antimalware doctor

Zpráva

kolarz · #1 Příspěvek od **kolarz** » 19 črc 2010 18:34

ahoj ,

mohol by mi niekto pomoct odstranit program "antimalware doctor". skusal som ccl cleaner aj uninstal cez control pannell a aj v safe mode. nejde to a ta kurva sa furt objavi na obrazovke ked ju skusam odinstalovat. same sa vyhadzuju okna ze si ju mam objednat. dakujem

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:30:52 PM, on 7/19/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\WINDOWS\PixArt\Pac207\Monitor.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\chocholousek\AppData\Roaming\AA6520D34D37A1D93E6CE3B6A01B4E8F\070700Setup.exe
C:\Program Files (x86)\IOI\ButtonMonitor.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\chocholousek\Desktop\chocholousek.exe
C:\Users\chocholousek\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html ... P&M=GT5694
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... P&M=GT5694
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html ... P&M=GT5694
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ButtonMonitor] C:\Program Files (x86)\IOI\ButtonMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [EPSON WorkForce 310 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFHA.EXE /FU "C:\Windows\TEMP\E_S35AF.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [070700Setup.exe] C:\Users\chocholousek\AppData\Roaming\AA6520D34D37A1D93E6CE3B6A01B4E8F\070700Setup.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files (x86)\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6. ... ontrol.CAB
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12323 bytes

#2 Příspěvek od **eda** » 19 črc 2010 18:45

Ahooooooooj!

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

kolarz · #3 Příspěvek od **kolarz** » 19 črc 2010 18:55

stiahol som a dal bezat ako admin a vyhodilo hlasku error win32 only. incompatible os. ze len s xp a 2000.

#4 Příspěvek od **eda** » 19 črc 2010 18:57

No, co už.

Klikněte na MBAM v mém podpise, proveďte scan (zatím stačí rychlý) a zkopírujte sem log.

kolarz · #5 Příspěvek od **kolarz** » 19 črc 2010 19:18

som skusal fcera uz mbam. som spravil aj teraz mbam a asi ho uz vymazalo. som ho(antimalware doctor) skusal hladat v unninstal a uz tam neni. asi je fuc. posielam log zo fcera a dneska.

mbam zo fcerajska:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

7/18/2010 11:35:00 PM
mbam-log-2010-07-18 (23-35-00).txt

Typ skenu: Rychlý sken
Skenované objekty: 118974
Uplynulý èas: 7 minuta(y), 37 sekunda(y)

Infikované procesy v pamìti: 0
Infikované moduly v pamìti: 0
Infikované klíèe registru: 4
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 4

Infikované procesy v pamìti:
(Žádné škodlivé položky nebyly zjištìny)

Infikované moduly v pamìti:
(Žádné škodlivé položky nebyly zjištìny)

Infikované klíèe registru:
HKEY_CLASSES_ROOT\CLSID\{fe5b2d9d-91b0-b04b-ac20-14a260769687} (Adware.ColorSoft) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištìny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištìny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištìny)

Infikované soubory:
C:\Users\chocholousek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\chocholousek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\chocholousek\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\chocholousek\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

tu je mbam sken s tedka:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

7/19/2010 2:08:02 PM
mbam-log-2010-07-19 (14-08-02).txt

Typ skenu: Rychlý sken
Skenované objekty: 119348
Uplynulý èas: 5 minuta(y), 45 sekunda(y)

Infikované procesy v pamìti: 0
Infikované moduly v pamìti: 0
Infikované klíèe registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v pamìti:
(Žádné škodlivé položky nebyly zjištìny)

Infikované moduly v pamìti:
(Žádné škodlivé položky nebyly zjištìny)

Infikované klíèe registru:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištìny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištìny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištìny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištìny)

#6 Příspěvek od **eda** » 19 črc 2010 19:41

pokud jste tak neučinil, restartujte počítač a vložte mi sem log z RSIT:

http://www.viry.cz/forum/viewtopic.php?f=24&t=81939

Ještě to radši omrkneme důkladněji.

