Win32:Bredolab-BR

[max.ua]

Dobrý den.Už několik dni avast mi hlasí rootkity bud' v oper. paměti nebo ve složce WINDOWS.Tak doufam, že to neni až tak smrtelně vážný.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:03, on 29.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
D:\Max\programy\uTorrent\utorrent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Ńďóňíčę@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
R3 - URLSearchHook: (no name) - {83821C2B-32A8-4DD7-B6D4-44309A78E668} - C:\Program Files\Mail.Ru\Agent\Mra\dll\newmrasearch.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O1 - Hosts: 72.167.163.234 www.google-analytics.com
O1 - Hosts: 72.167.163.234 ads1.msn.com
O1 - Hosts: 38.113.174.32 dehp.myspace.com
O1 - Hosts: 38.113.174.32 demr.myspace.com
O1 - Hosts: 38.113.174.32 desk.myspace.com
O1 - Hosts: 38.113.174.32 delb.myspace.com
O1 - Hosts: 38.113.174.32 delb2.myspace.com
O1 - Hosts: 38.113.174.32 debr.myspace.com
O1 - Hosts: 68.178.151.28 view.atdmt.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: ???????@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Ńďóňíčę@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MAgent] C:\Program Files\Mail.Ru\Agent\MAgent.exe -LM
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [uTorrent] "D:\Max\programy\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Ďîčńę@Mail.Ru - res://C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll/282
O8 - Extra context menu item: Ńëîâŕđč@Mail.Ru - res://C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll/283
O9 - Extra button: Mail.Ru ????? - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe
O9 - Extra 'Tools' menuitem: Mail.Ru ????? - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 15163 bytes

[max.ua]

Tak McAfee odinstalovano ale AVGčku se moc nechce

[max.ua]

AVG odinstalovano.

[max.ua]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-01-29 12:03:24
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (11%) free of 30 GB
Total RAM: 2047 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:34, on 29.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
D:\Max\programy\uTorrent\utorrent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
D:\RSIT.exe
D:\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Ńďóňíčę@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
R3 - URLSearchHook: (no name) - {83821C2B-32A8-4DD7-B6D4-44309A78E668} - C:\Program Files\Mail.Ru\Agent\Mra\dll\newmrasearch.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O1 - Hosts: 72.167.163.234 www.google-analytics.com
O1 - Hosts: 72.167.163.234 ads1.msn.com
O1 - Hosts: 38.113.174.32 dehp.myspace.com
O1 - Hosts: 38.113.174.32 demr.myspace.com
O1 - Hosts: 38.113.174.32 desk.myspace.com
O1 - Hosts: 38.113.174.32 delb.myspace.com
O1 - Hosts: 38.113.174.32 delb2.myspace.com
O1 - Hosts: 38.113.174.32 debr.myspace.com
O1 - Hosts: 68.178.151.28 view.atdmt.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: ???????@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Ńďóňíčę@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MAgent] C:\Program Files\Mail.Ru\Agent\MAgent.exe -LM
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [uTorrent] "D:\Max\programy\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Ďîčńę@Mail.Ru - res://C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll/282
O8 - Extra context menu item: Ńëîâŕđč@Mail.Ru - res://C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll/283
O9 - Extra button: Mail.Ru ????? - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe
O9 - Extra 'Tools' menuitem: Mail.Ru ????? - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 12710 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\AWC AutoSweep.job
C:\WINDOWS\tasks\AWC Update.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-01-12 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll [2008-12-30 676704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-31 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{09900DE8-1DCA-443F-9243-26FF581438AF} - Ńďóňíčę@Mail.Ru - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll [2008-12-30 676704]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-01-12 520192]
{A057A204-BACC-4D26-9990-79A187E2698E}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-03 16876032]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-08-06 61440]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"Pinnacle WebUpdater"=C:\Program Files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe [2006-06-08 385024]
"PMCRemote"=C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe [2006-06-08 90112]
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"MAgent"=C:\Program Files\Mail.Ru\Agent\MAgent.exe [2008-12-30 5598392]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2005-10-28 335872]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-31 149280]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"PMCS"=C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe [2006-06-08 65536]
"uTorrent"=D:\Max\programy\uTorrent\utorrent.exe [2009-03-21 270128]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"OEXPRESS"=C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE [2009-01-12 26624]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2009-01-09 2262352]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Hlavní panel ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
Rychlé spuštění aplikace HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-04 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
avgrsstx.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSInstallInit.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMC.exe"="C:\Program Files\Pinnacle\MediaCenter\PMC.exe:LocalSubNet:Enabled:Pmc.exe"
"C:\Program Files\Pinnacle\MediaCenter\PSST.exe"="C:\Program Files\Pinnacle\MediaCenter\PSST.exe:LocalSubNet:Enabled:PSST.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe"="C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:LocalSubNet:Enabled:PMSManager.exe"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Mail.Ru\Agent\magent.exe"="C:\Program Files\Mail.Ru\Agent\magent.exe:*:Disabled:Mail.Ru ?????"
"D:\Hry\Worms 2\frontend.exe"="D:\Hry\Worms 2\frontend.exe:*:Disabled:Worms 2 Frontend"
"D:\Hry\Cossacks II\GSC Game World\Cossacks II\Data\ENGINE.EXE"="D:\Hry\Cossacks II\GSC Game World\Cossacks II\Data\ENGINE.EXE:*:Enabled:Cossacks 2: Napoleonic Wars"
"D:\Max\programy\uTorrent\utorrent.exe"="D:\Max\programy\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\Hry\Assasins creed\AssassinsCreed_Dx9.exe"="D:\Hry\Assasins creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"D:\Hry\Assasins creed\AssassinsCreed_Dx10.exe"="D:\Hry\Assasins creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"D:\Hry\Assasins creed\AssassinsCreed_Launcher.exe"="D:\Hry\Assasins creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:LocalSubNet:Disabled:PMCService"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc54b686-680c-11de-b487-0021856ea19f}]
shell\AutoRun\command - F:\autorun.exe


======List of files/folders created in the last 1 months======

2010-01-29 12:03:24 ----D---- C:\rsit
2010-01-27 17:39:55 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-10 10:58:50 ----D---- C:\Program Files\Common Files\Skype
2010-01-10 10:58:43 ----RD---- C:\Program Files\Skype

======List of files/folders modified in the last 1 months======

2010-01-29 12:03:20 ----D---- C:\WINDOWS\Prefetch
2010-01-29 12:02:15 ----D---- C:\WINDOWS\Temp
2010-01-29 12:01:39 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-29 12:01:33 ----D---- C:\WINDOWS\system32\config
2010-01-29 12:01:23 ----D---- C:\WINDOWS
2010-01-29 12:00:51 ----D---- C:\Program Files\Mozilla Firefox
2010-01-29 12:00:22 ----A---- C:\checkrun.txt
2010-01-29 11:59:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-29 11:58:53 ----D---- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2010-01-29 11:31:07 ----RD---- C:\Program Files
2010-01-29 11:30:32 ----D---- C:\Program Files\Common Files
2010-01-29 11:30:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee
2010-01-29 11:29:16 ----D---- C:\Documents and Settings\Administrator\Data aplikací\skypePM
2010-01-29 11:29:14 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2010-01-29 11:27:32 ----D---- C:\WINDOWS\system32
2010-01-29 11:26:07 ----D---- C:\WINDOWS\system32\drivers
2010-01-29 11:25:15 ----D---- C:\Documents and Settings\Administrator\Data aplikací\AVGTOOLBAR
2010-01-29 11:08:59 ----D---- C:\Documents and Settings\Administrator\Data aplikací\ICQ
2010-01-29 11:05:25 ----SD---- C:\WINDOWS\Tasks
2010-01-27 17:41:55 ----D---- C:\WINDOWS\system
2010-01-25 19:16:52 ----D---- C:\Program Files\Video Convert Master
2010-01-22 15:24:24 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-17 17:33:47 ----A---- C:\WINDOWS\hdkctnts.ini
2010-01-16 20:56:46 ----SHD---- C:\WINDOWS\Installer
2010-01-16 20:56:44 ----D---- C:\WINDOWS\WinSxS
2010-01-16 20:47:26 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-11 22:48:29 ----A---- C:\WINDOWS\TRNCOM.INI
2010-01-10 10:58:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-01-02 21:49:14 ----D---- C:\Program Files\Windows Media Player

