soubor regedit.exe se při zapnutí PC maže

[kodooo]

Dobrý den, kdykoliv jak zapnu, restartuj notebook, tak mi téměř nic nefunguje, musím z flash-disku překopírovat soubor regedit.exe do složky system32 a pak vše funguje jak má, ale při restartu se vše opět obnoví. prosím o pomoc. děkuji

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:56:01, on 20.2.2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Miriam\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2475029
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:60242
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [gcfgd] rundll32 "C:\Users\Miriam\AppData\Roaming\vdmdbgl.dll",IEZQ
O4 - HKCU\..\Run: [Remote Registry Service] C:\Users\Miriam\RegServ\regsrv32.exe
O4 - HKCU\..\Run: [Regedit32] C:\Windows\system32\regedit.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{56C715CF-A8AB-48FC-B2F8-557970B215F6}: NameServer = 80.82.144.142,80.82.146.10
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4151 bytes

[vyosek]

Zdravim a pekny den preji

Stahnete OTL (viz muj podpis) a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
• Zaskrtnete okenko Pro vsechny uzivatele
• Zaskrtnete okenko Kontrola na havet "LOP"
• Zaskrtnete okenko Kontrola na havet "Purity"
• Stari souboru zmente z 30 dnu na 7 dnu
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  netsvcs
  drivers32
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
  c:\windows\*.* /U
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  /md5start
  adp3132.sys
  AGP440.sys
  ahcix86.sys
  ahcix86s.sys
  atapi.sys
  autochk.exe
  cdrom.sys
  cngaudit.dll
  cryptsvc.dll
  eNetHook.dll
  eventlog.dll
  explorer.exe
  hal.dll
  Changer.sys
  iaStor.sys
  iastorv.sys
  IdeChnDr.sys
  isapnp.sys
  JakNDis.sys
  KR10N.sys
  logevent.dll
  lsass.exe
  mv61xx.sys
  ndis.sys
  netlogon.dll
  ntelogon.dll
  nvata.sys
  nvatabus.sys
  nvgts.sys
  nvraid.sys
  nvrd32.sys
  nvstor.sys
  nvstor32.sys
  scecli.dll
  sceclt.dll
  smss.exe
  svchost.exe
  symmpi.sys
  tcpip.sys
  userinit.exe
  vaxscsi.sys
  viamraid.sys
  viasraid.sys
  ViPrt.sys
  winlogon.exe
  ws2_32.dll
  /md5stop
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\drivers\*.sys /3
  %systemroot%\system32\*.* /3
  CREATERESTOREPOINT

• Kliknete na tlacitko Prohledat
• Po dokonceni skenu (cca 5 az 10 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

[kodooo]

OTL.txt log

OTL logfile created on: 20.2.2011 16:58:21 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Miriam\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 179,34 Gb Free Space | 77,01% Space Free | Partition Type: NTFS

Computer Name: MIRIAM-NTB | User Name: Miriam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2011.02.20 16:55:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Miriam\Desktop\OTL.exe
PRC - [2011.02.20 13:39:20 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011.02.20 13:39:18 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2011.02.20 13:39:17 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2011.02.20 13:39:14 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2011.02.20 13:39:11 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2011.02.20 13:39:09 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2011.02.20 13:39:08 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2011.02.20 13:39:08 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2011.02.20 13:39:06 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010.06.21 08:42:39 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.06.16 15:00:06 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.09.02 01:27:44 | 001,499,136 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe


========== Modules (SafeList) ==========

MOD - [2011.02.20 16:55:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Miriam\Desktop\OTL.exe
MOD - [2011.02.20 13:39:17 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2006.11.02 10:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.02.20 13:39:14 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2011.02.20 13:39:09 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2011.02.20 13:39:08 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010.06.16 15:37:02 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.08.31 13:03:54 | 000,651,776 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - [2011.02.20 13:39:18 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011.02.20 13:39:17 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011.02.20 13:39:08 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2011.02.20 13:39:07 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2011.02.20 13:22:42 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2009.01.13 08:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.07.31 01:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 08:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm






IE - HKU\S-1-5-21-2749248260-4257000846-3406736192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2475029
IE - HKU\S-1-5-21-2749248260-4257000846-3406736192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2749248260-4257000846-3406736192-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2749248260-4257000846-3406736192-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2749248260-4257000846-3406736192-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60242

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.as ... earchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.1.1.388
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:2.5.6.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.as ... 2475029&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 60242
FF - prefs.js..network.proxy.share_proxy_settings: true

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.11.07 12:50:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011.02.20 13:41:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.21 08:42:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.23 09:46:19 | 000,000,000 | ---D | M]