kolarz · #7 Příspěvek od **kolarz** » 19 črc 2010 19:45

dal som restart. hned prve sa mi objavilo okno s antimalware doctor. som pozrel na unninstal a zas je tam. tu je rsit log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by chocholousek at 2010-07-19 14:43:47
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 397 GB (67%) free of 595 GB
Total RAM: 3838 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:43:54 PM, on 7/19/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\WINDOWS\PixArt\Pac207\Monitor.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\chocholousek\AppData\Roaming\AA6520D34D37A1D93E6CE3B6A01B4E8F\070700Setup.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files (x86)\IOI\ButtonMonitor.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\chocholousek.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html ... P&M=GT5694
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... P&M=GT5694
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html ... P&M=GT5694
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ButtonMonitor] C:\Program Files (x86)\IOI\ButtonMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [EPSON WorkForce 310 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFHA.EXE /FU "C:\Windows\TEMP\E_S35AF.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [070700Setup.exe] C:\Users\chocholousek\AppData\Roaming\AA6520D34D37A1D93E6CE3B6A01B4E8F\070700Setup.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files (x86)\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6. ... ontrol.CAB
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12691 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
Ati2evxx.exe -Client
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
"C:\Program Files\Alwil Software\Avast4\ashServ.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\System32\spoolsv.exe
taskeng.exe {5F34292E-65A9-4AFE-8FD3-49FF7AFDCF5A}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Windows Defender\MSASCui.exe" -hide
taskeng.exe {0177DE92-1986-4B9C-856D-3F3B42A16532}
"C:\WINDOWS\RAVCpl64.exe"
"C:\WINDOWS\PixArt\Pac207\Monitor.exe"
"C:\WINDOWS\ehome\ehtray.exe"
"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
taskeng.exe {A8E45023-BED0-4CFC-ACAB-34D1CAA9BBBA}
"C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
C:\Windows\ehome\ehmsas.exe -Embedding
"C:\Users\chocholousek\AppData\Roaming\AA6520D34D37A1D93E6CE3B6A01B4E8F\070700Setup.exe"
"C:\Program Files\BigFix\bigfix.exe" /atstartup
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\IOI\ButtonMonitor.exe"
"C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
"C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
"C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe"
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
"C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
"C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.exe" -quickstart
"C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.exe" -quickstart
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\DRIVERS\xaudio64.exe
"C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe"
"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
explorer.exe
"C:\Program Files (x86)\iPod\bin\iPodService.exe"
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3120 CREDAT:79873
"C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe"
"C:\Program Files\Windows Media Player\wmpnscfg.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
ArcCon.ac 262972
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3120 CREDAT:79876
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_s-1-5-21-629790340-2203984787-2984424807-10003_ Global\UsGthrCtrlFltPipeMssGthrPipe_s-1-5-21-629790340-2203984787-2984424807-10003 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 636 640 648 65536 644
"C:\Windows\system32\wuauclt.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
wmiadap.exe /F /T /R
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\chocholousek\Desktop\RSITx64.exe"
"C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe" -Embedding

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-07-13 371888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll [2010-05-25 322104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll [2010-03-23 940856]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-06-13 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-13 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-05-25 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2010-03-23 160056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-07-13 371888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll [2010-03-23 940856]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-13 278192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1584184]
"RtHDVCpl"=C:\Windows\RAVCpl64.exe [2008-03-16 5453824]
"Skytel"=C:\Windows\Skytel.exe [2008-03-16 1826816]
"Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 138240]
"TomTomHOME.exe"=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2009-04-24 251240]
"EPSON WorkForce 310 Series"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFHA.EXE [2008-11-17 223232]
"Power2GoExpress"=C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2006-11-23 2469888]
"Skype"=C:\Program Files (x86)\Skype\\Phone\Skype.exe [2010-03-09 26100520]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-04-28 39408]
"070700Setup.exe"=C:\User [2008-09-30 2]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"ButtonMonitor"=C:\Program Files (x86)\IOI\ButtonMonitor.exe [2008-03-16 53248]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-24 81000]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-10-03 39792]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2009-07-13 292128]
"EEventManager"=C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [2009-01-12 669520]
"FUFAXSTM"=C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [2009-02-06 843776]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]
"ArcSoft Connection Service"=C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2007-07-03 64000]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"TkBellExe"=C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [2010-06-13 202256]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe

C:\Users\chocholousek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 2.4.lnk - C:\Program Files (x86)\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-07-19 14:43:47 ----D---- C:\Program Files\trend micro
2010-07-19 13:56:41 ----D---- C:\32788R22FWJFW
2010-07-19 13:24:55 ----SHD---- C:\Windows\system32\%APPDATA%
2010-07-19 13:05:00 ----A---- C:\Windows\ntbtlog.txt
2010-07-18 23:18:53 ----D---- C:\Users\chocholousek\AppData\Roaming\AA6520D34D37A1D93E6CE3B6A01B4E8F
2010-07-12 20:16:48 ----D---- C:\Users\chocholousek\AppData\Roaming\Media Player Classic
2010-07-12 20:15:53 ----A---- C:\Windows\SYSWOW64\unrar.dll
2010-07-12 20:15:53 ----A---- C:\Windows\avisplitter.ini
2010-07-12 20:15:50 ----A---- C:\Windows\SYSWOW64\yv12vfw.dll
2010-07-12 20:15:49 ----A---- C:\Windows\SYSWOW64\xvidvfw.dll
2010-07-12 20:15:49 ----A---- C:\Windows\SYSWOW64\xvidcore.dll
2010-07-12 20:15:48 ----A---- C:\Windows\SYSWOW64\ff_vfw.dll.manifest
2010-07-12 20:15:48 ----A---- C:\Windows\SYSWOW64\ff_vfw.dll
2010-07-12 20:15:44 ----D---- C:\Program Files (x86)\K-Lite Codec Pack
2010-07-08 21:43:26 ----D---- C:\Program Files (x86)\Nero
2010-06-24 03:03:11 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2010-06-24 03:03:11 ----A---- C:\Windows\system32\psisdecd.dll
2010-06-24 03:03:07 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2010-06-24 03:03:06 ----A---- C:\Windows\system32\EncDec.dll
2010-06-24 03:02:59 ----A---- C:\Windows\SYSWOW64\PresentationHostProxy.dll
2010-06-24 03:02:59 ----A---- C:\Windows\SYSWOW64\PresentationHost.exe
2010-06-24 03:02:58 ----A---- C:\Windows\SYSWOW64\netfxperf.dll
2010-06-24 03:02:58 ----A---- C:\Windows\SYSWOW64\mscoree.dll
2010-06-24 03:02:58 ----A---- C:\Windows\SYSWOW64\dfshim.dll
2010-06-24 03:02:58 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-06-24 03:02:58 ----A---- C:\Windows\system32\PresentationHost.exe
2010-06-24 03:02:58 ----A---- C:\Windows\system32\mscoree.dll
2010-06-24 03:02:57 ----A---- C:\Windows\system32\netfxperf.dll
2010-06-24 03:02:57 ----A---- C:\Windows\system32\dfshim.dll
2010-06-23 18:07:43 ----A---- C:\Windows\SYSWOW64\Apphlpdm.dll
2010-06-23 18:07:41 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-06-23 18:07:40 ----A---- C:\Windows\SYSWOW64\GameUXLegacyGDFs.dll
2010-06-23 18:07:39 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll

======List of files/folders modified in the last 1 months======

2010-07-19 14:43:53 ----D---- C:\Windows\Temp
2010-07-19 14:43:47 ----RD---- C:\Program Files
2010-07-19 14:39:46 ----D---- C:\Users\chocholousek\AppData\Roaming\OpenOffice.org2
2010-07-19 13:52:19 ----D---- C:\Windows\Prefetch
2010-07-19 13:24:55 ----D---- C:\Windows\System32
2010-07-19 13:18:36 ----D---- C:\Windows\inf
2010-07-19 13:18:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-19 13:07:30 ----D---- C:\Windows\Tasks
2010-07-19 13:05:00 ----D---- C:\WINDOWS
2010-07-19 12:13:52 ----SHD---- C:\System Volume Information
2010-07-19 03:05:55 ----SHD---- C:\Windows\Installer
2010-07-18 23:24:53 ----A---- C:\mbam-error.txt
2010-07-18 23:24:52 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-07-18 23:24:49 ----D---- C:\Windows\SYSWOW64\drivers
2010-07-14 03:20:40 ----D---- C:\Windows\winsxs
2010-07-14 03:05:15 ----D---- C:\Windows\system32\catroot
2010-07-14 03:05:10 ----D---- C:\Program Files\Windows Mail
2010-07-14 03:05:10 ----D---- C:\Program Files (x86)\Windows Mail
2010-07-12 20:15:53 ----D---- C:\Windows\SysWOW64
2010-07-12 20:15:44 ----RD---- C:\Program Files (x86)
2010-07-10 01:40:13 ----D---- C:\Windows\system32\catroot2
2010-07-08 22:48:27 ----D---- C:\Users\chocholousek\AppData\Roaming\Nero
2010-07-08 21:43:57 ----D---- C:\ProgramData\Nero
2010-07-08 21:43:05 ----D---- C:\Program Files (x86)\Common Files
2010-07-08 20:51:38 ----D---- C:\ProgramData\DVD Shrink
2010-07-04 21:13:47 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-07-02 16:18:43 ----A---- C:\Windows\system32\mrt.exe
2010-06-29 18:38:03 ----D---- C:\Windows\system32\drivers
2010-06-29 18:38:01 ----D---- C:\Windows\system32\drivers\UMDF
2010-06-28 22:59:59 ----D---- C:\Program Files\Microsoft Security Essentials
2010-06-27 09:39:16 ----SD---- C:\Users\chocholousek\AppData\Roaming\Microsoft
2010-06-26 03:29:55 ----D---- C:\Windows\Microsoft.NET
2010-06-26 03:29:54 ----RSD---- C:\Windows\assembly
2010-06-26 03:07:39 ----D---- C:\Windows\SYSWOW64\en-US
2010-06-26 03:07:39 ----D---- C:\Windows\system32\en-US
2010-06-26 03:07:24 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-06-24 03:23:11 ----D---- C:\Windows\ehome
2010-06-24 03:23:11 ----D---- C:\Windows\AppPatch
2010-06-21 10:39:29 ----D---- C:\Users\chocholousek\AppData\Roaming\Skype
2010-06-21 10:35:33 ----D---- C:\Users\chocholousek\AppData\Roaming\skypePM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-11-07 16656]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-24 27216]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-24 89680]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-24 53840]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2009-12-02 173984]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 22096]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 65616]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2008-03-16 17024]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio64.sys [2008-03-16 9728]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 4238336]
R3 CAXHWBS2;CAXHWBS2; C:\Windows\system32\DRIVERS\CAXHWBS2.sys [2008-03-16 403968]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys [2008-03-16 1513472]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2008-03-16 1324696]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 40832]
R3 PAC207;Webcam 1200; C:\Windows\system32\DRIVERS\PFC027.SYS [2007-06-29 677376]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2008-02-27 174496]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2008-03-16 340000]
R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR64.SYS [2008-02-16 62976]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 41984]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys [2008-03-16 731648]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys [2007-12-28 391680]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60a.sys [2008-01-20 214016]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2006-10-06 550912]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 6144]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 273920]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 11008]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 7936]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 4238336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 46080]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 108544]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 8704]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 438328]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 111104]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-24 18752]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-03-09 852480]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-24 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-04-24 92008]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio64.exe [2008-03-16 410624]
R2 YahooAUService;Yahoo! Updater; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-24 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-24 352920]
R3 iPod Service;iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-28 136176]
S2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-12-09 17416]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe [2008-01-29 165416]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-04-28 182768]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

-----------------EOF-----------------

#8 Příspěvek od **eda** » 19 črc 2010 20:54

Dle tohoto návodu stáhněte OTM:
http://www.viry.cz/forum/viewtopic.php?f=15&t=72743

Do levého okna zkopírujte tento script:

Kód: Vybrat vše

:processes
explorer.exe
070700Setup.exe

:files
C:\Users\chocholousek\AppData\Roaming\AA6520D34D37A1D93E6CE3B6A01B4E8F

:reg
[HKLM\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=
[HKLM\Software\Microsoft\Internet Explorer\Main]
"Start Page"=
[HKLM\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"=
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"070700Setup.exe"=-

:commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

klik na cervene tlacitko Moveit!
Nasledne vlozite do Fora obsah zeleneho okna
Ak obdrzite hlasku na restart systemu suhlasite YES. Log potom najdete tu C:\_OTM\MovedFiles
ktoru vlozite do Fora

kolarz · #9 Příspěvek od **kolarz** » 19 črc 2010 21:20

tvoj link ma hodil na prehled tematu. ale mam to. tu je hlaska s otm:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named 070700Setup.exe was found!
========== FILES ==========
C:\Users\chocholousek\AppData\Roaming\AA6520D34D37A1D93E6CE3B6A01B4E8F folder moved successfully.
========== REGISTRY ==========
HKLM\Software\Microsoft\Internet Explorer\Main\\"Default_Page_URL"| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\Main\\"Start Page"| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\Search\\"SearchAssistant"| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\070700Setup.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: chocholousek

kolarz · #10 Příspěvek od **kolarz** » 19 črc 2010 21:40

sorry to este nebolo u konca. tu je log:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named 070700Setup.exe was found!
========== FILES ==========
C:\Users\chocholousek\AppData\Roaming\AA6520D34D37A1D93E6CE3B6A01B4E8F folder moved successfully.
========== REGISTRY ==========
HKLM\Software\Microsoft\Internet Explorer\Main\\"Default_Page_URL"| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\Main\\"Start Page"| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\Search\\"SearchAssistant"| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\070700Setup.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: chocholousek
->Temp folder emptied: 3724397178 bytes
->Temporary Internet Files folder emptied: 632829629 bytes
->Java cache emptied: 1618100 bytes
->FireFox cache emptied: 50658022 bytes
->Google Chrome cache emptied: 83706181 bytes
->Flash cache emptied: 40537 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18195478 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 424915 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 8253444581 bytes

Total Files Cleaned = 12,174.00 mb

OTM by OldTimer - Version 3.1.15.0 log created on 07192010_161704

Files moved on Reboot...
File C:\Users\chocholousek\AppData\Local\Temp\~DF2E96.tmp not found!
File C:\Users\chocholousek\AppData\Local\Temp\~DF2F57.tmp not found!
File C:\Users\chocholousek\AppData\Local\Temp\~DF30F5.tmp not found!
File C:\Users\chocholousek\AppData\Local\Temp\~DF3124.tmp not found!
File C:\Users\chocholousek\AppData\Local\Temp\~DF321E.tmp not found!
File C:\Users\chocholousek\AppData\Local\Temp\~DF3239.tmp not found!
File C:\Users\chocholousek\AppData\Local\Temp\~DF32AF.tmp not found!
File C:\Users\chocholousek\AppData\Local\Temp\~DF32CD.tmp not found!
C:\Users\chocholousek\AppData\Local\Temp\~DF762.tmp moved successfully.
C:\Users\chocholousek\AppData\Local\Temp\~DF8A15.tmp moved successfully.
C:\Users\chocholousek\AppData\Local\Temp\~DFA517.tmp moved successfully.
C:\Users\chocholousek\AppData\Local\Temp\~DFB651.tmp moved successfully.
File C:\Users\chocholousek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZE671ONF\afr[2].php not found!
C:\Users\chocholousek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZE671ONF\afr[3].php moved successfully.
C:\Users\chocholousek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZE671ONF\FAQs[1].txt moved successfully.
C:\Users\chocholousek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZE671ONF\grab[1].cur moved successfully.
File C:\Users\chocholousek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZE671ONF\posting[1].php not found!
C:\Users\chocholousek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZE671ONF\search[4].txt moved successfully.
C:\Users\chocholousek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZE671ONF\sh20[2].html moved successfully.
C:\Users\chocholousek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZE671ONF\viewtopic[2].php moved successfully.
C:\Users\chocholousek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZHR77RT\blank[3].html moved successfully.
C:\Users\chocholousek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZHR77RT\blank[4].html moved successfully.
C:\Users\chocholousek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZHR77RT\fc[1].txt moved successfully.
C:\Users\chocholousek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZHR77RT\maps[1].txt moved successfully.
C:\Users\chocholousek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZHR77RT\tcode3[1].htm moved successfully.
C:\Users\chocholousek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8R7TKNUV\adpage[1].htm moved successfully.
C:\Users\chocholousek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8R7TKNUV\header[1].txt moved successfully.
C:\Users\chocholousek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6E4AIC46\8632552375[1].htm moved successfully.
C:\Users\chocholousek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6E4AIC46\launch[2].txt moved successfully.
C:\Users\chocholousek\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q9I0WE71\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OWEKGZ5M\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7LJO1JZX\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03YDIV2W\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#11 Příspěvek od **eda** » 20 črc 2010 05:47

Jak to vypadá?

VIRY.CZ

antimalware doctor

antimalware doctor

Re: antimalware doctor

Re: antimalware doctor

Re: antimalware doctor

Re: antimalware doctor

Re: antimalware doctor

Re: antimalware doctor

Re: antimalware doctor

Re: antimalware doctor

Re: antimalware doctor

Re: antimalware doctor