Kotrola po problému

[radar2004]

Dobrý den, posím o kontrolu logu. Měl jsem potíže s pc. Nešli skoro žádný programy, systémové zvuky byly vypnuty, nešel správce úloh. V nouzovém režimu mi avast našel vir a ten jsem smazal. Předem děkuji


Logfile of random's system information tool 1.08 (written by random/random)
Run by Rodinka at 2010-08-30 08:28:36
Microsoft Windows 7 Home Premium
System drive C: has 83 GB (17%) free of 477 GB
Total RAM: 4094 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:28:43, on 30.8.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Rodinka\Desktop\LUKÁŠ\RSIT.exe
C:\Program Files (x86)\trend micro\Rodinka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BtTray] "C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [EPSON Stylus SX400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEGE.EXE /FU "C:\Windows\TEMP\E_S5B21.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - Startup: KvetinkaProzeny.lnk = Rodinka\Desktop\moja fota\m\KvetinkaProzeny\KvetinkaProzeny.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75412450-C4C6-4C19-B93B-C3D7683BF85D}: NameServer = 213.192.14.14,213.192.14.15
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - IVT Corporation - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - (no file)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12516 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
TorrentMan Toolbar - C:\Program Files (x86)\TorrentMan\tbTorr.dll [2008-05-21 1526296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-15 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-15 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files (x86)\BS_Player\tbBS_P.dll [2009-07-02 2215960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-06-02 1018616]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files (x86)\BS_Player\tbBS_P.dll [2009-07-02 2215960]
{7c5c0f58-e061-457d-9033-77307f5ed00c} - TorrentMan Toolbar - C:\Program Files (x86)\TorrentMan\tbTorr.dll [2008-05-21 1526296]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-15 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\Program Files\Alwil Software\Avast4\ashDisp.exe [2009-11-25 81000]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"BtTray"=C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [2009-12-10 315478]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-11-11 417792]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"EPSON Stylus SX400 Series"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEGE.EXE [2007-12-17 221696]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-12-15 39408]

C:\Users\Rodinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
KvetinkaProzeny.lnk - C:\Users\Rodinka\Desktop\moja fota\m\KvetinkaProzeny\KvetinkaProzeny.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.reg - open - "regedit.exe" "%1"
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-08-30 08:25:44 ----D---- C:\Program Files (x86)\trend micro
2010-08-30 08:25:42 ----D---- C:\rsit
2010-08-30 07:57:18 ----A---- C:\Windows\ntbtlog.txt
2010-08-25 05:29:43 ----A---- C:\Windows\SysWOW64\oleaut32.dll
2010-08-20 19:25:39 ----A---- C:\Users\Rodinka\AppData\Roaming\burnaware.ini
2010-08-20 19:23:36 ----D---- C:\Program Files (x86)\BurnAware Free
2010-08-17 19:59:13 ----D---- C:\Users\Rodinka\AppData\Roaming\KvetinkaProzeny.F4442F3611D910A74573A4ECD029F51CBC5E4266.1
2010-08-17 19:59:09 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR
2010-08-17 07:12:37 ----A---- C:\Windows\SysWOW64\javaws.exe
2010-08-17 07:12:37 ----A---- C:\Windows\SysWOW64\javaw.exe
2010-08-17 07:12:37 ----A---- C:\Windows\SysWOW64\java.exe
2010-08-11 23:12:18 ----A---- C:\Windows\SysWOW64\schannel.dll
2010-08-11 23:12:02 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2010-08-11 23:12:02 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2010-08-11 23:11:54 ----A---- C:\Windows\SysWOW64\mshtml.dll
2010-08-11 23:11:53 ----A---- C:\Windows\SysWOW64\ieframe.dll
2010-08-11 23:11:52 ----A---- C:\Windows\SysWOW64\wininet.dll
2010-08-11 23:11:52 ----A---- C:\Windows\SysWOW64\urlmon.dll
2010-08-11 23:11:51 ----A---- C:\Windows\SysWOW64\mstime.dll
2010-08-11 23:11:51 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2010-08-11 23:11:51 ----A---- C:\Windows\SysWOW64\ieui.dll
2010-08-11 23:11:51 ----A---- C:\Windows\SysWOW64\iepeers.dll
2010-08-11 23:11:51 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2010-08-11 23:11:50 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2010-08-11 23:11:50 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2010-08-11 23:11:45 ----A---- C:\Windows\SysWOW64\rtutils.dll
2010-08-11 23:11:44 ----A---- C:\Windows\SysWOW64\iccvid.dll
2010-08-11 23:11:39 ----A---- C:\Windows\SysWOW64\msxml3.dll
2010-08-03 07:32:03 ----A---- C:\Windows\SysWOW64\shell32.dll
2010-08-02 11:58:36 ----D---- C:\Program Files (x86)\Common Files\Macrovision Shared
2010-08-02 11:57:35 ----D---- C:\Program Files (x86)\Common Files\Autodesk Shared
2010-08-02 11:56:23 ----D---- C:\Program Files (x86)\Autodesk
2010-08-02 11:56:17 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll
2010-08-02 11:56:17 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll
2010-08-02 11:56:13 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll

