VIRY.CZ

ok, dakujem.
azjtra pridem tak vecer az po praci.

Pak se ozvěte

log z otl:

OTL logfile created on: 4. 1. 2011 22:55:07 - Run 2
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Saga\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 107,22 Gb Total Space | 6,03 Gb Free Space | 5,62% Space Free | Partition Type: NTFS
Drive D: | 2,00 Gb Total Space | 1,39 Gb Free Space | 69,68% Space Free | Partition Type: NTFS

Computer Name: SAGA-NB | User Name: Saga | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/04 22:27:16 | 000,910,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/26 19:28:28 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Saga\Desktop\OTL.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/12/26 19:28:28 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Saga\Desktop\OTL.exe
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2007/09/20 14:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)

========== Driver Services (SafeList) ==========

DRV - [2010/09/07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 16:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/13 23:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/13 23:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/25 15:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 15:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 15:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/01/20 15:36:42 | 001,207,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/01/20 15:36:12 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2007/09/13 14:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/06/25 17:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-634317434-1714682173-995488421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-634317434-1714682173-995488421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 29 10 91 65 2C A5 CB 01 [binary data]
IE - HKU\S-1-5-21-634317434-1714682173-995488421-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 7
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..network.proxy.backup.ftp: "proxy01-15.roburnet.lan"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "proxy01-15.roburnet.lan"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "proxy01-15.roburnet.lan"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "proxy01-15.roburnet.lan"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "proxy-01-15.roburnet.lan"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy-01-15.roburnet.lan"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy-01-15.roburnet.lan"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, 192.168.1.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy-01-15.roburnet.lan"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy-01-15.roburnet.lan"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_result ... id=afex&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/04 22:27:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/04 22:27:42 | 000,000,000 | ---D | M]