[2010.05.27 06:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miriam\AppData\Roaming\Mozilla\Extensions
[2011.02.20 15:16:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\7h0896r2.default\extensions
[2010.06.21 09:11:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\7h0896r2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.18 01:08:21 | 000,000,000 | ---D | M] (MyAshampoo Toolbar) -- C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\7h0896r2.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2010.01.20 12:19:10 | 000,000,923 | ---- | M] () -- C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\7h0896r2.default\searchplugins\conduit.xml
[2010.05.27 06:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.02.20 13:41:22 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2010.11.07 12:50:59 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION
[2010.06.21 08:42:41 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.06.21 08:42:41 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.06.21 08:42:41 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.06.21 08:42:41 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.06.21 08:42:41 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2749248260-4257000846-3406736192-1000..\Run: [gcfgd] C:\Users\Miriam\AppData\Roaming\vdmdbgl.dll ()
O4 - HKU\S-1-5-21-2749248260-4257000846-3406736192-1000..\Run: [Regedit32] C:\Windows\System32\regedit.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2749248260-4257000846-3406736192-1000..\Run: [Remote Registry Service] C:\Users\Miriam\RegServ\regsrv32.exe ()
O4 - HKU\S-1-5-21-2749248260-4257000846-3406736192-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2749248260-4257000846-3406736192-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{33a4aba6-c5af-11df-9c5f-001fc64cf0fc}\Shell\AutoRun\command - "" = E:\~System\sdIfhNsdIhgMsL.exe
O33 - MountPoints2\{33a4aba6-c5af-11df-9c5f-001fc64cf0fc}\Shell\explore\command - "" = E:\~System\sdIfhNsdIhgMsL.exe
O33 - MountPoints2\{33a4aba6-c5af-11df-9c5f-001fc64cf0fc}\Shell\open\command - "" = E:\~System\sdIfhNsdIhgMsL.exe
O33 - MountPoints2\{33a4aba6-c5af-11df-9c5f-001fc64cf0fc}\Shell\search\command - "" = E:\~System\sdIfhNsdIhgMsL.exe
O33 - MountPoints2\{654ca5cb-3ce6-11e0-bdb4-001fc64cf0fc}\Shell\AutoRun\command - "" = E:\~System\sdIfhNsdIhgMsL.exe
O33 - MountPoints2\{654ca5cb-3ce6-11e0-bdb4-001fc64cf0fc}\Shell\explore\command - "" = E:\~System\sdIfhNsdIhgMsL.exe
O33 - MountPoints2\{654ca5cb-3ce6-11e0-bdb4-001fc64cf0fc}\Shell\open\command - "" = E:\~System\sdIfhNsdIhgMsL.exe
O33 - MountPoints2\{654ca5cb-3ce6-11e0-bdb4-001fc64cf0fc}\Shell\search\command - "" = E:\~System\sdIfhNsdIhgMsL.exe
O33 - MountPoints2\{9731a864-8b29-11df-9f8a-001fc64cf0fc}\Shell\AutoRun\command - "" = ~System\sdIfhNsdIhgMsL.exe
O33 - MountPoints2\{9731a864-8b29-11df-9f8a-001fc64cf0fc}\Shell\explore\command - "" = ~System\sdIfhNsdIhgMsL.exe
O33 - MountPoints2\{9731a864-8b29-11df-9f8a-001fc64cf0fc}\Shell\open\command - "" = ~System\sdIfhNsdIhgMsL.exe
O33 - MountPoints2\{9731a864-8b29-11df-9f8a-001fc64cf0fc}\Shell\search\command - "" = ~System\sdIfhNsdIhgMsL.exe
O33 - MountPoints2\{c84016b2-fd54-11df-8f3e-001fc64cf0fc}\Shell\AutoRun\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O33 - MountPoints2\{c84016b2-fd54-11df-8f3e-001fc64cf0fc}\Shell\open\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 7 Days ==========

[2011.02.20 16:55:47 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Miriam\Desktop\OTL.exe
[2011.02.20 14:09:23 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011.02.20 13:39:17 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2011.02.20 13:24:45 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2011.02.20 13:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 9.0
[2011.02.20 13:24:44 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2011.02.20 13:24:34 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2011.02.20 13:24:32 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2011.02.20 13:24:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2011.02.20 13:22:42 | 000,024,856 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2011.02.20 13:21:18 | 000,000,000 | ---D | C] -- C:\Users\Miriam\AppData\Roaming\WinRAR
[2011.02.20 13:21:04 | 000,000,000 | ---D | C] -- C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.02.20 13:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.02.20 13:20:57 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.02.20 13:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011.02.20 13:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2011.02.17 23:05:28 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regedit (2).exe

========== Files - Modified Within 7 Days ==========

[2011.02.20 16:55:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Miriam\Desktop\OTL.exe
[2011.02.20 16:42:18 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.20 16:42:18 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.20 16:30:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.20 14:47:07 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.20 14:47:07 | 000,473,598 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2011.02.20 14:47:07 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.20 14:47:07 | 000,081,404 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2011.02.20 14:45:23 | 000,011,776 | ---- | M] () -- C:\Users\Miriam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.20 14:42:21 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.20 14:42:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.20 14:42:11 | 2012,504,064 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.20 14:09:02 | 071,420,917 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011.02.20 14:06:48 | 071,782,683 | ---- | M] () -- C:\Users\Miriam\Desktop\u8iavi3455mu.bin
[2011.02.20 13:56:16 | 043,947,969 | ---- | M] () -- C:\Users\Miriam\Desktop\w8all449rx.bin
[2011.02.20 13:46:51 | 007,780,548 | ---- | M] () -- C:\Users\Miriam\Desktop\x8all633re.bin
[2011.02.20 13:39:18 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2011.02.20 13:39:17 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2011.02.20 13:39:17 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2011.02.20 13:39:08 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2011.02.20 13:39:07 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2011.02.20 13:24:46 | 000,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2011.02.20 13:24:32 | 000,546,935 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2011.02.20 13:24:32 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2011.02.20 13:24:31 | 006,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2011.02.20 13:24:31 | 000,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2011.02.20 13:24:31 | 000,116,698 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2011.02.20 13:22:42 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2011.02.20 13:21:04 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2011.02.19 14:50:28 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8FA2E97B-34C2-4DD3-B5C8-7B6651B7EA75}.job