======List of files/folders modified in the last 1 months======

2010-08-30 08:28:19 ----D---- C:\Windows\Temp
2010-08-30 08:27:58 ----D---- C:\ProgramData\NVIDIA
2010-08-30 08:27:52 ----A---- C:\Windows\SysWOW64\bscs.ini
2010-08-30 08:25:44 ----RD---- C:\Program Files (x86)
2010-08-30 07:57:18 ----D---- C:\Windows
2010-08-30 07:48:20 ----D---- C:\Rodinka
2010-08-29 16:57:05 ----D---- C:\Users\Rodinka\AppData\Roaming\ICQ
2010-08-29 11:56:34 ----D---- C:\Windows\System32
2010-08-29 11:56:34 ----D---- C:\Windows\inf
2010-08-28 09:52:40 ----SHD---- C:\Windows\Installer
2010-08-28 09:52:40 ----SHD---- C:\Config.Msi
2010-08-27 17:24:58 ----SHD---- C:\System Volume Information
2010-08-26 11:22:32 ----D---- C:\Program Files (x86)\ICQ7.2
2010-08-25 08:28:06 ----D---- C:\Windows\winsxs
2010-08-25 08:27:35 ----D---- C:\Windows\SysWOW64
2010-08-25 05:37:36 ----D---- C:\Windows\AppPatch
2010-08-23 13:36:29 ----SD---- C:\Users\Rodinka\AppData\Roaming\Microsoft
2010-08-23 09:46:37 ----D---- C:\Program Files (x86)\Opera
2010-08-17 19:59:13 ----D---- C:\ProgramData\Adobe
2010-08-17 19:59:09 ----D---- C:\Program Files (x86)\Common Files
2010-08-17 19:59:09 ----D---- C:\Program Files (x86)\Adobe
2010-08-17 19:58:23 ----D---- C:\Users\Rodinka\AppData\Roaming\Adobe
2010-08-17 07:26:13 ----D---- C:\Program Files (x86)\Common Files\Java
2010-08-17 07:12:36 ----D---- C:\Program Files (x86)\Java
2010-08-12 07:37:54 ----RSD---- C:\Windows\assembly
2010-08-12 07:36:15 ----D---- C:\Windows\Microsoft.NET
2010-08-12 07:30:00 ----D---- C:\Windows\SysWOW64\migration
2010-08-12 07:30:00 ----D---- C:\Program Files (x86)\Internet Explorer
2010-08-05 12:15:29 ----RD---- C:\Program Files
2010-08-05 12:15:17 ----D---- C:\Program Files (x86)\DsNET Corp
2010-08-04 21:10:57 ----D---- C:\Users\Rodinka\AppData\Roaming\Skype
2010-08-04 20:35:42 ----D---- C:\Users\Rodinka\AppData\Roaming\skypePM
2010-08-02 12:00:47 ----D---- C:\Users\Rodinka\AppData\Roaming\Autodesk
2010-08-02 12:00:47 ----D---- C:\ProgramData\Autodesk
2010-07-31 19:54:21 ----D---- C:\Hry