[2009/12/22 00:06:20 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\mozilla\Extensions
[2011/01/04 22:53:09 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\mozilla\Firefox\Profiles\egogpyjf.default\extensions
[2009/12/22 00:06:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Saga\AppData\Roaming\mozilla\Firefox\Profiles\egogpyjf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/05 17:36:26 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Saga\AppData\Roaming\mozilla\Firefox\Profiles\egogpyjf.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/12/22 00:06:50 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\mozilla\Firefox\Profiles\egogpyjf.default\extensions\firefox@tvunetworks.com
[2010/07/10 23:45:17 | 000,002,393 | ---- | M] () -- C:\Users\Saga\AppData\Roaming\Mozilla\FireFox\Profiles\egogpyjf.default\searchplugins\askcom.xml
[2011/01/04 22:38:01 | 000,000,961 | ---- | M] () -- C:\Users\Saga\AppData\Roaming\Mozilla\FireFox\Profiles\egogpyjf.default\searchplugins\icqplugin-1.xml
[2008/12/17 12:50:24 | 000,000,950 | ---- | M] () -- C:\Users\Saga\AppData\Roaming\Mozilla\FireFox\Profiles\egogpyjf.default\searchplugins\icqplugin-10.xml
[2009/02/06 22:40:02 | 000,000,950 | ---- | M] () -- C:\Users\Saga\AppData\Roaming\Mozilla\FireFox\Profiles\egogpyjf.default\searchplugins\icqplugin-11.xml
[2009/03/10 21:13:52 | 000,000,950 | ---- | M] () -- C:\Users\Saga\AppData\Roaming\Mozilla\FireFox\Profiles\egogpyjf.default\searchplugins\icqplugin-12.xml
[2009/03/12 00:14:10 | 000,000,950 | ---- | M] () -- C:\Users\Saga\AppData\Roaming\Mozilla\FireFox\Profiles\egogpyjf.default\searchplugins\icqplugin-13.xml
[2009/03/29 22:58:52 | 000,000,950 | ---- | M] () -- C:\Users\Saga\AppData\Roaming\Mozilla\FireFox\Profiles\egogpyjf.default\searchplugins\icqplugin-14.xml
[2009/04/23 08:24:42 | 000,000,950 | ---- | M] () -- C:\Users\Saga\AppData\Roaming\Mozilla\FireFox\Profiles\egogpyjf.default\searchplugins\icqplugin-15.xml
[2009/04/28 18:26:16 | 000,000,950 | ---- | M] () -- C:\Users\Saga\AppData\Roaming\Mozilla\FireFox\Profiles\egogpyjf.default\searchplugins\icqplugin-16.xml
[2009/06/25 22:03:24 | 000,000,950 | ---- | M] () -- C:\Users\Saga\AppData\Roaming\Mozilla\FireFox\Profiles\egogpyjf.default\searchplugins\icqplugin-17.xml
[2009/07/28 15:00:20 | 000,000,950 | ---- | M] () -- C:\Users\Saga\AppData\Roaming\Mozilla\FireFox\Profiles\egogpyjf.default\searchplugins\icqplugin-18.xml
[2007/12/08 19:47:52 | 000,000,951 | ---- | M] () -- C:\Users\Saga\AppData\Roaming\Mozilla\FireFox\Profiles\egogpyjf.default\searchplugins\icqplugin-2.xml
[2008/02/09 10:07:02 | 000,000,950 | ---- | M] () -- C:\Users\Saga\AppData\Roaming\Mozilla\FireFox\Profiles\egogpyjf.default\searchplugins\icqplugin-3.xml
[2008/03/10 19:51:12 | 000,000,950 | ---- | M] () -- C:\Users\Saga\AppData\Roaming\Mozilla\FireFox\Profiles\egogpyjf.default\searchplugins\icqplugin-4.xml
[2008/10/09 21:11:36 | 000,000,950 | ---- | M] () -- C:\Users\Saga\AppData\Roaming\Mozilla\FireFox\Profiles\egogpyjf.default\searchplugins\icqplugin-5.xml
[2008/11/13 22:36:38 | 000,000,950 | ---- | M] () -- C:\Users\Saga\AppData\Roaming\Mozilla\FireFox\Profiles\egogpyjf.default\searchplugins\icqplugin-6.xml
[2008/11/14 10:00:00 | 000,000,950 | ---- | M] () -- C:\Users\Saga\AppData\Roaming\Mozilla\FireFox\Profiles\egogpyjf.default\searchplugins\icqplugin-7.xml
[2008/12/12 21:18:26 | 000,000,950 | ---- | M] () -- C:\Users\Saga\AppData\Roaming\Mozilla\FireFox\Profiles\egogpyjf.default\searchplugins\icqplugin-8.xml
[2008/12/12 23:16:18 | 000,000,950 | ---- | M] () -- C:\Users\Saga\AppData\Roaming\Mozilla\FireFox\Profiles\egogpyjf.default\searchplugins\icqplugin-9.xml
[2008/07/10 13:07:28 | 000,000,944 | ---- | M] () -- C:\Users\Saga\AppData\Roaming\Mozilla\FireFox\Profiles\egogpyjf.default\searchplugins\icqplugin.xml
[2009/03/03 20:38:28 | 000,003,915 | ---- | M] () -- C:\Users\Saga\AppData\Roaming\Mozilla\FireFox\Profiles\egogpyjf.default\searchplugins\sweetim.xml
[2011/01/04 22:53:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/28 11:29:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/05 08:00:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/01/04 22:27:36 | 000,001,583 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\atlas-sk.xml
[2011/01/04 22:27:36 | 000,001,380 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\azet-sk.xml
[2011/01/04 22:27:36 | 000,001,479 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2011/01/04 22:27:36 | 000,001,473 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2011/01/04 22:27:36 | 000,001,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2011/01/04 22:27:36 | 000,000,830 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2010/12/16 22:55:53 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2 192.168.1.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/02 19:30:39 | 000,000,000 | ---D | C] -- C:\Users\Saga\Desktop\nye fb
[2011/01/02 19:29:11 | 000,000,000 | ---D | C] -- C:\Users\Saga\Desktop\NYE krk
[2010/12/26 19:28:23 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Saga\Desktop\OTL.exe
[2010/12/22 20:30:04 | 000,000,000 | ---D | C] -- C:\rsit
[2010/12/13 22:45:00 | 000,000,000 | ---D | C] -- C:\Users\Saga\Desktop\Virus Removal Tool1
[2010/12/13 22:37:36 | 000,000,000 | ---D | C] -- C:\Users\Saga\Desktop\bootkit_remover
[2010/12/13 21:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/12/13 21:04:12 | 074,815,432 | ---- | C] ( ) -- C:\Users\Saga\Desktop\setup_9.0.0.722_03.09.2010_20-26.exe
[2010/12/12 22:00:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/12 22:00:43 | 000,000,000 | --SD | C] -- C:\beruška.com
[2010/12/12 21:59:43 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/12/12 11:54:53 | 000,000,000 | ---D | C] -- C:\Users\Saga\AppData\Roaming\Malwarebytes
[2010/12/12 11:54:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/12 11:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/12 11:54:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/12 11:54:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/12 11:51:53 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Saga\Desktop\mbam-setup-1.50.0.0.exe
[2010/12/11 22:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/12/11 22:31:34 | 000,000,000 | ---D | C] -- C:\Users\Saga\Pavark
[2010/12/11 21:13:53 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/12/11 12:32:44 | 000,000,000 | ---D | C] -- C:\Users\Saga\Bluetooth Software
[2010/12/11 12:32:44 | 000,000,000 | ---D | C] -- C:\Users\Saga\Documents\Bluetooth Exchange Folder
[2010/12/11 12:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2010/12/11 12:24:20 | 000,000,000 | ---D | C] -- C:\Users\Saga\AppData\Roaming\Dell
[2010/12/11 12:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2010/12/11 12:22:05 | 000,991,232 | ---- | C] (Dell Inc.) -- C:\Windows\System32\BCMLogon.dll
[2010/12/11 12:22:03 | 002,682,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vcredist_x86.exe
[2010/12/11 12:22:03 | 000,018,424 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\bcm42rly.sys
[2010/12/11 12:22:02 | 004,145,152 | ---- | C] (Dell Inc.) -- C:\Windows\System32\bcmttls.dll
[2010/12/11 12:22:02 | 000,286,720 | ---- | C] (Dell Inc.) -- C:\Windows\System32\bcmwlu00.exe
[2010/12/11 12:22:01 | 006,369,280 | ---- | C] (Dell Inc.) -- C:\Windows\System32\BCMWLCPL.CPL
[2010/12/11 12:22:01 | 000,065,536 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\wltrynt.dll
[2010/12/11 12:22:00 | 000,163,840 | ---- | C] (Broadcom Corp.) -- C:\Windows\System32\bcmwlapi.dll
[2010/12/11 12:21:59 | 003,829,760 | ---- | C] (Dell Inc.) -- C:\Windows\System32\bcmihvsrv.dll
[2010/12/11 12:21:59 | 003,489,792 | ---- | C] (Dell Inc.) -- C:\Windows\System32\bcmihvui.dll
[2010/12/11 12:21:59 | 001,207,288 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\BCMWL6.SYS
[2010/12/11 12:21:59 | 000,087,328 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\bcmwlcoi.dll
[2010/12/11 12:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2010/12/11 12:21:37 | 000,000,000 | ---D | C] -- C:\Users\Saga\AppData\Roaming\InstallShield
[2010/12/11 09:01:03 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/12/11 08:58:40 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/12/11 08:58:39 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/12/11 08:58:38 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/12/11 08:58:36 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/12/11 08:58:34 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/12/11 08:58:21 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/12/11 08:58:20 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[1 C:\Users\Saga\Desktop\*.tmp files -> C:\Users\Saga\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/04 22:49:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/04 22:49:46 | 1609,072,640 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/04 22:32:27 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/04 22:32:27 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/02 22:03:08 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/26 19:28:28 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Saga\Desktop\OTL.exe
[2010/12/22 20:29:48 | 000,339,991 | ---- | M] () -- C:\Users\Saga\Desktop\RSIT.exe
[2010/12/22 19:34:47 | 000,015,082 | ---- | M] () -- C:\Users\Saga\Desktop\[isoHunt] Home Alone 2 [DVDRip][Eng][1992][BugzBunny].torrent
[2010/12/22 01:16:06 | 000,013,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/22 01:16:06 | 000,013,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/19 10:54:15 | 000,014,870 | ---- | M] () -- C:\Users\Saga\Desktop\[isoHunt] Eat Pray Love.2010.R5.LiNE.Xvid {1337x}-Noir.torrent
[2010/12/19 10:39:56 | 000,016,646 | ---- | M] () -- C:\Users\Saga\Desktop\[isoHunt] INGLORIOUS BASTARDS 2009_DVDRIP_KNIGHT RIDERS RELEASE_XVID.avi.torrent
[2010/12/16 22:55:53 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/12/16 22:42:12 | 000,157,030 | ---- | M] () -- C:\Users\Saga\Desktop\Bez názvu.png
[2010/12/13 22:43:33 | 000,039,605 | ---- | M] () -- C:\Users\Saga\Desktop\bootkit_remover.rar
[2010/12/13 21:07:09 | 074,815,432 | ---- | M] ( ) -- C:\Users\Saga\Desktop\setup_9.0.0.722_03.09.2010_20-26.exe
[2010/12/13 19:12:28 | 353,628,845 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/12 21:59:33 | 003,988,679 | R--- | M] () -- C:\Users\Saga\Desktop\beruška.com.exe
[2010/12/12 11:52:11 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Saga\Desktop\mbam-setup-1.50.0.0.exe
[2010/12/11 22:30:28 | 000,311,591 | ---- | M] () -- C:\Users\Saga\Desktop\AntiRootkit.zip
[2010/12/11 21:13:26 | 001,372,818 | ---- | M] () -- C:\Users\Saga\Desktop\sar_15_sfx.rar
[2010/12/11 16:06:16 | 000,014,529 | ---- | M] () -- C:\Users\Saga\Desktop\39795BC0A7C6272339485DD9B2AE97458E654ECF.torrent
[2010/12/11 12:27:54 | 046,149,072 | ---- | M] () -- C:\Users\Saga\Desktop\R140135.exe
[2010/12/11 12:22:54 | 000,772,936 | ---- | M] () -- C:\Windows\System32\oem9.inf
[2010/12/11 12:20:14 | 060,833,624 | ---- | M] () -- C:\Users\Saga\Desktop\R209077.exe
[2010/12/11 08:58:41 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/12/11 08:58:34 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/12/11 08:54:41 | 052,150,856 | ---- | M] () -- C:\Users\Saga\Desktop\setup_av_free.exe
[1 C:\Users\Saga\Desktop\*.tmp files -> C:\Users\Saga\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/22 20:29:45 | 000,339,991 | ---- | C] () -- C:\Users\Saga\Desktop\RSIT.exe
[2010/12/22 19:34:41 | 000,015,082 | ---- | C] () -- C:\Users\Saga\Desktop\[isoHunt] Home Alone 2 [DVDRip][Eng][1992][BugzBunny].torrent
[2010/12/19 10:54:14 | 000,014,870 | ---- | C] () -- C:\Users\Saga\Desktop\[isoHunt] Eat Pray Love.2010.R5.LiNE.Xvid {1337x}-Noir.torrent
[2010/12/19 10:39:52 | 000,016,646 | ---- | C] () -- C:\Users\Saga\Desktop\[isoHunt] INGLORIOUS BASTARDS 2009_DVDRIP_KNIGHT RIDERS RELEASE_XVID.avi.torrent
[2010/12/16 22:42:11 | 000,157,030 | ---- | C] () -- C:\Users\Saga\Desktop\Bez názvu.png
[2010/12/13 22:37:30 | 000,039,605 | ---- | C] () -- C:\Users\Saga\Desktop\bootkit_remover.rar
[2010/12/12 22:15:57 | 353,628,845 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/12/12 21:59:01 | 003,988,679 | R--- | C] () -- C:\Users\Saga\Desktop\beruška.com.exe
[2010/12/12 11:54:45 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/12 11:21:58 | 000,000,392 | ---- | C] () -- C:\Program Files\lvzqx.txt
[2010/12/11 22:30:24 | 000,311,591 | ---- | C] () -- C:\Users\Saga\Desktop\AntiRootkit.zip
[2010/12/11 21:13:25 | 001,372,818 | ---- | C] () -- C:\Users\Saga\Desktop\sar_15_sfx.rar
[2010/12/11 16:06:13 | 000,014,529 | ---- | C] () -- C:\Users\Saga\Desktop\39795BC0A7C6272339485DD9B2AE97458E654ECF.torrent
[2010/12/11 12:26:54 | 046,149,072 | ---- | C] () -- C:\Users\Saga\Desktop\R140135.exe
[2010/12/11 12:23:18 | 000,772,936 | ---- | C] () -- C:\Windows\System32\oem9.inf
[2010/12/11 12:22:03 | 000,001,591 | ---- | C] () -- C:\Windows\System32\Uninst_EAPModules.bat
[2010/12/11 12:22:03 | 000,000,416 | ---- | C] () -- C:\Windows\System32\vcredist_x86.bat
[2010/12/11 12:22:02 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2010/12/11 12:22:00 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2010/12/11 12:13:36 | 060,833,624 | ---- | C] () -- C:\Users\Saga\Desktop\R209077.exe
[2010/12/11 08:58:41 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/12/11 08:54:02 | 052,150,856 | ---- | C] () -- C:\Users\Saga\Desktop\setup_av_free.exe
[2010/12/04 08:31:10 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/07/12 16:49:04 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2010/07/12 16:49:04 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2010/07/12 16:49:04 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2010/07/12 16:45:45 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010/07/12 16:45:45 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010/07/04 21:43:22 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/07/04 20:50:31 | 000,000,225 | ---- | C] () -- C:\Users\Saga\AppData\Roaming\burnaware.ini
[2009/12/23 18:39:40 | 000,010,240 | ---- | C] () -- C:\Users\Saga\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 00:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll
[2009/07/14 00:24:44 | 000,003,584 | ---- | C] () -- C:\Windows\System32\kb.dll

========== LOP Check ==========

[2010/12/23 00:52:36 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\BitTorrent
[2010/07/04 21:43:46 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\Canneverbe Limited
[2010/12/11 10:15:07 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\COWON
[2010/10/27 08:13:43 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\ICQ
[2010/01/12 11:25:04 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\OpenOffice.org
[2009/12/22 18:55:44 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\TeamViewer
[2010/08/25 07:49:31 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010/01/18 11:22:28 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\Adobe
[2010/12/23 00:52:36 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\BitTorrent
[2010/07/04 21:43:46 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\Canneverbe Limited
[2010/12/11 10:15:07 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\COWON
[2010/12/11 12:24:20 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\Dell
[2009/12/22 21:53:16 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\Digsby
[2010/05/18 18:30:38 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\dvdcss
[2010/10/27 08:13:43 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\ICQ
[2009/12/21 23:57:20 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\Identities
[2010/12/11 12:21:37 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\InstallShield
[2009/12/22 18:11:58 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\Macromedia
[2010/12/12 11:54:53 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\Malwarebytes
[2009/07/14 08:49:10 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\Media Center Programs
[2010/12/04 19:09:44 | 000,000,000 | --SD | M] -- C:\Users\Saga\AppData\Roaming\Microsoft
[2009/12/22 00:06:20 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\Mozilla
[2010/01/12 11:25:04 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\OpenOffice.org
[2010/12/10 20:56:07 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\Skype
[2010/12/10 18:49:15 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\skypePM
[2009/12/22 18:55:44 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\TeamViewer
[2010/12/27 22:43:46 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\vlc
[2009/12/22 23:07:12 | 000,000,000 | ---D | M] -- C:\Users\Saga\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >

< MD5 for: AGP440.SYS >
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CDROM.SYS >
[2009/07/14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009/07/14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009/07/14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\System32\cryptsvc.dll
[2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=6CE102617EE8D83DE17A6FDE1554560C -- C:\Windows\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2009/07/14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009/07/14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: IASTORV.SYS >
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys

< MD5 for: LSASS.EXE >
[2009/07/14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe
[2009/07/14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe

< MD5 for: NDIS.SYS >
[2009/07/14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009/07/14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: SMSS.EXE >
[2009/07/14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009/07/14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2009/07/14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\System32\drivers\tcpip.sys
[2009/07/14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 02:16:17 | 000,003,584 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\kb.dll
[2009/07/14 02:16:15 | 000,193,024 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\sppcomapi.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 02:16:17 | 000,003,584 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\kb.dll
[2009/07/14 02:16:15 | 000,193,024 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\sppcomapi.dll

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011/01/04 22:32:27 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/04 22:32:27 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/04 22:32:27 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

< End of report >

AVPtool něco smazal, opravil?

Otestujte prosím na www.virustotal.com
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

Vyměníme ho zítra, už jdu do hajan

akurat davam sken gmerom, ale uz dlhsie nevydzim byt hore

tak ho sem supnem zajtra, asi az takto vecer, lebo mmt. musim riesit nehrejuci radiator

Inak vyzera to tak, ze ani tym kasperskzm sa to neodstranilo

Já Vám ten explorer vyměním, horší je, že OTL ten napadnutý nedetekovalo

, takže ted budeme hledat čistý, napadený a podobně

.
Já tu bývám vždycky večer asi mezi 21-23. hodinou

gmer log:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-05 07:23:17
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 TOSHIBA_MK1237GSX rev.DL140D
Running: gmer.exe; Driver: C:\Users\Saga\AppData\Local\Temp\kxrdypow.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 820975C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 820BC052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[340] WS2_32.dll!closesocket 758F3BED 5 Bytes JMP 000660E7
.text C:\Program Files\Mozilla Firefox\firefox.exe[340] WS2_32.dll!recv 758F47DF 5 Bytes JMP 00065CE2
.text C:\Program Files\Mozilla Firefox\firefox.exe[340] WS2_32.dll!WSASend 758F68A7 5 Bytes JMP 00065DBD
.text C:\Program Files\Mozilla Firefox\firefox.exe[340] WS2_32.dll!WSARecv 758FC29F 5 Bytes JMP 00065E6C
.text C:\Program Files\Mozilla Firefox\firefox.exe[340] WS2_32.dll!send 758FC4C8 5 Bytes JMP 00065C6F
.text C:\Program Files\Mozilla Firefox\firefox.exe[340] WS2_32.dll!gethostbyname 75907133 5 Bytes JMP 000663C8
.text C:\Windows\Explorer.EXE[1364] Explorer.EXE 005F317E 2 Bytes [0C, 16] {OR AL, 0x16}
.text C:\Windows\Explorer.EXE[1364] Explorer.EXE 005F3190 14 Bytes [8B, FF, 55, 8B, EC, 56, 57, ...]
.text C:\Windows\Explorer.EXE[1364] kernel32.dll!CreateProcessInternalW 75FB42CE 5 Bytes JMP 00137207
.text C:\Windows\explorer.exe[1656] explorer.exe 005F317E 2 Bytes [0C, 16] {OR AL, 0x16}
.text C:\Windows\explorer.exe[1656] explorer.exe 005F3190 14 Bytes [8B, FF, 55, 8B, EC, 56, 57, ...]
.text C:\Windows\explorer.exe[1656] kernel32.dll!CreateProcessInternalW 75FB42CE 5 Bytes JMP 001C7207

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \FileSystem\fastfat \Fat 92C90130

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197ed91eec
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197ed91eec (not active ControlSet)

---- EOF - GMER 1.0.15 ----

este prvy sken cez gmer:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-05 19:39:30
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 TOSHIBA_MK1237GSX rev.DL140D
Running: gmer.exe; Driver: C:\Users\Saga\AppData\Local\Temp\kxrdypow.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8D8C5BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8D8C59D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8D8C5B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

vadi, ze som ten prvy co som sem vkladala, robila vcera, a tento dnes?

Nevadí, gmery jsou ok.

Stáhněte SystemLook
http://jpshortstuff.247fixes.com/SystemLook.exe

- uložte ho na plochu a spustte.
- do okénka zkopírujte

Kód: Vybrat vše

:filefind
explorer.exe

- klikněte na Look, proběhne sken, na konci se zobrazí log, jehož obsah zkopírujete sem

tie dva subory som davala testovat na virustotal ale nic nenaslo.

SystemLook 04.09.10 by jpshortstuff
Log created at 20:00 on 05/01/2011 by Saga
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.exe"
C:\Windows\explorer.exe --a---- 2614272 bytes [18:01 27/01/2010] [05:45 31/10/2009] 6CE102617EE8D83DE17A6FDE1554560C
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe --a---- 2613248 bytes [23:41 13/07/2009] [01:14 14/07/2009] 15BC38A7492BEFE831966ADB477CF76F
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe --a---- 2613248 bytes [16:05 22/12/2009] [05:35 03/08/2009] B95EEB0F4E5EFBF1038A35B3351CF047
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe --a---- 2614272 bytes [18:01 27/01/2010] [05:45 31/10/2009] 2626FC9755BE22F805D3CFA0CE3EE727
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe --a---- 2613248 bytes [16:05 22/12/2009] [05:49 03/08/2009] 9FF6C4C91A3711C0A3B18F87B08B518D
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe --a---- 2614272 bytes [18:01 27/01/2010] [06:00 31/10/2009] C76153C7ECA00FA852BB0C193378F917

-= EOF =-

Můžete mi prosím ještě otestovat tyto dva soubory? něco se mi nezdá

ktore subory?

tie co ste vyssie pisali, som uy testovala, nic nenaslo...alebo nejake ien?

Ty co jsme psala nahoře..asi sjem přehlédla, že jste to psala

.
děkuji, dejte mi pár minut, jdu smolit skript na výměnu

VIRY.CZ

Rootkit - C:\Windows\System32\drivers\rmesth.sys

Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys

Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys

Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys

Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys

Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys

Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys

Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys

Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys

Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys

Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys

Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys

Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys

Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys

Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys

Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys