDOWS\system32\DRIVERS\crcdisk.sys [2005-03-24 19968]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2011-11-03 69376]
R0 PxHlpa64;PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [2007-03-08 52856]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 95744]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2013-08-30 59144]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-08-30 378944]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-08-30 64288]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2006-03-29 23040]
R1 NetworkX;NetworkX; C:\WINDOWS\syswow64\ckldrv.sys [2006-01-10 31846]
R2 aksdf;aksdf; C:\WINDOWS\system32\DRIVERS\aksdf.sys [2006-12-13 65024]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-08-30 33400]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R2 CdaC15BA;CdaC15BA; C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys [2006-03-29 13312]
R2 CdaD10BA;CdaD10BA; C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys [2006-03-29 13312]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-06-23 6262272]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP6.sys [2012-05-14 151168]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-05-11 38160]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 37648]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 25360]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-07-13 239616]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-03-29 18944]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKHDA64.SYS [2013-03-29 7156808]
R3 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-29 49152]
R3 ksthunk;Kernel Streaming WOW64 Thunk Service; C:\WINDOWS\system32\drivers\ksthunk.sys [2006-03-29 24192]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\WINDOWS\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-29 19456]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-29 11776]
R3 RTL8023x64;Realtek 10/100/1000 PCI NIC Family NDIS XP(x64) Driver; C:\WINDOWS\system32\DRIVERS\Rtnic64.sys [2006-12-14 128000]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-03-29 42496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-03-29 32512]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 47120]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 63248]
R3 VHidMinidrv;Bluetooth HID Device Service; C:\WINDOWS\system32\drivers\VHIDMini.sys [2007-03-05 23184]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2009-01-13 22024]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2009-01-13 57608]
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-05-02 871408]
S1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-08-30 1030952]
S2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys []
S2 Ca1528av;SPCA1528 Video Camera Service; C:\WINDOWS\System32\Drivers\Ca1528av.sys []
S3 Ambfilt64;Ambfilt64; C:\WINDOWS\system32\drivers\Ambft64.sys [2009-11-18 1801304]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2010-05-17 153104]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-05-09 44688]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\Program Files (x86)\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys []
S3 Bulk1528;SPCA1528 Still Camera Service; C:\WINDOWS\System32\Drivers\Bulk1528.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2005-03-24 24576]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files (x86)\MediaCoder\SysInfoX64.sys []
S3 CX88VID;WinFast CX2388x AvStream Driver; C:\WINDOWS\system32\drivers\cxavsvid.sys [2006-07-21 469888]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-07-25 33344]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 255552]
S3 Monfilt64;Monfilt64; C:\WINDOWS\system32\drivers\Monft64.sys [2009-11-18 1861720]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2006-03-29 23040]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2005-03-24 8064]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2005-03-24 103680]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2006-03-29 17408]
S3 nmwcdcx64;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbox64.sys [2009-02-09 25088]
S3 nmwcdx64;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmbx64.sys [2009-02-09 18944]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL39A64.SYS [2005-03-24 59904]
S3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver; C:\WINDOWS\system32\DRIVERS\Rtenic64.sys [2008-06-16 137216]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2006-03-29 19968]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2006-03-29 24576]
S3 SWDUMon;SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [2013-09-21 16152]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltx64.sys [2009-02-09 8192]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2005-03-24 29696]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2005-03-24 28160]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2006-03-29 42496]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltx64j.sys [2009-02-09 8192]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-29 48128]
S3 vga;vga; C:\WINDOWS\system32\DRIVERS\vgapnp.sys [2005-03-24 33792]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 880864]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2009-01-13 34440]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2009-01-13 36360]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2009-01-13 15752]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-03-24 29696]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2005-03-24 24192]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 108544]
S4 adpu320;adpu320; C:\WINDOWS\system32\drivers\adpu320.sys []
S4 AmdIde;AmdIde; C:\WINDOWS\system32\drivers\AmdIde.sys []
S4 arc;arc; C:\WINDOWS\system32\drivers\arc.sys []
S4 iirsp;iirsp; C:\WINDOWS\system32\drivers\iirsp.sys []
S4 symmpi;symmpi; C:\WINDOWS\system32\drivers\symmpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AeLookupSvc;Application Experience Lookup Service; C:\WINDOWS\system32\svchost.exe [2006-03-29 25088]
R2 Apache2.2;Apache2.2; C:\xampp\apache\bin\httpd.exe [2009-12-20 29416]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-06-22 892416]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-08-30 46808]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2008-05-08 122880]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE [2006-04-18 102400]
R2 FileZilla Server;FileZilla Server; C:\xampp\FileZillaFTP\FileZilla server.exe [2009-12-20 1029776]
R2 GEST Service;GEST Service for program management.; C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2008-07-11 80392]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files (x86)\Java\jre7\bin\jqs.exe [2013-02-15 170912]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-05-26 2152720]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 Mercury;Mercury; C:\xampp\xampp_service_mercury.exe [2009-12-20 78480]
R2 MySQL;MySQL; C:\xampp\mysql\bin\mysqld.exe [2009-12-20 6095504]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2006-03-29 62976]
R2 WorkshopDBService;WorkshopDBService; C:\PROGRA~2\VIVIDW~1\WORKSH~1.EXE [2013-03-25 114688]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-29 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe []
S2 SafetyNutManager;SafetyNut Manager; C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09 257416]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-10 655624]
S3 IASJet;IAS Jet Database Access; C:\WINDOWS\SysWOW64\svchost.exe [2006-03-29 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-09-19 118680]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 vds;Virtual Disk Service; C:\WINDOWS\System32\vds.exe [2006-03-29 428032]
S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service; C:\WINDOWS\system32\svchost.exe [2006-03-29 25088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 clr_optimization_v2.0.50727_64;.NET Runtime Optimization Service v2.0.50727_x64; C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-25 93184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#13 Příspěvek od **Rudy** » 18 říj 2013 21:13

Dvouklikem na soubor C:\Program Files\trend micro\Administrator.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:

R3 - URLSearchHook: (no name) - - (no file)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC.

štajny · #14 Příspěvek od **štajny** » 18 říj 2013 21:28

Hotovo,a teď

#15 Příspěvek od **Rudy** » 18 říj 2013 21:55

Nastala nějaká změna?

VIRY.CZ

Prosím o kontrolu logu-vir

Prosím o kontrolu logu-vir

Re: Prosím o kontrolu logu-vir

Re: Prosím o kontrolu logu-vir

Re: Prosím o kontrolu logu-vir

Re: Prosím o kontrolu logu-vir

Re: Prosím o kontrolu logu-vir

Re: Prosím o kontrolu logu-vir

Re: Prosím o kontrolu logu-vir

Re: Prosím o kontrolu logu-vir

Re: Prosím o kontrolu logu-vir

Re: Prosím o kontrolu logu-vir

Re: Prosím o kontrolu logu-vir

Re: Prosím o kontrolu logu-vir

Re: Prosím o kontrolu logu-vir

Re: Prosím o kontrolu logu-vir