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BtHidBus;Bluetooth HID Bus Service; C:\Windows\System32\Drivers\BtHidBus.sys []
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R1 aswRdr;aswRdr; C:\Windows\SysWOW64\drivers\aswRdr.sys []
R1 aswSP;avast! Self Protection; C:\Windows\SysWOW64\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys []
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys []
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys []
R3 btnetBUs;Bluetooth PAN Bus Service; C:\Windows\System32\Drivers\btnetBus.sys []
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-08-30 25640]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 IvtBtBUs;IVT Bluetooth Bus Service; C:\Windows\System32\Drivers\IvtBtBus.sys []
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys []
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys []
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys []
S0 BTHidEnum;Bluetooth HID Enumerator; C:\Windows\System32\Drivers\vbtenum.sys []
S0 BTHidMgr;Bluetooth HID Manager Service; C:\Windows\System32\Drivers\BTHidMgr.sys []
S3 asd9fbmq;asd9fbmq; C:\Windows\SysWOW64\drivers\asd9fbmq.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2009-06-17 36360]
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys []
S3 GMSIPCI;GMSIPCI; C:\Windows\SysWOW64\drivers\GMSIPCI.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 StarOpen;StarOpen; C:\Windows\SysWOW64\drivers\StarOpen.sys [2009-11-12 7168]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\Windows\system32\DRIVERS\vcsvad.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2009-12-11 879104]
R2 BsMobileCS;BsMobileCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-12-10 143467]
R2 EPSON_EB_RPCV4_01;EPSON V5 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [2007-12-17 163840]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [2007-01-11 126464]
R2 GEST Service;GEST Service for program management.; C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2009-02-06 68136]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit; C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
R2 NMSAccessU;NMSAccessU; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [2009-11-12 71096]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-08-17 239648]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [2009-12-10 192000]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-12-13 1030600]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-08-02 651720]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-15 182768]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2008-09-08 575488]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------

[motji]

Hezké odpoledne
Můžu vědět, v jakém souboru Vám Avast vir našel?

[radar2004]

no teď přesně nevím...byli to asi registry nebo tam někde....viděl jsem program files a soubor měl v názvu spoustu čísel....

[motji]

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[radar2004]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

31.8.2010 21:22:33
mbam-log-2010-08-31 (21-22-33).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 414171
Uplynulý čas: 52 minuta(y), 59 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 4
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 4

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Program Files (x86)\BitLord\Downloads\Autodesk AutoCAD 2010- Keygens only (X-FORCE 32-64bits) [RH]\AAC2010_Keygen-32bits.exe (Trojan.Agent) -> No action taken.
C:\Program Files (x86)\BitLord\Downloads\Autodesk AutoCAD 2010- Keygens only (X-FORCE 32-64bits) [RH]\AAC2010_Keygen-64bits.exe (Trojan.Agent.CK) -> No action taken.
C:\Program Files (x86)\BitLord\Downloads\Call of Duty4-Razor1911+Keygen and Crack\rzr-cod4.exe (Trojan.Agent.CK) -> No action taken.
C:\Users\Rodinka\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> No action taken.

[motji]

V mbamu vše smažte.


Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT 

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

[radar2004]

Dobrý den, v mbamu jsem vše smazal. Zde je OTL log.txt , extras.txt jsem nenašel ani se nezobrazil.






OTL logfile created on: 1.9.2010 14:54:45 - Run 3
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Rodinka\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 79,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 81,54 Gb Free Space | 17,51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RODINKA-PC
Current User Name: Rodinka
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.09.01 09:22:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Rodinka\Desktop\OTL.exe
PRC - [2010.08.22 13:02:26 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.2\ICQ.exe
PRC - [2010.08.09 15:27:06 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2010.06.02 17:58:20 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.12.11 16:36:34 | 000,879,104 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2009.12.10 17:51:24 | 000,315,478 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2009.12.10 17:47:56 | 000,143,467 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
PRC - [2009.11.25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009.10.30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009.08.17 02:32:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.03.12 17:36:24 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
PRC - [2009.02.06 16:14:34 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2006.10.26 21:24:54 | 000,098,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE


========== Modules (SafeList) ==========

MOD - [2010.09.01 09:22:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Rodinka\Desktop\OTL.exe
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009.12.13 22:58:35 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV:64bit: - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV:64bit: - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV:64bit: - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010.08.02 11:58:36 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.06.02 17:58:20 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.12.11 16:36:34 | 000,879,104 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2009.12.10 17:53:18 | 000,192,000 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2009.12.10 17:47:56 | 000,143,467 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.08.17 02:32:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.03.12 17:36:24 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2009.02.06 16:14:34 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008.09.08 08:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.12.17 06:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007.01.11 06:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006.10.27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV:64bit: - File not found [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\vbtenum.sys -- (BTHidEnum)
DRV:64bit: - [2010.07.26 20:15:29 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.07.26 20:15:28 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.12.11 18:39:46 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.12.06 20:14:06 | 000,047,880 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb)
DRV:64bit: - [2009.11.25 01:50:05 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2009.11.25 01:49:56 | 000,065,616 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2009.11.16 18:33:38 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009.09.24 14:38:48 | 000,027,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2009.09.24 06:40:14 | 000,023,304 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2009.08.28 17:05:00 | 000,043,912 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VCommMgr.sys -- (VcommMgr)
DRV:64bit: - [2009.08.26 12:16:52 | 000,030,344 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2009.08.26 12:16:20 | 000,017,032 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VComm.sys -- (VComm)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.06.17 15:02:44 | 000,020,488 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetdrv.sys -- (BT)
DRV:64bit: - [2009.06.17 15:02:20 | 000,036,872 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV:64bit: - [2009.06.17 15:02:12 | 000,036,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\blueletaudio.sys -- (BlueletAudio)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.12.26 13:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV:64bit: - [2008.08.28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2010.09.01 09:24:06 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.06.17 15:02:12 | 000,036,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\blueletaudio.sys -- (BlueletAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3500666388-1305736350-2404888146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-3500666388-1305736350-2404888146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5C 1F 81 20 74 7A CA 01 [binary data]
IE - HKU\S-1-5-21-3500666388-1305736350-2404888146-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3500666388-1305736350-2404888146-1000\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKU\S-1-5-21-3500666388-1305736350-2404888146-1000\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3500666388-1305736350-2404888146-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-3500666388-1305736350-2404888146-1000\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3500666388-1305736350-2404888146-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-3500666388-1305736350-2404888146-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3500666388-1305736350-2404888146-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-3500666388-1305736350-2404888146-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-3500666388-1305736350-2404888146-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-3500666388-1305736350-2404888146-1000\..\Toolbar\WebBrowser: (TorrentMan Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Program Files (x86)\TorrentMan\tbTorr.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3500666388-1305736350-2404888146-1000\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3500666388-1305736350-2404888146-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3500666388-1305736350-2404888146-1000..\Run: [EPSON Stylus SX400 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIEGE.EXE File not found
O4 - HKU\S-1-5-21-3500666388-1305736350-2404888146-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Rodinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KvetinkaProzeny.lnk = C:\Users\Rodinka\Desktop\moja fota\m\KvetinkaProzeny\KvetinkaProzeny.exe ()
O4 - Startup: C:\Users\Rodinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: WikiKomentáře Google... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: WikiKomentáře Google... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.01 18:10:32 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{95df6d75-e674-11de-82d9-00241dd240e9}\Shell - "" = AutoRun
O33 - MountPoints2\{95df6d75-e674-11de-82d9-00241dd240e9}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\Windows\SysWow64\fmcodec.DLL (Fox Magic Software)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010.09.01 09:22:27 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Rodinka\Desktop\OTL.exe
[2010.08.31 20:22:28 | 000,000,000 | ---D | C] -- C:\Users\Rodinka\AppData\Roaming\Malwarebytes
[2010.08.31 20:22:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.08.31 20:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.31 20:22:20 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.08.31 20:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.08.30 12:48:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.08.30 12:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.08.30 08:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2010.08.30 08:25:42 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.30 08:25:00 | 000,000,000 | ---D | C] -- C:\Users\Rodinka\AppData\Local\ElevatedDiagnostics
[2010.08.25 05:29:43 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010.08.20 19:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BurnAware Free
[2010.08.17 19:59:13 | 000,000,000 | ---D | C] -- C:\Users\Rodinka\AppData\Roaming\KvetinkaProzeny.F4442F3611D910A74573A4ECD029F51CBC5E4266.1