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-01-16 271360]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-01-16 18048]
R3 3xHybrid;Pinnacle PCTV 110i service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-09-01 827008]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2005-05-26 11264]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-03 4745216]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-12-06 47360]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S2 dsgbkrmbyfjhm;dsgbkrmbyfjhm; \??\C:\WINDOWS\system32\drivers\evggdv.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-01-20 10345]
S3 iMSPQMn;iMSPQMn; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iMSPQMn.sys []
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSICPL;MSICPL; \??\E:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sfc;sfc; C:\WINDOWS\system32\drivers\sfc.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-31 153376]
R2 MSSQL$PINNACLESYS;MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [2005-05-04 9150464]
R2 PinnacleSys.MediaServer;Pinnacle Systems Media Service; c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe [2006-01-19 49152]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-08-05 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$PINNACLESYS;SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [2005-05-03 323584]

-----------------EOF-----------------

[max.ua]

Ten OTL se zřejmě zasekl(neodpovída) u skenování souboru schvost.exe:(

[max.ua]

Nevim jestli jsem to vše udělal spravně ale s tím prvním syntaxem se to zas seklo, pak jsem tam dal pouze
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c

a vyjelo mi toto:

OTL logfile created on: 29.1.2010 13:28:24 - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Administrator\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 3,38 Gb Free Space | 11,52% Space Free | Partition Type: NTFS
Drive D: | 82,49 Gb Total Space | 10,49 Gb Free Space | 12,72% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAX
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.01.29 12:32:36 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
PRC - [2010.01.14 21:31:45 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.11.25 00:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009.11.25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009.11.25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009.11.25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009.11.25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009.11.16 16:36:19 | 00,172,792 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ6.5\ICQ.exe
PRC - [2009.10.09 13:11:12 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009.10.09 13:11:12 | 00,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009.08.03 20:05:02 | 00,238,888 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
PRC - [2009.07.31 15:23:21 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009.07.31 15:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009.03.21 18:32:30 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- D:\Max\programy\uTorrent\utorrent.exe
PRC - [2009.01.12 14:31:57 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
PRC - [2009.01.09 15:54:42 | 02,262,352 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2008.07.03 16:51:28 | 16,876,032 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2007.05.08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2006.11.23 15:10:42 | 00,056,928 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2006.06.08 09:42:26 | 00,590,848 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
PRC - [2006.06.08 09:42:20 | 00,065,536 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
PRC - [2006.06.08 09:40:52 | 00,090,112 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
PRC - [2006.01.19 09:22:20 | 00,049,152 | ---- | M] (Pinnacle Systems) -- c:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
PRC - [2005.10.28 19:08:31 | 00,335,872 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2005.08.08 05:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2005.08.04 04:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005.05.12 00:33:52 | 00,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005.05.04 00:04:28 | 09,150,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
PRC - [2005.04.02 00:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2004.08.17 14:49:24 | 01,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010.01.29 12:32:36 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
MOD - [2009.01.12 14:31:58 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\All Users\Data aplikací\LangSoft\TRNOEH.DLL
MOD - [2004.08.17 14:49:22 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2004.08.17 14:48:02 | 01,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004.08.03 21:31:44 | 00,152,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll


========== Win32 Services (SafeList) ==========

SRV - [2009.11.25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009.07.31 15:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2007.05.08 19:47:22 | 00,271,920 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007.04.13 21:09:56 | 00,792,112 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006.01.19 09:22:20 | 00,049,152 | ---- | M] (Pinnacle Systems) [Auto | Running] -- c:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe -- (PinnacleSys.MediaServer)
SRV - [2005.11.17 14:18:52 | 01,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005.08.08 05:54:00 | 00,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2005.08.05 21:05:00 | 00,516,096 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2005.08.04 04:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005.05.04 00:04:28 | 09,150,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe -- (MSSQL$PINNACLESYS)
SRV - [2005.05.03 21:42:56 | 00,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE -- (SQLAgent$PINNACLESYS)
SRV - [2005.04.04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.04.02 00:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
SRV - [2003.07.28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010.01.16 20:56:47 | 00,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.01.16 20:56:46 | 00,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.11.25 00:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 00:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.11.25 00:47:54 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.09.15 12:56:14 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.09.15 12:55:30 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.09.15 12:55:19 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.07.03 20:50:09 | 00,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.05.09 15:58:19 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2009.03.08 18:09:49 | 00,061,952 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\evggdv.sys -- (dsgbkrmbyfjhm)
DRV - [2009.01.20 18:26:08 | 00,010,345 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.12.06 12:45:52 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Pcouffin.sys -- (Pcouffin)
DRV - [2008.07.03 17:03:14 | 04,745,216 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.01.03 15:10:16 | 00,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006.07.01 22:42:58 | 00,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005.10.26 21:12:48 | 00,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005.09.01 11:50:48 | 00,827,008 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2005.08.04 04:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.05.26 18:48:50 | 00,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2005.04.25 09:43:58 | 00,159,616 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Vax347b.sys -- (Vax347b)
DRV - [2005.03.03 18:53:57 | 00,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.02.23 16:59:54 | 00,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.02.09 11:59:00 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2005.01.07 17:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004.12.03 11:20:41 | 00,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004.08.03 23:10:14 | 00,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004.04.30 08:33:00 | 00,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Vax347s.sys -- (Vax347s)
DRV - [2001.10.25 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1606980848-2052111302-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1606980848-2052111302-682003330-500\..\URLSearchHook: {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
IE - HKU\S-1-5-21-1606980848-2052111302-682003330-500\..\URLSearchHook: {83821C2B-32A8-4DD7-B6D4-44309A78E668} - C:\Program Files\Mail.Ru\Agent\Mra\dll\newmrasearch.dll ()
IE - HKU\S-1-5-21-1606980848-2052111302-682003330-500\S-1-5-21-1606980848-2052111302-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.14 21:31:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.01.14 21:31:58 | 00,000,000 | ---D | M]

[2008.11.01 00:13:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2009.07.30 16:19:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\qu0u2ia7.default\extensions
[2010.01.29 13:05:41 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.14 21:31:49 | 00,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.14 21:31:49 | 00,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.14 21:31:49 | 00,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.14 21:31:49 | 00,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.14 21:31:49 | 00,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2009.12.02 18:23:06 | 00,008,643 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 72.167.163.234 www.google-analytics.com
O1 - Hosts: 72.167.163.234 ads1.msn.com
O1 - Hosts: 38.113.174.32 dehp.myspace.com
O1 - Hosts: 38.113.174.32 demr.myspace.com
O1 - Hosts: 38.113.174.32 desk.myspace.com
O1 - Hosts: 38.113.174.32 delb.myspace.com
O1 - Hosts: 38.113.174.32 delb2.myspace.com
O1 - Hosts: 38.113.174.32 debr.myspace.com
O1 - Hosts: 68.178.151.28 view.atdmt.com
O1 - Hosts: 127.0.0.1 www.intuneads.com
O1 - Hosts: 127.0.0.1 www.freemusic123.com
O1 - Hosts: 127.0.0.1 www.cifras.com.br
O1 - Hosts: 127.0.0.1 www.gshome.com
O1 - Hosts: 127.0.0.1 www.all-midi.com
O1 - Hosts: 127.0.0.1 www.directtabs.com
O1 - Hosts: 127.0.0.1 hg1.hitbox.com
O1 - Hosts: 127.0.0.1 ad.harmony-central.com
O1 - Hosts: 127.0.0.1 cdn1.tribalfusion.com
O1 - Hosts: 127.0.0.1 isg01.casalemedia.com
O1 - Hosts: 127.0.0.1 isg02.casalemedia.com
O1 - Hosts: 127.0.0.1 isg03.casalemedia.com
O1 - Hosts: 127.0.0.1 isg04.casalemedia.com
O1 - Hosts: 127.0.0.1 isg05.casalemedia.com
O1 - Hosts: 312 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (MailRuBHO Class) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Ńďóňíčę@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O3 - HKU\S-1-5-21-1606980848-2052111302-682003330-500\..\Toolbar\WebBrowser: (Ńďóňíčę@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [MAgent] C:\Program Files\Mail.Ru\Agent\MAgent.exe (Mail.Ru)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [Pinnacle WebUpdater] C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe (Pinnacle Systems)
O4 - HKLM..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1606980848-2052111302-682003330-500..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKU\S-1-5-21-1606980848-2052111302-682003330-500..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-1606980848-2052111302-682003330-500..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE ()
O4 - HKU\S-1-5-21-1606980848-2052111302-682003330-500..\Run: [PMCS] C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe (Pinnacle Systems)
O4 - HKU\S-1-5-21-1606980848-2052111302-682003330-500..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-1606980848-2052111302-682003330-500..\Run: [uTorrent] D:\Max\programy\uTorrent\utorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606980848-2052111302-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606980848-2052111302-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Ďîčńę@Mail.Ru - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Ńëîâŕđč@Mail.Ru - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O9 - Extra Button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe (Mail.Ru)
O9 - Extra 'Tools' menuitem : Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe (Mail.Ru)
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1606980848-2052111302-682003330-500\..Trusted Domains: 54 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.158.128.2 212.158.128.3
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.01 00:24:32 | 00,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{fc54b686-680c-11de-b487-0021856ea19f}\Shell - "" = AutoRun
O33 - MountPoints2\{fc54b686-680c-11de-b487-0021856ea19f}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (59676032252248064)

========== LOP Check ==========

[2009.03.13 14:57:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Audacity
[2010.01.29 11:25:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\AVGTOOLBAR
[2009.07.03 21:59:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Cakewalk
[2009.12.05 21:09:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\EarMaster
[2009.10.18 15:18:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\gtk-2.0
[2010.01.29 11:08:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ICQ
[2009.08.06 11:18:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Inkscape
[2009.11.07 14:41:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\IObit
[2009.01.12 14:47:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\LangSoft
[2009.06.28 14:07:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\MAGIX
[2008.12.30 22:40:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mra
[2008.12.14 21:38:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Pinnacle Systems
[2009.11.14 17:14:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Simply Super Software
[2009.10.17 13:11:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Ubisoft
[2010.01.29 13:25:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
[2009.03.13 13:52:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Acoustica
[2009.07.04 13:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Cakewalk
[2008.11.01 09:53:00 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2009.12.05 21:09:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\EarMaster
[2009.11.11 21:44:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2009.01.12 14:32:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LangSoft
[2009.06.28 14:06:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MAGIX
[2009.11.28 13:48:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2009.11.28 14:01:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio
[2009.11.28 15:18:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SmartSound Software Inc
[2009.12.29 13:43:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.10.17 13:08:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ubisoft
[2009.10.17 17:09:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\LangSoft
[2010.01.28 18:25:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\SACore
[2010.01.29 12:55:16 | 00,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\AWC AutoSweep.job
[2010.01.27 20:17:00 | 00,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\AWC Update.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:CB0AACC9
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:7E0EFF7B
< End of report >

[max.ua]

Tady zatím jen log z OTL, protože když jsem spustil gmer.exe, tak po chvilce rychleho skenu se mi restartoval počitač:(

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1606980848-2052111302-682003330-500\Software\Microsoft\Internet Explorer\URLSearchHooks\\{09900DE8-1DCA-443F-9243-26FF581438AF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF}\ deleted successfully.
C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1606980848-2052111302-682003330-500\Software\Microsoft\Internet Explorer\URLSearchHooks\\{83821C2B-32A8-4DD7-B6D4-44309A78E668} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83821C2B-32A8-4DD7-B6D4-44309A78E668}\ deleted successfully.
C:\Program Files\Mail.Ru\Agent\Mra\dll\newmrasearch.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8984B388-A5BB-4DF7-B274-77B879E179DB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB}\ deleted successfully.
File C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{09900DE8-1DCA-443F-9243-26FF581438AF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF}\ not found.
File C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_USERS\S-1-5-21-1606980848-2052111302-682003330-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{09900DE8-1DCA-443F-9243-26FF581438AF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF}\ not found.
File C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MAgent deleted successfully.
C:\Program Files\Mail.Ru\Agent\magent.exe moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Ďîčńę@Mail.Ru\ deleted successfully.
File C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Ńëîâŕđč@Mail.Ru\ deleted successfully.
File C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7558B7E5-7B26-4201-BEDB-00D5FF534523}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7558B7E5-7B26-4201-BEDB-00D5FF534523}\ not found.
File C:\Program Files\Mail.Ru\Agent\magent.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7558B7E5-7B26-4201-BEDB-00D5FF534523}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7558B7E5-7B26-4201-BEDB-00D5FF534523}\ not found.
File C:\Program Files\Mail.Ru\Agent\magent.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ not found.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\sdra64.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter\ deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 514171544 bytes
->Temporary Internet Files folder emptied: 59129402 bytes
->Java cache emptied: 3594 bytes
->FireFox cache emptied: 205024584 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 65938 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1683824 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2208792 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1035877 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 2174977 bytes
RecycleBin emptied: 16825152 bytes

Total Files Cleaned = 765,00 mb


OTL by OldTimer - Version 3.1.27.0 log created on 01292010_135714

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZV51D1P6\combatsports_martialarts;sz=300x250;klg=cs;kt=K;kga=-1;kr=R;kw=fedor+emelianenko;kgg=-1;kcr=cz;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=1331846740665071[2].2 not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\YH012345\K6TwugO9hni40000ZhcQPB84XPER2fQdmk-7aRdWYBK9atr_0W00=7UliXPK2cmHhK3i1cZ-Ife9s2K5u0W00=U2jWq9K2cmDeJpe1cZ-Ihe9s2K5u0W00=_-U2K9K2cm5kGucixV8Gc4YSeA0l4Pf1ageWMmUTemOc0fa2e9[1] not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\XZJ7TPKE\64WQVCqJKDm40000ZhYVPB84XPER2fQenbQ8aRBSj1WEatr_0W00=sNAK19K2cmHhK3i1ceqZagQ2TWb1UG80=VjbcI9K2cmDeJpe1ceqZagw2TWb1UG80=g-sWh9K2cm5kGucZ5CuJc7ISeA0l4PgDkPAkgiW9dQhDo0EP0g[1] not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\SV1JAQB1\D1%81%D1%82%D0%B8%20%D0%9F%D0%B5%D1%80%D0%BC%D0%B8%20%D0%B8%20%D0%9F%D0%B5%D1%80%D0%BC%D1%81%D0%BA%D0%BE%D0%B3%D0%BE%20%D0%BA%D1%80%D0%B0%D1%8F%20-%20PR&site-info=%7B%7D&wmode=1 not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\SV1JAQB1\Ed6mz9w1pEe40000Zh2pPB84XPER2fQcms28aR9U1He9atr_0W00=rUBqEPK2cmHhK3i1ceiEagQ2TWb1UG80=Saa6TPK2cmDeJpe1ceiEagw2TWb1UG80=g-sWh9K2cm5kGucZ5CuJc7ISeA0l4PgDkPAkgiW9dQhDo0EP0g[1] not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\SHYBO1I3\main_11080;sz=300x250;mpvid=AAR6DraZPLrDKVJz;!c=11080;k2=516;ytexp=901802;k3=516;klg=cs;kvid=61oQi-6ERh0;kpu=slowdive626;kr=N;kt=K;ko=y;kpid=11080;kga=-1;u=61oQi-6ERh0_1[1].htm not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\S1YFG5UN\6uDxkrtfXcq40000Zhm0PR84XPWc2v6zXDl01PDzUW80=hf-cPfK2cmHhK3i1ceiEagQ2TWb1UG80=2JHKAfK2cmDeJpe1ceiEagw2TWb1UG80=Mg7AAvK2cm5kGuclb9m8c2MSgs2qCvgRPyYIfmXW2fsZKO41cGAWa3KCGN[1] not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\S1YFG5UN\main_11080;sz=450x60;mpvid=AAR6DraZPLrDKVJz;!c=11080;k2=516;ytexp=901802;k3=516;klg=cs;kvid=61oQi-6ERh0;kpu=slowdive626;kr=N;kt=K;ko=y;kpid=11080;kga=-1;u=61oQi-6ERh0_11[1].asx not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\ODE3S5U7\0%D1%82%D0%B2%20%D0%BF%D0%BE%D0%B6%D0%B0%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%B5%D1%80%D0%BC%D0%B8%20%D0%B4%D0%BE%D1%81%D1%82%D0%B8%D0%B3%D0%BB%D0%BE%20146-&site-info=%7B%7D&wmode=1 not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\MTC78NEJ\4jTReY_aVty40000ZhkIPB84XPER2f6beiTAatrv0W00=NVcSiPK2cmHhK3i1ca6Ife9s2K5u0W00=E3aGv9K2cmDeJpe1ca6Ihe9s2K5u0W00=g-sWh9K2cm5kGucZ5CuJc7ISeA0l4PgDkPAkgiW9dQhDo0EP0g2G-HL1VW[1] not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\MTC78NEJ\music_lyricstabs;sz=300x250;klg=cs;kt=K;kga=-1;kr=F;kw=%D1%83%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D1%81%D0%BA%D0%B8%D0%B5+%D0%BF%D0%B5%D1%81%D0%BD%D0%B8;kgg=-1;kcr=cz;dc_dedup[2] not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\LOSN9LSD\main_11588;sz=300x250;mpvid=AAR6DrT-axl2ao-E;!c=11588;k2=516;ytexp=901802;k3=516;klg=cs;kvid=WLCV8yi92nA;kpu=MMAInsightVideo;kr=H;kt=K;ko=c;kpid=11588;kga=-1;kp=1;u=WLCV[1].htm not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\LOSN9LSD\music;sz=300x250;klg=cs;kt=K;kga=-1;kr=F;kw=%D1%87%D0%B5%D1%80%D0%B2%D0%BE%D0%BD%D0%B0+%D1%80%D1%83%D1%82%D0%B0+2009;kgg=-1;kcr=cz;dc_dedup=1;kmyd=ad_creative_1;tile=1;d[2] not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\G1IRW1Y3\DoBAgELjB-O40000ZhJ0dx84XPWD2vwUrmcHj4wCOmoJVNu2=eXuX8fK2cm5kGpA9hMK80PXsdAZwbYYQcsV8agFPImgTc0C2cGAWa5C7GNy4=SJOVufK2cm5kGpE9hnKV2fWedAZwbYYQfhuJ1fAWp309dQgiKWEP0g2GuWH[1] not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\FUKRBH0T\1zoqE8Cl-B840000Zh_Ldx84XPWD2vwUrmcHiDXCK0EJVNu2=eXuX8fK2cm5kGpA9hMK80PXsdAZwbYYQcsV8agFPImgTc0C2cGAWa5C7GNy4=SJOVufK2cm5kGpE9hnKV2fWedAZwbYYQfhuJ1fAWp309dQgiKWEP0g2GuWH[1] not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\EDDYZMXC\He9dkQ_w84G40000Zhz18x84XPER2fQjYqo8aR6Mom06atr_0W00=nisXrPK2cmHhK3i1ceiEagQ2TWb1UG80=OMPJcPK2cmDeJpe1ceiEagw2TWb1UG80=kCBrG9K2cm5kGucZ5CuJc7ISeA0l4PgDkPAkgiW9dQhDo0EP0g[1] not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\DPSYVZ59\main_11080;sz=480x70;mpvid=AAR6DrlQRjltCAQj;!c=11080;k2=516;ytexp=901802;k3=516;klg=cs;kvid=fBX-zVMfG6s;kpu=slowdive626;kr=H;kt=K;ko=y;kpid=11080;kga=-1;kp=1;u=fBX-zVMfG[1].asx not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\BJHLSQ6S\main_11080;sz=300x250;mpvid=AAR6DrlQRjltCAQj;!c=11080;k2=516;ytexp=901802;k3=516;klg=cs;kvid=fBX-zVMfG6s;kpu=slowdive626;kr=H;kt=K;ko=y;kpid=11080;kga=-1;kp=1;u=fBX-zVMf[1].htm not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\BJHLSQ6S\MJVKRYHsEsW40000ZhK8dh84XPER2fQb8-E0aRS_1z49atr_0W00=D7S_bPK2cmHhK3i1cesvagQ2TWb1UG80=azpDsPK2cmDeJpe1cesvagw2TWb1UG80=Yod8qvK2cm5kGucGtY-O4folZgW-cgKd306IgCzS0vsJJHgPLw[1] not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\BJHLSQ6S\RuFw917G_IS40000ZheWEx84XPER2f6oRBLN3vDzUW80=wyYq1fK2cmHhK3UQYJ6Ife9s2K5u0W00=BsROvvK2cm5kGucQGXcOI9AeaB88dPNG5u-qoGF019-kWKKTcJEWaDGmGNy4=EKswRPK2cm5kGpA9cp4sc5YIh10b19[1] not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\AYFR9KFJ\NETrE-VwOM040000ZheX9h84XPER2fQenbQ8aR2_TQW6atr_0W00=qaAQ8fK2cmHhK3i1cf3oDfAcWdO9GNe2=4K2hq9K2cmDeJpe1cf3oDfAkWdO9GNe2=NJ4OSPK2cm5kGucRD1sOI9oWe2yHcfD0BfAZWdmAdP5M-9a2e9[1] not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VRBAW9T\FFt0IJQW6Xq40000Zha-8x84XPER2fQdmk-7aRYXhNC7atr_0W00=1aGpHfK2cmHhK3i1cfxo0PAcWdO9GNe2=nKO2j9K2cmDeJpe1cfxo0PAkWdO9GNe2=kCBrG9K2cm5kGucZ5CuJc7ISeA0l4PgDkPAkgiW9dQhDo0EP0g[1] not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8RSB3V5F\default;sz=300x250;klg=cs;kt=K;kga=-1;kr=F;kw=%D1%87%D0%B5%D1%80%D0%B2%D0%BE%D0%BD%D0%B0+%D0%BA%D0%B0%D0%BB%D0%B8%D0%BD%D0%B0;kgg=-1;kcr=cz;dc_dedup=1;kmyd=ad_creative_1;t[2].4 not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8RSB3V5F\music;sz=300x250;klg=cs;kt=K;kga=-1;kr=F;kw=%D1%87%D0%B5%D1%80%D0%B2%D0%BE%D0%BD%D0%B0+%D1%80%D1%83%D1%82%D0%B0;kgg=-1;kcr=cz;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=[2] not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LEN0HEN\4i6ZHow_MBu40000Zhur8x84XPER2f6yO-7l0PDzUW80=JjR9NPK2cmHhK3i1ca6Ife9s2K5u0W00=AnP529K2cmDeJpe1ca6Ihe9s2K5u0W00=kCBrG9K2cm5kGucZ5CuJc7ISeA0l4PgDkPAkgiW9dQhDo0EP0g2G-HL1VW[1] not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LEN0HEN\5gpzOLdFMMi40000Zh3wPB84XOkzaRnPWL88atrv0W00=9eJExfK2cmHhK3i1ca6Ife9s2K5u0W00=GqH2kvK2cmDeJpe1ca6Ihe9s2K5u0W00=1NHsCPK2cm5kGucJ7CsO1voiK0XkcfTO0fAcBqe4dPk93va2e93zkq5z10[1] not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8H6BGXM7\main_11080;sz=480x70;mpvid=AAR6DraZPLrDKVJz;!c=11080;k2=516;ytexp=901802;k3=516;klg=cs;kvid=61oQi-6ERh0;kpu=slowdive626;kr=N;kt=K;ko=y;kpid=11080;kga=-1;u=61oQi-6ERh0_11[1].asx not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\2QM11TGE\0%BE%D0%B2%D0%BE%D1%81%D1%82%D0%B8%20%D0%9F%D0%B5%D1%80%D0%BC%D0%B8%20%D0%B8%20%D0%9F%D0%B5%D1%80%D0%BC%D1%81%D0%BA%D0%BE%D0%B3%D0%BE%20%D0%BA%D1%80%D0%B0%D1%8F%20-%20PR&wmode=1 not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\2QM11TGE\main_11588;sz=450x60;mpvid=AAR6DrT-axl2ao-E;!c=11588;k2=516;ytexp=901802;k3=516;klg=cs;kvid=WLCV8yi92nA;kpu=MMAInsightVideo;kr=H;kt=K;ko=c;kpid=11588;kga=-1;kp=1;u=WLCV8[1].asx not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\1WXPJDP7\0%2F%20%D0%9F%D0%B5%D1%80%D1%81%D0%BE%D0%BD%D0%B0%D0%BB%20%D0%A1%D0%B0%D1%8F%D0%BD%D0%BE-%D0%A8%D1%83%D1%88%D0%B5%D0%BD%D1%81%D0%BA%D0%BE%D0%B9%20%D0%93&site-info=%7B%7D&wmode=1 not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\1WXPJDP7\main_11588;sz=480x70;mpvid=AAR6DrT-axl2ao-E;!c=11588;k2=516;ytexp=901802;k3=516;klg=cs;kvid=WLCV8yi92nA;kpu=MMAInsightVideo;kr=H;kt=K;ko=c;kpid=11588;kga=-1;kp=1;u=WLCV8[1].asx not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\1WXPJDP7\QDvbEy_e_o040000ZhL-dh84XPER2fQcfgM8aRjibiqBatr_0W00=YiXujfK2cmHhK3i1cea9agQ2TWb1UG80=BMEA-fK2cmDeJpe1cea9agw2TWb1UG80=BwJQCfK2cm5kGucfTqa1c4YSgqoHs9g36fAf7NCAdQ4FGWIP1g[1] not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\1DTMF3PQ\GHqf9Bsq48G40000ZhVAdx84XPWD2vwUrmcMgi_TZP6y0vt31vDzUmC0=bzk4afK2cm5kGpA9eOSc1vX2dAM_Y_6QbdOOaglav06TfPTv0fbNe90-IK5u1G00=VKm1u9K2cm5kGpE9fNFS1PW7agNwf0MTf5Ku0e-omavg2P-[1] not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\1DTMF3PQ\main_11080;sz=450x60;mpvid=AAR6DrlQRjltCAQj;!c=11080;k2=516;ytexp=901802;k3=516;klg=cs;kvid=fBX-zVMfG6s;kpu=slowdive626;kr=H;kt=K;ko=y;kpid=11080;kga=-1;kp=1;u=fBX-zVMfG[1].asx not found!
C:\WINDOWS\temp\Perflib_Perfdata_614.dat moved successfully.

Registry entries deleted on Reboot...

[max.ua]

V novzovem režimu mi to hodilo chybu.a pak se objevilo okenko:
drwtsn32.exe - Vstupní bod nebyl nalezen
"Vstupní bod procedury SymSetSymWithAddr64 se nepodařilo v dynamicky propojované knihovně DBGHELP.dll nelézt."

[max.ua]

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3657
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

29.1.2010 15:49:59
mbam-log-2010-01-29 (15-49-53).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 250905
Uplynulý čas: 50 minute(s), 48 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 7
Infikované hodnoty registru: 1
Infikované datové položky registru: 3
Infikované adresáře: 1
Infikované soubory: 18

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fffc57db-1de3-4303-b24d-cee6dcdd3d86} (Adware.MyCentria) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (c:\windows\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> No action taken.

Infikované adresáře:
C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.

Infikované soubory:
C:\Documents and Settings\Administrator\itsManyOn.exe (Malware.Packer.Gen) -> No action taken.
C:\SDFix\dummy.sys (Malware.Trace) -> No action taken.
C:\SDFix\apps\dummy.sys (Malware.Trace) -> No action taken.
D:\Max\programy\Alkohol\Alcohol 120% v1.9.5.3105 Retail + Offline KeyGen\keygen.exe (Spyware.OnlineGames) -> No action taken.
D:\System Volume Information\_restore{09048A1B-0EBD-481B-853C-5334E132AA4B}\RP29\A0008964.dll (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user(2)(2).ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user(3)(2).ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user(4)(2).ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user(5)(2).ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user(6)(2).ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user(7)(2).ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user(8)(2).ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user(9)(2).ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> No action taken.
C:\WINDOWS\system\svchost.exe (Backdoor.Bot) -> No action taken.

[max.ua]

Myslim, že ten program mi někdo doporučil tady na foru ale to už je rok zpatky
Nicmeně po odstranění souboru mi naskočilo okno s tím, že některé soubory nejdou vymazat:(...mám to ignorovat a restartovat?

[max.ua]

Restartovano.

[max.ua]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-01-29 16:26:53
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 4 GB (14%) free of 30 GB
Total RAM: 2047 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:27:01, on 29.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
D:\Max\programy\uTorrent\utorrent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
D:\RSIT.exe
D:\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [uTorrent] "D:\Max\programy\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 10528 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\AWC AutoSweep.job
C:\WINDOWS\tasks\AWC Update.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-01-12 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-31 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-01-12 520192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-03 16876032]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-08-06 61440]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"Pinnacle WebUpdater"=C:\Program Files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe [2006-06-08 385024]
"PMCRemote"=C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe [2006-06-08 90112]
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2005-10-28 335872]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-31 149280]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"PMCS"=C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe [2006-06-08 65536]
"uTorrent"=D:\Max\programy\uTorrent\utorrent.exe [2009-03-21 270128]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"OEXPRESS"=C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE [2009-01-12 26624]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2009-01-09 2262352]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Hlavní panel ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
Rychlé spuštění aplikace HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-04 46080]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=
"NoFolderOptions"=
"NoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSInstallInit.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMC.exe"="C:\Program Files\Pinnacle\MediaCenter\PMC.exe:LocalSubNet:Enabled:Pmc.exe"
"C:\Program Files\Pinnacle\MediaCenter\PSST.exe"="C:\Program Files\Pinnacle\MediaCenter\PSST.exe:LocalSubNet:Enabled:PSST.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe"="C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:LocalSubNet:Enabled:PMSManager.exe"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Mail.Ru\Agent\magent.exe"="C:\Program Files\Mail.Ru\Agent\magent.exe:*:Disabled:Mail.Ru ?????"
"D:\Hry\Worms 2\frontend.exe"="D:\Hry\Worms 2\frontend.exe:*:Disabled:Worms 2 Frontend"
"D:\Hry\Cossacks II\GSC Game World\Cossacks II\Data\ENGINE.EXE"="D:\Hry\Cossacks II\GSC Game World\Cossacks II\Data\ENGINE.EXE:*:Enabled:Cossacks 2: Napoleonic Wars"
"D:\Max\programy\uTorrent\utorrent.exe"="D:\Max\programy\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\Hry\Assasins creed\AssassinsCreed_Dx9.exe"="D:\Hry\Assasins creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"D:\Hry\Assasins creed\AssassinsCreed_Dx10.exe"="D:\Hry\Assasins creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"D:\Hry\Assasins creed\AssassinsCreed_Launcher.exe"="D:\Hry\Assasins creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:LocalSubNet:Disabled:PMCService"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc54b686-680c-11de-b487-0021856ea19f}]
shell\AutoRun\command - F:\autorun.exe


======List of files/folders created in the last 1 months======

2010-01-29 16:16:07 ----D---- C:\Avenger
2010-01-29 14:43:18 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2010-01-29 14:43:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-01-29 14:43:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-29 13:57:14 ----D---- C:\_OTL
2010-01-29 12:03:24 ----D---- C:\rsit
2010-01-27 17:39:55 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-10 10:58:50 ----D---- C:\Program Files\Common Files\Skype
2010-01-10 10:58:43 ----RD---- C:\Program Files\Skype

======List of files/folders modified in the last 1 months======

2010-01-29 16:27:01 ----D---- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2010-01-29 16:19:08 ----D---- C:\Program Files\Mozilla Firefox
2010-01-29 16:18:26 ----D---- C:\WINDOWS\Prefetch
2010-01-29 16:18:19 ----D---- C:\WINDOWS\Temp
2010-01-29 16:17:55 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-29 16:17:45 ----D---- C:\WINDOWS
2010-01-29 16:17:25 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2010-01-29 16:16:58 ----A---- C:\checkrun.txt
2010-01-29 16:16:16 ----D---- C:\WINDOWS\system32
2010-01-29 16:16:07 ----D---- C:\WINDOWS\WinSxS
2010-01-29 16:16:07 ----D---- C:\WINDOWS\system32\drivers
2010-01-29 16:15:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-29 16:00:18 ----D---- C:\Documents and Settings\Administrator\Data aplikací\skypePM
2010-01-29 15:55:18 ----D---- C:\SDFix
2010-01-29 14:43:12 ----RD---- C:\Program Files
2010-01-29 14:27:40 ----SHD---- C:\WINDOWS\CSC
2010-01-29 12:01:33 ----D---- C:\WINDOWS\system32\config
2010-01-29 11:30:32 ----D---- C:\Program Files\Common Files
2010-01-29 11:30:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee
2010-01-29 11:25:15 ----D---- C:\Documents and Settings\Administrator\Data aplikací\AVGTOOLBAR
2010-01-29 11:08:59 ----D---- C:\Documents and Settings\Administrator\Data aplikací\ICQ
2010-01-29 11:05:25 ----SD---- C:\WINDOWS\Tasks
2010-01-27 17:41:55 ----D---- C:\WINDOWS\system
2010-01-25 19:16:52 ----D---- C:\Program Files\Video Convert Master
2010-01-22 15:24:24 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-17 17:33:47 ----A---- C:\WINDOWS\hdkctnts.ini
2010-01-16 20:56:46 ----SHD---- C:\WINDOWS\Installer
2010-01-16 20:47:26 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-11 22:48:29 ----A---- C:\WINDOWS\TRNCOM.INI
2010-01-10 10:58:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-01-02 21:49:14 ----D---- C:\Program Files\Windows Media Player

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-01-16 271360]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-01-16 18048]
R3 3xHybrid;Pinnacle PCTV 110i service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-09-01 827008]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2005-05-26 11264]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-03 4745216]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-12-06 47360]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S2 dsgbkrmbyfjhm;dsgbkrmbyfjhm; \??\C:\WINDOWS\system32\drivers\evggdv.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-01-20 10345]
S3 iMSPQMn;iMSPQMn; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iMSPQMn.sys []
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSICPL;MSICPL; \??\E:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sfc;sfc; C:\WINDOWS\system32\drivers\sfc.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-31 153376]
R2 MSSQL$PINNACLESYS;MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [2005-05-04 9150464]
R2 PinnacleSys.MediaServer;Pinnacle Systems Media Service; c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe [2006-01-19 49152]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-08-05 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$PINNACLESYS;SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [2005-05-03 323584]

-----------------EOF-----------------

[max.ua]

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 664
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 712
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 740
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 784
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 804
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ati2evxx.exe
PID: 972
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 988
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1064
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1164
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1256
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1360
Hidden: No
Window Visible: No

Name: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PID: 1488
Hidden: No
Window Visible: No

Name: C:\Program Files\Alwil Software\Avast4\ashServ.exe
PID: 1552
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ati2evxx.exe
PID: 1700
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 1808
Hidden: No
Window Visible: No

Name: C:\WINDOWS\RTHDCPL.exe
PID: 1860
Hidden: No
Window Visible: No

Name: C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PID: 1876
Hidden: No
Window Visible: No

Name: C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PID: 1884
Hidden: No
Window Visible: No

Name: C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
PID: 1944
Hidden: No
Window Visible: No

Name: C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PID: 1960
Hidden: No
Window Visible: No

Name: C:\Program Files\Picasa2\PicasaMediaDetector.exe
PID: 1968
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 2012
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
PID: 2020
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 268
Hidden: No
Window Visible: No

Name: C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
PID: 276
Hidden: No
Window Visible: No

Name: D:\Max\programy\uTorrent\utorrent.exe
PID: 336
Hidden: No
Window Visible: No

Name: C:\Program Files\Messenger\msmsgs.exe
PID: 356
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
PID: 364
Hidden: No
Window Visible: No

Name: C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PID: 384
Hidden: No
Window Visible: No

Name: C:\Program Files\ICQ6.5\ICQ.exe
PID: 464
Hidden: No
Window Visible: Yes

Name: C:\Program Files\Skype\Phone\Skype.exe
PID: 480
Hidden: No
Window Visible: No

Name: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PID: 332
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1688
Hidden: No
Window Visible: No

Name: C:\Program Files\Skype\Plugin Manager\skypePM.exe
PID: 2468
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 2604
Hidden: No
Window Visible: No

Name: C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
PID: 2652
Hidden: No
Window Visible: No

Name: C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PID: 2872
Hidden: No
Window Visible: No

Name: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PID: 2912
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wdfmgr.exe
PID: 2960
Hidden: No
Window Visible: No

Name: C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
PID: 3236
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 3528
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wscntfy.exe
PID: 3704
Hidden: No
Window Visible: No

Name: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PID: 3988
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 2752
Hidden: No
Window Visible: No

Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 2168
Hidden: No
Window Visible: No

Name: C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
PID: 532
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\notepad.exe
PID: 3268
Hidden: No
Window Visible: Yes

Name: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PID: 3788
Hidden: No
Window Visible: Yes

Name: C:\Documents and Settings\Administrator\Plocha\SysProt\SysProt.exe
PID: 1312
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Administrator\Plocha\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A2D3D000
Module End: A2D48000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E2000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E2000
Module End: 80702D00
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: BADA8000
Module End: BADAA000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: BACB8000
Module End: BACBB000
Hidden: No

Module Name: ygvujsr.sys
Service Name: sr
Module Base: BA8A8000
Module End: BA8B6000
Hidden: Yes

Module Name: spaf.sys
Service Name: ---
Module Base: BA6A7000
Module End: BA7A7000
Hidden: Yes

Module Name: \WINDOWS\System32\Drivers\WMILIB.SYS
Service Name: ---
Module Base: BADAA000
Module End: BADAC000
Hidden: No

Module Name: \WINDOWS\System32\Drivers\SCSIPORT.SYS
Service Name: ---
Module Base: BA68F000
Module End: BA6A7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Vax347b.sys
Service Name: Vax347b
Module Base: BA668000
Module End: BA68F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: BA63A000
Module End: BA668000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: BA629000
Module End: BA63A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: BA8B8000
Module End: BA8C1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: BAE70000
Module End: BAE71000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: BAB28000
Module End: BAB2F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: BA8C8000
Module End: BA8D3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: BA60A000
Module End: BA629000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmload.sys
Service Name: dmload
Module Base: BADAC000
Module End: BADAE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: BA5E4000
Module End: BA60A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: BAB30000
Module End: BAB35000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sfsync02.sys
Service Name: sfsync02
Module Base: BAB38000
Module End: BAB3E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: BA8D8000
Module End: BA8E5000
Hidden: No

Module Name:
Service Name: ---
Module Base: BA5CC000
Module End: BA5E4000
Hidden: Yes

Module Name: C:\WINDOWS\system32\drivers\Vax347s.sys
Service Name: Vax347s
Module Base: BADAE000
Module End: BADB0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: BA8E8000
Module End: BA8F1000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: BA8F8000
Module End: BA905000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltMgr.sys
Service Name: FltMgr
Module Base: BA5AD000
Module End: BA5CC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: ---
Module Base: BA59B000
Module End: BA5AD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: BAB40000
Module End: BAB45000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: BA584000
Module End: BA59B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: BA4F7000
Module End: BA584000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: BA4CA000
Module End: BA4F7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sfhlp02.sys
Service Name: sfhlp02
Module Base: BAB48000
Module End: BAB50000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sfdrv01.sys
Service Name: sfdrv01
Module Base: BA4B9000
Module End: BA4CA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: BA49E000
Module End: BA4B9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\AmdK8.sys
Service Name: AmdK8
Module Base: BAAB8000
Module End: BAAC8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\fdc.sys
Service Name: Fdc
Module Base: BAC98000
Module End: BAC9F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: BAAC8000
Module End: BAAD5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: BACA0000
Module End: BACA6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: BACA8000
Module End: BACAD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: B986A000
Module End: B988D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: BACB0000
Module End: BACB7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: B9845000
Module End: B986A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
Service Name: 3xHybrid
Module Base: B977B000
Module End: B9845000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: B9758000
Module End: B977B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\BdaSup.SYS
Service Name: ---
Module Base: BAD8C000
Module End: BAD8F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: BAAF8000
Module End: BAB03000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\ASAPIW2K.sys
Service Name: ASAPIW2K
Module Base: BAB58000
Module End: BAB60000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: BAB08000
Module End: BAB15000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: BAB18000
Module End: BAB27000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
Service Name: RTLE8023xp
Module Base: B973E000
Module End: B9758000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Service Name: ati2mtag
Module Base: B95F9000
Module End: B973E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: B95E5000
Module End: B95F9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: BAFA2000
Module End: BAFA3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: BA928000
Module End: BA935000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: BAD94000
Module End: BAD97000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: B95CE000
Module End: B95E5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: BA938000
Module End: BA943000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: BA948000
Module End: BA954000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: BAB60000
Module End: BAB65000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: B95BD000
Module End: B95CE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: BA958000
Module End: BA961000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: BAB98000
Module End: BAB9D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: BABA0000
Module End: BABA5000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Pcouffin.sys
Service Name: Pcouffin
Module Base: BA968000
Module End: BA974000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: B958C000
Module End: B95BD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: BA978000
Module End: BA982000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: BABA8000
Module End: BABAE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: BAE18000
Module End: BAE1A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: B9558000
Module End: B958C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: BA472000
Module End: BA476000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: BA988000
Module End: BA992000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: BA9D8000
Module End: BA9E7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: BAE28000
Module End: BAE2A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Service Name: IntcAzAudAddService
Module Base: A779C000
Module End: A7C4C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: A7729000
Module End: A774B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: BA9A8000
Module End: BA9B7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Service Name: Flpydisk
Module Base: A7620000
Module End: A7625000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: hidusb
Module Base: A2EB5000
Module End: A2EB8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: A54E3000
Module End: A54EC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: A2E7F000
Module End: A2E86000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: A4A09000
Module End: A4A0B000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: A2DAB000
Module End: A2DAC000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: A2E6F000
Module End: A2E75000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: A4A05000
Module End: A4A07000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: A4A03000
Module End: A4A05000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: A2E67000
Module End: A2E6F000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: A2E5F000
Module End: A2E64000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: A2E57000
Module End: A2E5F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: A2EA9000
Module End: A2EAC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: A2B72000
Module End: A2B85000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: A2B1A000
Module End: A2B72000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswTdi.SYS
Service Name: aswTdi
Module Base: A54D3000
Module End: A54DD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: A2AD8000
Module End: A2AF9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: B98DD000
Module End: B98E6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: A2AB0000
Module End: A2AD8000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: A2A8E000
Module End: A2AB0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: A4D56000
Module End: A4D5F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: A2A62000
Module End: A2A8E000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\pclepci.sys
Service Name: PCLEPCI
Module Base: A2DFF000
Module End: A2E03000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: A29F3000
Module End: A2A62000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: A2D6D000
Module End: A2D76000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: A2DEB000
Module End: A2DEE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: 9E67C000
Module End: 9E680000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
Service Name: aswSP
Module Base: 9C60D000
Module End: 9C62E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Aavmker4.SYS
Service Name: Aavmker4
Module Base: 9DAE4000
Module End: 9DAE9000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: 9D9BB000
Module End: 9D9CB000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: 9DABC000
Module End: 9DAC1000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: 9D1EA000
Module End: 9D1ED000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: A8018000
Module End: A8019000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
Service Name: aswFsBlk
Module Base: 9DAA4000
Module End: 9DAAC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: A76AC000
Module End: A76B0000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswMon2.SYS
Service Name: aswMon2
Module Base: 9A5F7000
Module End: 9A60D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MSPQM.sys
Service Name: MSPQM
Module Base: BADF4000
Module End: BADF6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: 9A222000
Module End: 9A237000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: A7141000
Module End: A7150000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\atksgt.sys
Service Name: atksgt
Module Base: 99E74000
Module End: 99EB7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\lirsgt.sys
Service Name: lirsgt
Module Base: 9CF68000
Module End: 9CF6D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: 99E21000
Module End: 99E74000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Service Name: Secdrv
Module Base: 99CC2000
Module End: 99CEA000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: 996F2000
Module End: 99733000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswRdr.SYS
Service Name: aswRdr
Module Base: 99CA6000
Module End: 99CAA000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
Service Name: MBAMSwissArmy
Module Base: A7668000
Module End: A7670000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwClose
Address: 9C6156B8
Driver Base: 9C60D000
Driver End: 9C62E000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwCreateKey
Address: 9C615574
Driver Base: 9C60D000
Driver End: 9C62E000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwCreatePagingFile
Address: BA669C70
Driver Base: BA668000
Driver End: BA68F000
Driver Name: Vax347b.sys

Function Name: ZwDeleteValueKey
Address: 9C615A52
Driver Base: 9C60D000
Driver End: 9C62E000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwDuplicateObject
Address: 9C61514C
Driver Base: 9C60D000
Driver End: 9C62E000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwEnumerateKey
Address: BA66A4FE
Driver Base: BA668000
Driver End: BA68F000
Driver Name: Vax347b.sys

Function Name: ZwEnumerateValueKey
Address: BA675D50
Driver Base: BA668000
Driver End: BA68F000
Driver Name: Vax347b.sys

Function Name: ZwOpenKey
Address: 9C61564E
Driver Base: 9C60D000
Driver End: 9C62E000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwOpenProcess
Address: 9C61508C
Driver Base: 9C60D000
Driver End: 9C62E000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwOpenThread
Address: 9C6150F0
Driver Base: 9C60D000
Driver End: 9C62E000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwQueryKey
Address: BA66A51E
Driver Base: BA668000
Driver End: BA68F000
Driver Name: Vax347b.sys

Function Name: ZwQueryValueKey
Address: 9C61576E
Driver Base: 9C60D000
Driver End: 9C62E000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwRestoreKey
Address: 9C61572E
Driver Base: 9C60D000
Driver End: 9C62E000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwSetSystemPowerState
Address: BA6754F0
Driver Base: BA668000
Driver End: BA68F000
Driver Name: Vax347b.sys

Function Name: ZwSetValueKey
Address: 9C6158AE
Driver Base: 9C60D000
Driver End: 9C62E000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module:
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_READ
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_WRITE
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_SET_EA
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_POWER
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: 8A1CD290
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A5CD1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A5CD1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8A5CD1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8A5CD1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8A5CD1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A5CD1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A5CD1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8A5CD1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A5CD1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A5CD1F8
Hooking Module: _unknown_

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLOSE
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_READ
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_WRITE
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_EA
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLEANUP
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_POWER
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: BA6A8000
Hooking Module: spaf.sys

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A24E1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A24E1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A24E1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A24E1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A24E1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A24E1F8
Hooking Module: _unknown_

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_CREATE
Jump To: BA6EBB1C
Hooking Module: spaf.sys

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: BA6EBB1C
Hooking Module: spaf.sys

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_CLOSE
Jump To: BA6EBB1C
Hooking Module: spaf.sys

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_READ
Jump To: BA6EBB1C
Hooking Module: spaf.sys

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_WRITE
Jump To: BA6EBB1C
Hooking Module: spaf.sys

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: BA6EBB1C
Hooking Module: spaf.sys

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: BA6EBB1C
Hooking Module: spaf.sys

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: BA6EBB1C
Hooking Module: spaf.sys

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_SET_EA
Jump To: BA6EBB1C
Hooking Module: spaf.sys

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: BA6EBB1C
Hooking Module: spaf.sys

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: BA6EBB1C
Hooking Module: spaf.sys

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: BA6EBB1C
Hooking Module: spaf.sys

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: BA6EBB1C
Hooking Module: spaf.sys

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: BA6EBB1C
Hooking Module: spaf.sys

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: BA6EBB1C
Hooking Module: spaf.sys

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: BA6EBB1C
Hooking Module: spaf.sys

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: BA6EBB1C
Hooking Module: spaf.sys

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: BA6EBB1C
Hooking Module: spaf.sys

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_CLEANUP
Jump To: BA6EBB1C
Hooking Module: spaf.sys

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: BA6EBB1C
Hooking Module: spaf.sys

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: BA6EBB1C
Hooking Module: spaf.sys

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: BA6EBB1C
Hooking Module: spaf.sys

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_POWER
Jump To: BA6AFE1C
Hooking Module: spaf.sys

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: BA6C4514
Hooking Module: spaf.sys

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: BA6EBB1C
Hooking Module: spaf.sys

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: BA6EBB1C
Hooking Module: spaf.sys

Hooked Module: \Driver\PCI_PNP6622
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: BA6EBB1C
Hooking Module: spaf.sys

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A55D1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8A55D1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8A55D1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8A55D1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A55D1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A55D1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8A55D1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8A55D1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A55D1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A55D1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_SET_EA
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\Vax347s.sys
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: 8A16BD08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A185500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A185500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A185500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A185500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8A185500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SET_EA
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: 8A1CF298
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A2491F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A2491F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A2491F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A2491F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A2491F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A2491F8
Hooking Module: _unknown_

******************************************************************************************
******************************************************************************************
Ports:
Local Address: MAX:1208
Remote Address: HB-IN-F138.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: MAX:1205
Remote Address: 209.17.69.20:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: MAX:1033
Remote Address: R6CU132.NET.UPC.CZ:28580
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: ESTABLISHED

Local Address: MAX:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: MAX:26000
Remote Address: LOCALHOST:1061
Type: TCP
Process: C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
State: ESTABLISHED

Local Address: MAX:12143
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: MAX:12119
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: MAX:12110
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: MAX:12025
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: MAX:5152
Remote Address: LOCALHOST:1064
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT

Local Address: MAX:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: MAX:1066
Remote Address: LOCALHOST:1065
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: MAX:1065
Remote Address: LOCALHOST:1066
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: MAX:1063
Remote Address: LOCALHOST:1062
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: MAX:1062
Remote Address: LOCALHOST:1063
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: MAX:1061
Remote Address: LOCALHOST:26000
Type: TCP
Process: C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
State: ESTABLISHED

Local Address: MAX:1052
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: MAX:1025
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
State: LISTENING

Local Address: MAX:56105
Remote Address: 0.0.0.0:0
Type: TCP
Process: D:\Max\programy\uTorrent\utorrent.exe
State: LISTENING

Local Address: MAX:27108
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: LISTENING

Local Address: MAX:26000
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
State: LISTENING

Local Address: MAX:3261
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
State: LISTENING

Local Address: MAX:3260
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
State: LISTENING

Local Address: MAX:MS-SQL-S
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
State: LISTENING

Local Address: MAX:1060
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
State: LISTENING

Local Address: MAX:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: MAX:HTTPS
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: LISTENING

Local Address: MAX:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: MAX:HTTP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: LISTENING

Local Address: MAX:1900
Remote Address: NA
Type: UDP
Process: D:\Max\programy\uTorrent\utorrent.exe
State: NA

Local Address: MAX:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: MAX:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: MAX:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: MAX:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: MAX:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: MAX:1032
Remote Address: NA
Type: UDP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: NA

Local Address: MAX:1031
Remote Address: NA
Type: UDP
Process: C:\Program Files\ICQ6.5\ICQ.exe
State: NA

Local Address: MAX:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: MAX:56105
Remote Address: NA
Type: UDP
Process: D:\Max\programy\uTorrent\utorrent.exe
State: NA

Local Address: MAX:27108
Remote Address: NA
Type: UDP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: NA

Local Address: MAX:MS-SQL-M
Remote Address: NA
Type: UDP
Process: C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
State: NA

Local Address: MAX:1088
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: MAX:1067
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: MAX:1027
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: MAX:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: MAX:HTTPS
Remote Address: NA
Type: UDP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{DE1C2D00-37FE-4033-A872-EC96583209A5}
Status: Access denied

[max.ua]

Tak ahoj.A díky za spolupraci

[max.ua]

Ahoj,
no ještě včera večer mi našel asi 2 trojany ale už si nepamatuji kde přesně byly.Zkusim to spustit ještě jednou.