========== Files Created - No Company Name ==========

[2011.02.20 14:07:55 | 043,947,969 | ---- | C] () -- C:\Users\Miriam\Desktop\w8all449rx.bin
[2011.02.20 14:07:42 | 071,782,683 | ---- | C] () -- C:\Users\Miriam\Desktop\u8iavi3455mu.bin
[2011.02.20 13:47:25 | 007,780,548 | ---- | C] () -- C:\Users\Miriam\Desktop\x8all633re.bin
[2011.02.20 13:24:46 | 000,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2011.02.20 13:24:32 | 000,546,935 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2011.02.20 13:24:32 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2011.02.20 13:24:31 | 071,420,917 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011.02.20 13:24:31 | 006,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2011.02.20 13:24:31 | 000,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2011.02.20 13:24:31 | 000,116,698 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2011.02.20 13:21:04 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2011.02.09 23:52:25 | 000,000,452 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.01.16 13:14:31 | 000,000,000 | ---- | C] () -- C:\Users\Miriam\AppData\Local\1431599.exe
[2011.01.15 08:29:37 | 000,005,820 | ---- | C] () -- C:\Users\Miriam\AppData\Roaming\10B6.4BF
[2011.01.11 20:39:00 | 000,000,000 | -H-- | C] () -- C:\Users\Miriam\AppData\Roaming\gl67knii11.txt
[2011.01.10 08:44:19 | 000,000,000 | -H-- | C] () -- C:\Users\Miriam\AppData\Roaming\kegj1iEJbH.txt
[2011.01.10 01:11:38 | 000,000,000 | -H-- | C] () -- C:\Users\Miriam\AppData\Roaming\icgNg6Hmhb.txt
[2010.12.21 07:29:11 | 000,000,000 | R--- | C] () -- C:\Users\Miriam\AppData\Roaming\LH0LEEkfKg.txt
[2010.12.19 09:29:53 | 000,000,000 | R--- | C] () -- C:\Users\Miriam\AppData\Roaming\GJ6AC1NGjh.txt
[2010.12.11 20:25:53 | 000,000,000 | R--- | C] () -- C:\Users\Miriam\AppData\Roaming\MlDE06imkg.txt
[2010.12.08 07:41:18 | 000,000,000 | R--- | C] () -- C:\Users\Miriam\AppData\Roaming\idgGK7ljd7.txt
[2010.11.24 21:28:12 | 000,116,224 | RHS- | C] () -- C:\Users\Miriam\AppData\Roaming\vdmdbgl.dll
[2010.11.24 16:37:02 | 000,000,000 | R--- | C] () -- C:\Users\Miriam\AppData\Roaming\nK6Nk.txt
[2010.11.23 13:39:05 | 000,000,000 | R--- | C] () -- C:\Users\Miriam\AppData\Roaming\hDlkH.txt
[2010.11.22 12:33:36 | 000,000,000 | R--- | C] () -- C:\Users\Miriam\AppData\Roaming\k6jLC.txt
[2010.11.21 12:48:43 | 000,000,000 | R--- | C] () -- C:\Users\Miriam\AppData\Roaming\BG0Ai.txt
[2010.11.16 15:55:14 | 000,001,600 | -H-- | C] () -- C:\ProgramData\common.data
[2010.06.18 16:26:52 | 000,011,776 | ---- | C] () -- C:\Users\Miriam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.27 05:55:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2011.01.01 12:50:09 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\ICQ
[2011.02.20 14:41:08 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.02.19 14:50:28 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8FA2E97B-34C2-4DD3-B5C8-7B6651B7EA75}.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2010.06.16 14:41:48 | 001,232,896 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" = rundll32.exe oobefldr.dll,ShowWelcomeCenter
"ehTray.exe" = C:\Windows\ehome\ehTray.exe -- [2006.11.02 13:35:32 | 000,125,440 | ---- | M] (Microsoft Corporation)
"gcfgd" = rundll32 "C:\Users\Miriam\AppData\Roaming\vdmdbgl.dll",IEZQ
"Remote Registry Service" = C:\Users\Miriam\RegServ\regsrv32.exe -- [2011.02.20 14:09:35 | 000,020,652 | ---- | M] ()
"Regedit32" = C:\Windows\system32\regedit.exe -- [2011.02.06 21:12:00 | 000,239,104 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.06.28 07:28:47 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\Adobe
[2011.01.01 12:50:09 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\ICQ
[2010.05.26 14:52:30 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\Identities
[2010.05.27 06:10:27 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\Macromedia
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\Media Center Programs
[2011.02.20 14:18:44 | 000,000,000 | --SD | M] -- C:\Users\Miriam\AppData\Roaming\Microsoft
[2010.05.27 06:08:17 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\Mozilla
[2010.12.23 12:14:58 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\Skype
[2010.12.23 09:05:17 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\skypePM
[2011.02.20 13:21:18 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >


< MD5 for: AGP440.SYS >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2010.06.16 15:03:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2010.06.16 15:03:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2010.06.16 15:03:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2010.06.16 15:03:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.01.19 08:33:01 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2006.11.02 10:44:50 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=C08D1FE284C3330934E45D6E5F5B768B -- C:\Windows\System32\autochk.exe
[2006.11.02 10:44:50 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=C08D1FE284C3330934E45D6E5F5B768B -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_dfbd2b4dc4d6121b\autochk.exe

< MD5 for: CDROM.SYS >
[2008.01.19 06:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2006.11.02 09:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\drivers\cdrom.sys
[2006.11.02 09:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2006.11.02 10:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=1C26FB097170A2A91066D1E3A24366E3 -- C:\Windows\System32\cryptsvc.dll
[2006.11.02 10:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=1C26FB097170A2A91066D1E3A24366E3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6000.16386_none_73c8d7689de43d15\cryptsvc.dll
[2008.01.19 08:34:00 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2010.06.16 15:00:06 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2010.06.16 15:00:06 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010.06.16 15:00:06 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010.06.16 15:00:06 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010.06.16 15:49:21 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2010.06.16 15:49:21 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2010.06.16 15:00:06 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: HAL.DLL >
[2006.11.02 10:51:12 | 000,160,872 | ---- | M] (Microsoft Corporation) MD5=E3A21FC3407DA84C5FF41B5088A67C3B -- C:\Windows\System32\hal.dll

< MD5 for: IASTORV.SYS >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2006.11.02 10:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\drivers\isapnp.sys
[2006.11.02 10:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\isapnp.sys
[2008.01.19 08:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\isapnp.sys

< MD5 for: LSASS.EXE >
[2010.06.20 02:48:22 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2010.06.16 15:44:17 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2010.06.16 15:44:18 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2010.06.16 14:48:27 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2006.11.02 10:45:21 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=6A0E382E74280E4CC0DF17FE2661D003 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
[2010.06.20 02:48:21 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2010.06.16 15:44:17 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2010.06.16 14:48:27 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2010.06.20 02:48:22 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2010.06.16 15:44:19 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\System32\lsass.exe
[2010.06.16 15:44:19 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2010.06.16 15:44:16 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2010.06.16 15:44:18 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2010.06.16 14:48:26 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2010.06.16 14:48:26 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2010.06.16 14:48:26 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe

< MD5 for: NDIS.SYS >
[2006.11.02 10:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\System32\drivers\ndis.sys
[2006.11.02 10:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008.01.19 08:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008.01.19 08:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys
[2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< MD5 for: SMSS.EXE >
[2008.01.19 08:33:31 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[2006.11.02 10:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\System32\smss.exe
[2006.11.02 10:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6000.16386_none_aa03e6011c468ee6\smss.exe

< MD5 for: SVCHOST.EXE >
[2006.11.02 10:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe
[2006.11.02 10:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008.01.19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2010.06.16 15:50:48 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2010.06.16 15:50:45 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2010.06.16 14:51:49 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010.06.16 14:51:48 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2010.06.16 15:50:48 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2010.06.16 14:51:48 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010.06.16 14:51:49 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\System32\drivers\tcpip.sys
[2010.06.16 14:51:49 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2010.06.16 14:57:04 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
[2010.06.16 14:57:04 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
[2010.06.16 15:50:46 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2010.06.16 15:50:45 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010.06.16 14:51:48 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2006.11.02 09:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[2010.06.16 14:51:48 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2008.01.19 08:43:39 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2010.06.16 15:50:46 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.01.19 08:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
[2006.11.02 10:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
[2006.11.02 10:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2006.11.02 10:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2010.06.16 14:47:52 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >
[2006.11.02 10:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2010.06.16 14:47:52 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\system32\drivers\*.sys /3 >
[2011.02.20 13:22:42 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2011.02.20 13:39:08 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2011.02.20 13:39:17 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2011.02.20 13:39:07 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2011.02.20 13:39:18 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys

< %systemroot%\system32\*.* /3 >
[2011.02.20 16:42:18 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.20 16:42:18 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.20 13:39:17 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2011.02.20 14:47:07 | 000,081,404 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2011.02.20 14:47:07 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.20 14:47:07 | 000,473,598 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2011.02.20 14:47:07 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.20 14:47:07 | 001,259,320 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

< End of report >

[kodooo]

extras.txt

OTL Extras logfile created on: 20.2.2011 16:58:21 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Miriam\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 179,34 Gb Free Space | 77,01% Space Free | Partition Type: NTFS

Computer Name: MIRIAM-NTB | User Name: Miriam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.reg [@ = regfile] -- C:\Windows\System32\regedit.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2749248260-4257000846-3406736192-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{160F963F-A421-40E7-A80A-E424D2ED8BA8}" = rport=445 | protocol=6 | dir=out | app=system |
"{3DE68691-5481-4A89-9268-32578AB4CF59}" = rport=138 | protocol=17 | dir=out | app=system |
"{5AE4747B-2FEF-4EB3-A67B-3E910CB14D8B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6234CD74-8F5A-40CF-8550-3A36E3415D1B}" = lport=139 | protocol=6 | dir=in | app=system |
"{64DE48B5-3908-4D94-ACDE-4ABF9F5F3B42}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{78279743-E0B3-46AD-9AFA-B6C90075AA42}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{79118594-6050-45FF-B824-7DE259364123}" = rport=139 | protocol=6 | dir=out | app=system |
"{AD60473E-E7E6-4890-A355-20B877815D65}" = lport=138 | protocol=17 | dir=in | app=system |
"{B3C63F39-159B-4B52-91D9-92B9E8752E5A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B76CA177-8EE5-4419-8185-7F056ACE97B8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BA6458D8-EFF4-4123-AD72-5F4EAD691CFE}" = lport=445 | protocol=6 | dir=in | app=system |
"{D7A613D8-E52B-4EED-8501-DC4B438526F3}" = rport=137 | protocol=17 | dir=out | app=system |
"{E2273AFB-4DB9-4E36-A4F5-B4B12A7E359F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F777A052-8B5F-43C0-8993-03E82B35CE11}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{084DFE02-318F-4A8C-A7F4-235384EBFFE6}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{25D317EF-35E4-49AF-9657-8B63544B5AC1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4D155816-290A-423A-93AD-0E4BE7CEE7F6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{558D74C4-4839-4436-BDA1-361EBC718246}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{9ACC2250-3083-453E-B5CC-A22F48783AEB}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{B3F90741-F0FE-470F-89C2-8B5801960D84}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{D7BF8576-53D1-4BAE-85D5-A73B2414B3A5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D8122DD4-7A5A-4760-907A-F771798098AE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F10C915A-3FA5-41F6-9A3B-9D59E7819005}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{F85FE663-7283-4320-80AD-44DAC9C71C81}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{2E4974DA-6481-4C74-9745-BC833E6A2C8F}C:\users\miriam\appdata\local\temp\23498.exe" = protocol=6 | dir=in | app=c:\users\miriam\appdata\local\temp\23498.exe |
"TCP Query User{455C316F-4993-475D-9726-5E7242005F77}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{57C9A2B2-AAC9-44DE-A78D-40C062F3CACD}C:\users\miriam\appdata\local\temp\80326.exe" = protocol=6 | dir=in | app=c:\users\miriam\appdata\local\temp\80326.exe |
"TCP Query User{7144B75D-0BF7-4C98-B622-3A0D6050BAC4}C:\users\miriam\appdata\local\temp\87948.exe" = protocol=6 | dir=in | app=c:\users\miriam\appdata\local\temp\87948.exe |
"TCP Query User{A3D082BC-BDEA-46B4-B1C9-34AF4B28CABC}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{A7B90600-B9B1-4BF2-94C0-A7EDB8E33345}C:\users\miriam\appdata\roaming\lsass.exe" = protocol=6 | dir=in | app=c:\users\miriam\appdata\roaming\lsass.exe |
"TCP Query User{CAAB0222-8FC3-4D9C-B739-53C2163AFC60}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{DF98EBC0-EC4B-45A8-B26C-326E4D4D776C}C:\users\miriam\appdata\local\temp\8613267.exe" = protocol=6 | dir=in | app=c:\users\miriam\appdata\local\temp\8613267.exe |
"UDP Query User{064A268D-EF75-4699-8F40-BA4FC91BC133}C:\users\miriam\appdata\local\temp\8613267.exe" = protocol=17 | dir=in | app=c:\users\miriam\appdata\local\temp\8613267.exe |
"UDP Query User{26489C00-3150-49A9-82D3-EA0803F293F3}C:\users\miriam\appdata\local\temp\23498.exe" = protocol=17 | dir=in | app=c:\users\miriam\appdata\local\temp\23498.exe |
"UDP Query User{49B9CB19-9884-4499-9862-F36D879FCF40}C:\users\miriam\appdata\local\temp\80326.exe" = protocol=17 | dir=in | app=c:\users\miriam\appdata\local\temp\80326.exe |
"UDP Query User{7B7237BA-EB14-4D21-B257-97E260351284}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{BE44D0AA-13E3-4AF7-857E-B7C778C9C9C8}C:\users\miriam\appdata\local\temp\87948.exe" = protocol=17 | dir=in | app=c:\users\miriam\appdata\local\temp\87948.exe |
"UDP Query User{C21401AA-739F-446B-BD0B-7A2C4E793AD7}C:\users\miriam\appdata\roaming\lsass.exe" = protocol=17 | dir=in | app=c:\users\miriam\appdata\roaming\lsass.exe |
"UDP Query User{F5D00FFD-D962-46FB-9C10-61BC28B50CEC}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{F76D8A2B-2D46-428F-86FC-86AE82239BC5}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C8EF48-D666-4DDD-986E-CDE8E1DCF485}" = Ovi Desktop Sync Engine
"{1597D0AE-34A7-4A8B-A395-2E30EB745470}" = Nokia Connectivity Cable Driver
"{218D629E-8D06-4B23-A238-EB869770B6CC}" = MSVC90_x86
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{499B65FF-C8A9-478C-BD83-3E25714D72C9}" = PC Connectivity Solution
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD XP
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91CBABA8-2E52-4EFF-A4A6-26BE8C63CEB7}" = Nokia Ovi Suite Software Updater
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{F584F82F-79D5-4744-A702-E5BC4E8FBC83}" = OviMPlatform
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG 9.0
"CCleaner" = CCleaner
"Google Chrome" = Google Chrome
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"rajče.net_is1" = rajče verze 57 sestavení 192
"WinRAR archiver" = WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6.2.2011 9:55:07 | Computer Name = Miriam-NTB | Source = Application Hang | ID = 1002
Description = Program Explorer.EXE verze 6.0.6000.16771 přestal spolupracovat se
systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení
problémů. ID procesu: 1838b8 Čas zahájení: 01cbc5f4ce29bbce Čas ukončení: 62

Error - 6.2.2011 15:51:24 | Computer Name = Miriam-NTB | Source = EventSystem | ID = 4609
Description =

Error - 6.2.2011 15:54:05 | Computer Name = Miriam-NTB | Source = Application Error | ID = 1000
Description = Chybující aplikace Explorer.EXE, verze 6.0.6000.16771, časové razítko
0x4907deda, chybující modul wdmaud.drv, verze 6.0.6000.16386, časové razítko 0x4549bde3,
kód výjimky 0xc0000005, posun chyby 0x0000e153, ID procesu 0x678, čas spuštění aplikace
0x01cbc6378c2b30d9.

Error - 6.2.2011 16:16:31 | Computer Name = Miriam-NTB | Source = Application Error | ID = 1000
Description = Chybující aplikace Explorer.EXE, verze 6.0.6000.16771, časové razítko
0x4907deda, chybující modul RPCRT4.dll, verze 6.0.6000.16850, časové razítko 0x49f066bd,
kód výjimky 0xc0000005, posun chyby 0x00064260, ID procesu 0x768, čas spuštění aplikace
0x01cbc63997dab7a4.

Error - 9.2.2011 17:55:49 | Computer Name = Miriam-NTB | Source = Application Error | ID = 1000
Description = Chybující aplikace Explorer.EXE, verze 6.0.6000.16771, časové razítko
0x4907deda, chybující modul ntdll.dll, verze 6.0.6000.16386, časové razítko 0x4549bdc9,
kód výjimky 0xc0000008, posun chyby 0x000768b0, ID procesu 0x68c, čas spuštění aplikace
0x01cbc8a3f92f05f7.

Error - 13.2.2011 5:09:11 | Computer Name = Miriam-NTB | Source = Application Hang | ID = 1002
Description = Program Explorer.EXE verze 6.0.6000.16771 přestal spolupracovat se
systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení
problémů. ID procesu: 6ec Čas zahájení: 01cbcb509520b0c4 Čas ukončení: 141

Error - 20.2.2011 8:25:30 | Computer Name = Miriam-NTB | Source = VSS | ID = 8194
Description =

Error - 20.2.2011 8:31:00 | Computer Name = Miriam-NTB | Source = Application Error | ID = 1000
Description = Chybující aplikace Explorer.EXE, verze 6.0.6000.16771, časové razítko
0x4907deda, chybující modul ntdll.dll, verze 6.0.6000.16386, časové razítko 0x4549bdc9,
kód výjimky 0xc0000008, posun chyby 0x000768b0, ID procesu 0x79c, čas spuštění aplikace
0x01cbd0f9abc1b68a.

Error - 20.2.2011 8:34:57 | Computer Name = Miriam-NTB | Source = VSS | ID = 8194
Description =

Error - 20.2.2011 8:39:22 | Computer Name = Miriam-NTB | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 11.10.2010 1:52:20 | Computer Name = Miriam-NTB | Source = ACPI | ID = 327686
Description = IRQARB: Systém ACPI BIOS neobsahuje přerušení IRQ pro zařízení v patici
PCI 7 s funkcí 0. Obraťte se na prodejce systému s žádostí o odbornou pomoc.

Error - 14.10.2010 5:15:15 | Computer Name = Miriam-NTB | Source = ACPI | ID = 327686
Description = IRQARB: Systém ACPI BIOS neobsahuje přerušení IRQ pro zařízení v patici
PCI 4 s funkcí 0. Obraťte se na prodejce systému s žádostí o odbornou pomoc.

Error - 14.10.2010 5:15:15 | Computer Name = Miriam-NTB | Source = ACPI | ID = 327686
Description = IRQARB: Systém ACPI BIOS neobsahuje přerušení IRQ pro zařízení v patici
PCI 5 s funkcí 0. Obraťte se na prodejce systému s žádostí o odbornou pomoc.

Error - 14.10.2010 5:15:15 | Computer Name = Miriam-NTB | Source = ACPI | ID = 327686
Description = IRQARB: Systém ACPI BIOS neobsahuje přerušení IRQ pro zařízení v patici
PCI 6 s funkcí 0. Obraťte se na prodejce systému s žádostí o odbornou pomoc.

Error - 14.10.2010 5:15:15 | Computer Name = Miriam-NTB | Source = ACPI | ID = 327686
Description = IRQARB: Systém ACPI BIOS neobsahuje přerušení IRQ pro zařízení v patici
PCI 7 s funkcí 0. Obraťte se na prodejce systému s žádostí o odbornou pomoc.

Error - 16.10.2010 19:37:48 | Computer Name = Miriam-NTB | Source = ACPI | ID = 327686
Description = IRQARB: Systém ACPI BIOS neobsahuje přerušení IRQ pro zařízení v patici
PCI 4 s funkcí 0. Obraťte se na prodejce systému s žádostí o odbornou pomoc.

Error - 16.10.2010 19:37:48 | Computer Name = Miriam-NTB | Source = ACPI | ID = 327686
Description = IRQARB: Systém ACPI BIOS neobsahuje přerušení IRQ pro zařízení v patici
PCI 5 s funkcí 0. Obraťte se na prodejce systému s žádostí o odbornou pomoc.

Error - 16.10.2010 19:37:48 | Computer Name = Miriam-NTB | Source = ACPI | ID = 327686
Description = IRQARB: Systém ACPI BIOS neobsahuje přerušení IRQ pro zařízení v patici
PCI 6 s funkcí 0. Obraťte se na prodejce systému s žádostí o odbornou pomoc.

Error - 16.10.2010 19:37:48 | Computer Name = Miriam-NTB | Source = ACPI | ID = 327686
Description = IRQARB: Systém ACPI BIOS neobsahuje přerušení IRQ pro zařízení v patici
PCI 7 s funkcí 0. Obraťte se na prodejce systému s žádostí o odbornou pomoc.

Error - 16.10.2010 19:39:49 | Computer Name = Miriam-NTB | Source = Service Control Manager | ID = 7000
Description =


< End of report >

[kodooo]

soubory mi nešly vložit, tak jsem to celé zkopíroval, doufám, že nevadí děkuji za rady

[vyosek]

Presne takhle jsem to chtel, dejte mi chvili, nez napisu dalsi postup...

[vyosek]

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

• Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
• Spustte a kliknete na Deletion
• Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

Spustte znovu OTL

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  :otl
  IE - HKU\S-1-5-21-2749248260-4257000846-3406736192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2475029
  IE - HKU\S-1-5-21-2749248260-4257000846-3406736192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
  IE - HKU\S-1-5-21-2749248260-4257000846-3406736192-1000\..\URLSearchHook: - Reg Error: Key error. File not found
  IE - HKU\S-1-5-21-2749248260-4257000846-3406736192-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
  IE - HKU\S-1-5-21-2749248260-4257000846-3406736192-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60242
  FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
  FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
  FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q="
  FF - prefs.js..network.proxy.http: "127.0.0.1"
  FF - prefs.js..network.proxy.http_port: 60242
  FF - prefs.js..network.proxy.share_proxy_settings: true
  [2010.01.20 12:19:10 | 000,000,923 | ---- | M] () -- C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\7h0896r2.default\searchplugins\conduit.xml
  O4 - HKU\S-1-5-21-2749248260-4257000846-3406736192-1000..\Run: [gcfgd] C:\Users\Miriam\AppData\Roaming\vdmdbgl.dll ()
  O4 - HKU\S-1-5-21-2749248260-4257000846-3406736192-1000..\Run: [Regedit32] C:\Windows\System32\regedit.exe (Microsoft Corporation)
  O4 - HKU\S-1-5-21-2749248260-4257000846-3406736192-1000..\Run: [Remote Registry Service] C:\Users\Miriam\RegServ\regsrv32.exe ()
  O13 - gopher Prefix: missing
  [2011.02.20 16:30:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
  [2011.02.20 14:42:21 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
  [2011.01.16 13:14:31 | 000,000,000 | ---- | C] () -- C:\Users\Miriam\AppData\Local\1431599.exe
  [2011.01.15 08:29:37 | 000,005,820 | ---- | C] () -- C:\Users\Miriam\AppData\Roaming\10B6.4BF
  [2011.01.11 20:39:00 | 000,000,000 | -H-- | C] () -- C:\Users\Miriam\AppData\Roaming\gl67knii11.txt
  [2011.01.10 08:44:19 | 000,000,000 | -H-- | C] () -- C:\Users\Miriam\AppData\Roaming\kegj1iEJbH.txt
  [2011.01.10 01:11:38 | 000,000,000 | -H-- | C] () -- C:\Users\Miriam\AppData\Roaming\icgNg6Hmhb.txt
  [2010.12.21 07:29:11 | 000,000,000 | R--- | C] () -- C:\Users\Miriam\AppData\Roaming\LH0LEEkfKg.txt
  [2010.12.19 09:29:53 | 000,000,000 | R--- | C] () -- C:\Users\Miriam\AppData\Roaming\GJ6AC1NGjh.txt
  [2010.12.11 20:25:53 | 000,000,000 | R--- | C] () -- C:\Users\Miriam\AppData\Roaming\MlDE06imkg.txt
  [2010.12.08 07:41:18 | 000,000,000 | R--- | C] () -- C:\Users\Miriam\AppData\Roaming\idgGK7ljd7.txt
  [2010.11.24 21:28:12 | 000,116,224 | RHS- | C] () -- C:\Users\Miriam\AppData\Roaming\vdmdbgl.dll
  [2010.11.24 16:37:02 | 000,000,000 | R--- | C] () -- C:\Users\Miriam\AppData\Roaming\nK6Nk.txt
  [2010.11.23 13:39:05 | 000,000,000 | R--- | C] () -- C:\Users\Miriam\AppData\Roaming\hDlkH.txt
  [2010.11.22 12:33:36 | 000,000,000 | R--- | C] () -- C:\Users\Miriam\AppData\Roaming\k6jLC.txt
  [2010.11.21 12:48:43 | 000,000,000 | R--- | C] () -- C:\Users\Miriam\AppData\Roaming\BG0Ai.txt
   
  :files
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp /s
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINTS]

• Nasledne kliknete na Opravit
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[kodooo]

############################## | UsbFix 7.014 | [Deletion]

User: Miriam (Administrator) # MIRIAM-NTB [ASUSTeK Computer Inc. X51RL]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 17:38:34 | 20/02/2011
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz
CPU 2: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz
Microsoft® Windows Vista™ Home Premium (6.0.6000 32-Bit) #
Internet Explorer 7.0.6000.17037

Windows Firewall: Disabled /!\
Antivirus: AVG Internet Security 9.0 [Enabled | Updated]
Firewall: AVG Firewall 9.0 [Enabled]
RAM -> 1919 Mb
C:\ (%systemdrive%) -> Fixed drive # 233 Gb (179 Mb free - 77%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 7 Gb (2 Mb free - 27%) [PUBLIC] # FAT32

################## | Files # Infected Folders |

Deleted ! E:\Autorun.inf
Deleted ! E:\regedit.exe

################## | Registry |

Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Regedit32

################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{33a4aba6-c5af-11df-9c5f-001fc64cf0fc}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{654ca5cb-3ce6-11e0-bdb4-001fc64cf0fc}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{9731a864-8b29-11df-9f8a-001fc64cf0fc}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{c84016b2-fd54-11df-8f3e-001fc64cf0fc}

################## | Listing |

[20/02/2011 - 14:09:23 | HD ] C:\$AVG
[20/02/2011 - 17:40:30 | SHD ] C:\$Recycle.Bin
[18/09/2006 - 22:43:36 | A | 24] C:\autoexec.bat
[26/05/2010 - 15:35:32 | SHD ] C:\Boot
[02/11/2006 - 10:53:57 | RASH | 438840] C:\bootmgr
[26/05/2010 - 15:35:33 | RAS | 8192] C:\BOOTSECT.BAK
[06/02/2011 - 12:39:01 | D ] C:\Casino
[18/09/2006 - 22:43:37 | A | 10] C:\config.sys
[02/11/2006 - 14:02:03 | SHD ] C:\Documents and Settings
[27/11/2010 - 22:22:06 | SHD ] C:\found.000
[20/02/2011 - 14:42:11 | ASH | 2012504064] C:\hiberfil.sys
[20/02/2011 - 14:42:09 | ASH | 2326429696] C:\pagefile.sys
[20/02/2011 - 13:20:57 | RD ] C:\Program Files
[20/02/2011 - 13:20:45 | HD ] C:\ProgramData
[27/05/2010 - 06:31:12 | RD ] C:\Programy
[20/02/2011 - 17:39:51 | RSHD ] C:\RECYCLER
[20/02/2011 - 17:20:02 | SHD ] C:\System Volume Information
[20/02/2011 - 17:40:30 | D ] C:\UsbFix
[20/02/2011 - 17:38:36 | A | 2340] C:\UsbFix.txt
[26/05/2010 - 14:52:23 | RD ] C:\Users
[20/02/2011 - 13:29:20 | D ] C:\Windows
[29/02/2008 - 19:11:00 | A | 501751] E:\LOCKv100 (mode 8).pdf
[09/03/2010 - 17:50:38 | A | 1429504] E:\LOCKv2.38.exe
[09/02/2011 - 17:05:32 | A | 733941760] E:\Maximální limit.avi
[05/02/2011 - 09:04:00 | A | 722522112] E:\Muž ve stínu.avi
[12/02/2011 - 18:17:26 | A | 736661504] E:\Záložní plán.avi
[15/02/2011 - 11:40:48 | D ] E:\Cizinec
[27/01/2011 - 18:42:54 | A | 603164672] E:\Štěstí ve hře.avi
[22/01/2011 - 08:54:10 | A | 749498368] E:\Blbec k večeři.avi
[14/01/2011 - 21:18:06 | A | 718200832] E:\Tikot hodin.avi
[01/12/2010 - 17:38:42 | A | 807327168] E:\Chlupatá odplata.avi
[20/02/2011 - 12:53:54 | RSHD ] E:\~System

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
E:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_MIRIAM-NTB.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.

################## | E.O.F |

[vyosek]

Tak a vzhuru na OTL

[kodooo]

All processes killed
========== OTL ==========
HKU\S-1-5-21-2749248260-4257000846-3406736192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2749248260-4257000846-3406736192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2749248260-4257000846-3406736192-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\ deleted successfully.
HKU\S-1-5-21-2749248260-4257000846-3406736192-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-2749248260-4257000846-3406736192-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "MyAshampoo Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.as ... earchTerms}" removed from browser.search.defaulturl
Prefs.js: "http://search.conduit.com/ResultsExt.as ... 2475029&q=" removed from keyword.URL
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 60242 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\7h0896r2.default\searchplugins\conduit.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-2749248260-4257000846-3406736192-1000\Software\Microsoft\Windows\CurrentVersion\Run\\gcfgd deleted successfully.
C:\Users\Miriam\AppData\Roaming\vdmdbgl.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2749248260-4257000846-3406736192-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 not found.
C:\Windows\System32\regedit.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2749248260-4257000846-3406736192-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Remote Registry Service deleted successfully.
C:\Users\Miriam\RegServ\regsrv32.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Users\Miriam\AppData\Local\1431599.exe moved successfully.
C:\Users\Miriam\AppData\Roaming\10B6.4BF moved successfully.
C:\Users\Miriam\AppData\Roaming\gl67knii11.txt moved successfully.
C:\Users\Miriam\AppData\Roaming\kegj1iEJbH.txt moved successfully.
C:\Users\Miriam\AppData\Roaming\icgNg6Hmhb.txt moved successfully.
C:\Users\Miriam\AppData\Roaming\LH0LEEkfKg.txt moved successfully.
C:\Users\Miriam\AppData\Roaming\GJ6AC1NGjh.txt moved successfully.
C:\Users\Miriam\AppData\Roaming\MlDE06imkg.txt moved successfully.
C:\Users\Miriam\AppData\Roaming\idgGK7ljd7.txt moved successfully.
File C:\Users\Miriam\AppData\Roaming\vdmdbgl.dll not found.
C:\Users\Miriam\AppData\Roaming\nK6Nk.txt moved successfully.
C:\Users\Miriam\AppData\Roaming\hDlkH.txt moved successfully.
C:\Users\Miriam\AppData\Roaming\k6jLC.txt moved successfully.
C:\Users\Miriam\AppData\Roaming\BG0Ai.txt moved successfully.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp folder moved successfully.
C:\Windows\Temp\CR_BC5B.tmp folder moved successfully.
C:\Windows\Temp\CR_E5D6.tmp folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Miriam
->Temp folder emptied: 14579611 bytes
->Temporary Internet Files folder emptied: 150530 bytes
->FireFox cache emptied: 59164427 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 6059 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 286155 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 71,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Miriam
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb



OTL by OldTimer - Version 3.2.20.6 log created on 02202011_174402

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[vyosek]

Spustte znovu OTL a kliknete na Vycisti

Znovu spusťte Usbfix a zvolte možnost Uninstall.

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

• Provedte aktualizaci - treti zalozka
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

[kodooo]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5821

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

20.2.2011 18:52:46
mbam-log-2011-02-20 (18-52-38)d

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 205012
Uplynulý čas: 33 minut, 5 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 2
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 5

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Value: host -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Value: id -> No action taken.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Users\Miriam\downloads\europasetup_c9d297.exe (PUP.Casino) -> No action taken.
c:\Users\Miriam\downloads\setupcasino_bb0b94_cz.exe (PUP.Casino) -> No action taken.
c:\programdata\common.data (Malware.Trace) -> No action taken.
c:\Users\Miriam\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.
c:\Users\Miriam\secupdat.dat (Worm.Autorun) -> No action taken.

[vyosek]

Vse co nasel MBAM smazte

Jak se chova PC