[2010.08.17 19:59:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010.08.17 07:12:37 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.08.17 07:12:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.08.17 07:12:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.08.11 23:12:03 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.08.11 23:12:02 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.08.11 23:12:02 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010.08.11 23:11:51 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.08.11 23:11:51 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.08.11 23:11:51 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.08.11 23:11:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.08.11 23:11:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.08.11 23:11:50 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.08.11 23:11:45 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010.08.11 23:11:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010.08.11 23:11:44 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010.08.10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010.08.10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2010.08.05 12:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.09.01 14:54:52 | 003,145,728 | -HS- | M] () -- C:\Users\Rodinka\ntuser.dat
[2010.09.01 14:52:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.01 10:27:35 | 001,445,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.09.01 10:27:35 | 000,622,422 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2010.09.01 10:27:35 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.09.01 10:27:35 | 000,118,604 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2010.09.01 10:27:35 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.09.01 09:31:21 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.01 09:31:21 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.01 09:24:06 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2010.09.01 09:24:04 | 000,001,285 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2010.09.01 09:23:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.01 09:23:38 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.01 09:22:51 | 002,805,211 | -H-- | M] () -- C:\Users\Rodinka\AppData\Local\IconCache.db
[2010.09.01 09:22:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Rodinka\Desktop\OTL.exe
[2010.09.01 08:19:41 | 000,000,897 | ---- | M] () -- C:\Users\Rodinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KvetinkaProzeny.lnk
[2010.08.31 20:22:24 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.30 17:52:19 | 000,000,148 | ---- | M] () -- C:\Users\Rodinka\AppData\Roaming\burnaware.ini
[2010.08.30 12:48:31 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.08.28 16:53:46 | 000,172,032 | ---- | M] () -- C:\Users\Rodinka\Desktop\.doc
[2010.08.28 09:52:32 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.23 09:46:39 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.23 05:34:09 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2010.08.22 18:54:36 | 000,001,000 | ---- | M] () -- C:\Users\Rodinka\Desktop\dovolená 2010 – zástupce.lnk
[2010.08.20 19:23:38 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\BurnAware Free.lnk
[2010.08.18 19:45:37 | 000,000,000 | ---- | M] () -- C:\Users\Rodinka\Desktop\Nový Dokument aplikace Microsoft Office Word.docx
[2010.08.17 19:59:17 | 000,000,000 | ---- | M] () -- C:\Users\Rodinka\Documents\birthdayDB.xml
[2010.08.12 07:31:26 | 000,445,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.08.11 12:07:11 | 000,007,605 | ---- | M] () -- C:\Users\Rodinka\AppData\Local\Resmon.ResmonCfg
[2010.08.10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010.08.10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.08.31 20:22:24 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.30 12:48:31 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.08.28 16:53:46 | 000,172,032 | ---- | C] () -- C:\Users\Rodinka\Desktop\.doc
[2010.08.28 09:52:32 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.23 09:46:39 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.23 05:34:09 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2010.08.22 18:54:36 | 000,001,000 | ---- | C] () -- C:\Users\Rodinka\Desktop\dovolená 2010 – zástupce.lnk
[2010.08.20 19:25:39 | 000,000,148 | ---- | C] () -- C:\Users\Rodinka\AppData\Roaming\burnaware.ini
[2010.08.20 19:23:38 | 000,000,982 | ---- | C] () -- C:\Users\Public\Desktop\BurnAware Free.lnk
[2010.08.18 19:45:37 | 000,000,000 | ---- | C] () -- C:\Users\Rodinka\Desktop\Nový Dokument aplikace Microsoft Office Word.docx
[2010.08.17 19:59:17 | 000,000,897 | ---- | C] () -- C:\Users\Rodinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KvetinkaProzeny.lnk
[2010.08.17 19:59:17 | 000,000,000 | ---- | C] () -- C:\Users\Rodinka\Documents\birthdayDB.xml
[2010.08.11 12:07:11 | 000,007,605 | ---- | C] () -- C:\Users\Rodinka\AppData\Local\Resmon.ResmonCfg
[2010.06.28 13:25:42 | 000,000,137 | ---- | C] () -- C:\Windows\KA.ini
[2010.01.11 18:43:32 | 000,000,104 | ---- | C] () -- C:\Windows\BsMobileModel.ini
[2010.01.10 15:45:38 | 000,000,000 | ---- | C] () -- C:\Windows\musicmaker.INI
[2010.01.10 15:39:36 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\mgxasio.dll
[2010.01.10 15:39:09 | 000,005,729 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.01.10 15:23:58 | 000,000,000 | ---- | C] () -- C:\Windows\ae.INI
[2010.01.08 19:10:40 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.01.07 23:14:39 | 003,907,640 | ---- | C] () -- C:\Windows\SysWow64\gsdll32.dll
[2010.01.07 16:07:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.20 23:13:35 | 000,003,725 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2009.12.20 23:13:25 | 000,000,261 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2009.12.20 23:13:21 | 000,006,495 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2009.12.20 23:13:20 | 000,000,102 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2009.12.20 23:10:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
[2009.12.15 21:51:18 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009.12.15 21:49:54 | 000,000,026 | ---- | C] () -- C:\Windows\CDE SX400EXPORT.ini
[2009.12.11 18:49:03 | 000,003,584 | ---- | C] () -- C:\Users\Rodinka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.11 16:51:05 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.12.11 16:36:38 | 000,001,285 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2009.12.10 17:48:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BsMobileCSps.dll
[2009.11.16 18:33:38 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.07 13:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\vbzlib1.dll
[2005.10.14 12:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll

========== LOP Check ==========

[2010.08.02 12:00:47 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Autodesk
[2010.01.08 11:06:20 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Avnex
[2009.12.11 22:24:20 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Black Sea Studios
[2009.12.12 01:46:07 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\BSplayer
[2009.12.12 00:54:19 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\BSplayer Pro
[2010.01.08 19:10:52 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Canneverbe_Limited
[2009.12.16 20:52:33 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\CosmeticGuide
[2009.12.11 19:03:31 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\DAEMON Tools Lite
[2010.01.20 08:08:09 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Desktopicon
[2010.01.07 21:55:38 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Grand Ages Rome
[2009.12.11 22:11:35 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Graphisoft
[2010.09.01 11:33:59 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\ICQ
[2010.08.17 19:59:13 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\KvetinkaProzeny.F4442F3611D910A74573A4ECD029F51CBC5E4266.1
[2009.12.20 19:20:21 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\LG Electronics
[2009.12.20 19:13:19 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\LGSync
[2009.12.11 18:23:11 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Opera
[2010.01.08 00:34:14 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\progeSOFT
[2010.07.26 21:25:17 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Ubisoft
[2010.07.29 21:49:47 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.07.14 03:39:41 | 001,475,072 | ---- | M] (Microsoft Corporation)
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2009.10.30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd)
"EPSON Stylus SX400 Series" = C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEGE.EXE /FU "C:\Windows\TEMP\E_S5B21.tmp" /EF "HKCU" -- File not found
"swg" = "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -- [2009.12.15 15:34:48 | 000,039,408 | ---- | M] (Google Inc.)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.08.17 19:58:23 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Adobe
[2010.08.02 12:00:47 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Autodesk
[2010.01.08 11:06:20 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Avnex
[2009.12.11 22:24:20 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Black Sea Studios
[2009.12.12 01:46:07 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\BSplayer
[2009.12.12 00:54:19 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\BSplayer Pro
[2010.01.08 19:10:52 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Canneverbe_Limited
[2009.12.16 20:52:33 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\CosmeticGuide
[2009.12.11 19:03:31 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\DAEMON Tools Lite
[2010.01.20 08:08:09 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Desktopicon
[2009.12.15 20:58:52 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Google
[2010.01.07 21:55:38 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Grand Ages Rome
[2009.12.11 22:11:35 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Graphisoft
[2010.09.01 11:33:59 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\ICQ
[2009.12.11 16:38:59 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Identities
[2009.12.12 20:11:24 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\InstallShield
[2010.08.17 19:59:13 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\KvetinkaProzeny.F4442F3611D910A74573A4ECD029F51CBC5E4266.1
[2009.12.20 19:20:21 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\LG Electronics
[2009.12.20 19:13:19 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\LGSync
[2009.12.11 17:11:47 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Macromedia
[2010.08.31 20:22:28 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Malwarebytes
[2009.07.14 17:36:31 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Media Center Programs
[2010.08.23 13:36:29 | 000,000,000 | --SD | M] -- C:\Users\Rodinka\AppData\Roaming\Microsoft
[2010.01.15 14:15:58 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Microsoft Games
[2009.12.11 18:42:02 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Mozilla
[2009.12.11 18:23:11 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Opera
[2010.01.08 00:34:14 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\progeSOFT
[2010.08.31 21:25:14 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Skype
[2010.08.31 18:01:14 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\skypePM
[2010.07.26 21:25:17 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\Ubisoft
[2009.12.12 21:02:26 | 000,000,000 | ---D | M] -- C:\Users\Rodinka\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2007.08.18 10:54:02 | 000,020,480 | ---- | M] () -- C:\Users\Rodinka\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
[2007.08.18 10:53:50 | 000,016,384 | ---- | M] () -- C:\Users\Rodinka\AppData\Roaming\BSplayer\AC3 Filter\dialog_patch.exe
[2008.04.13 18:26:54 | 000,036,396 | ---- | M] () -- C:\Users\Rodinka\AppData\Roaming\BSplayer\AC3 Filter\uninstall.exe
[2008.04.01 12:51:06 | 000,691,717 | ---- | M] () -- C:\Users\Rodinka\AppData\Roaming\BSplayer\FFDShow\unins000.exe
[2008.03.29 18:42:00 | 000,103,424 | ---- | M] () -- C:\Users\Rodinka\AppData\Roaming\BSplayer\Haali media splitter\dsmux.exe
[2008.03.29 18:42:02 | 000,335,872 | ---- | M] () -- C:\Users\Rodinka\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
[2008.03.29 18:41:54 | 000,135,168 | ---- | M] () -- C:\Users\Rodinka\AppData\Roaming\BSplayer\Haali media splitter\mkv2vfr.exe
[2008.06.10 10:11:02 | 000,041,412 | ---- | M] () -- C:\Users\Rodinka\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
[2010.01.20 08:10:04 | 000,031,836 | ---- | M] () -- C:\Users\Rodinka\AppData\Roaming\Desktopicon\uninst.exe
[2010.08.17 19:58:10 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Rodinka\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.01.10 22:10:15 | 000,026,694 | R--- | M] () -- C:\Users\Rodinka\AppData\Roaming\Microsoft\Installer\{446E684C-A48C-4A67-89F7-824B63F96153}\_D72106D85CB38188D5EFB4.exe


< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: IASTORV.SYS >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2010.06.14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010.06.14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys

[radar2004]

musel jsem zprávu rozdělit...zde je pokračování:




< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.09.01 09:24:04 | 000,001,285 | ---- | M] () -- C:\Windows\SysWOW64\bscs.ini
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< End of report >

[motji]

Omlouvám se za zpoždění .

Tyto soubory znáte?
C:\Users\Rodinka\Documents\birthdayDB.xml
C:\Users\Rodinka\AppData\Local\Resmon.ResmonCfg
C:\Users\Rodinka\Desktop\.doc

Otestujte na www.virustotal.com
C:\Windows\SysWow64\mgxasio.dll
-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače

[radar2004]

Ty soubory neznám. Smazal jsem je. Na té testovací stránce se žádný výsledky neobjevily. Pouze toto: Tento soubor nikdy nebyl přezkoumán v žádném členském VT Společenství. Buďte první, kdo se k nim vyjádřit!

[motji]

Počkejte, ten soubor co jsem chtěla otestovat, měli se Vám tam objevit výsledky testu antivirů

[radar2004]

Tak tím pádem asi tohle bude ono.

http://www.virustotal.com/file-scan/rep ... 1283418520

[motji]

Fajn, ted to s počítačem vypadá jak?

[radar2004]

Teď jede všechno jak má. Pokud nevidíte další problém tak moc děkuji za pomoc. Přeji hezký den

[motji]

Ještě něco málo smažu, spíš zbytečnosti

Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3500666388-1305736350-2404888146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-3500666388-1305736350-2404888146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5C 1F 81 20 74 7A CA 01 [binary data]
IE - HKU\S-1-5-21-3500666388-1305736350-2404888146-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3500666388-1305736350-2404888146-1000\..\URLSearchHook: {0063BF63-BFFF-4B8F-
IE - HKU\S-1-5-21-3500666388-1305736350-2404888146-1000\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3500666388-1305736350-2404888146-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-3500666388-1305736350-2404888146-1000\..\Toolbar\WebBrowser: (TorrentMan Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Program Files (x86)\TorrentMan\tbTorr.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-3500666388-1305736350-2404888146-1000..\Run: [EPSON Stylus SX400 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIEGE.EXE File not found
O13 - gopher Prefix: missing
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - AutoRun File - [2010.01.01 18:10:32 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{95df6d75-e674-11de-82d9-00241dd240e9}\Shell - "" = AutoRun
O33 - MountPoints2\{95df6d75-e674-11de-82d9-00241dd240e9}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\Program Files (x86)\DAEMON Tools Toolbar
C:\Windows\ae.INI
C:\ProgramData\ezsidmv.dat
C:\Users\Rodinka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

:commands
[emptytemp]
[EMPTYFLASH]
[Reboot]

-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde