VIRY.CZ

Dobrý den
Od včerejška mám problém a to že na vše musím několikrát kliknou než se něco otevře.
Mám avas a ten našel nějaké viry a odstranil je, dále jsem použil Dr.Web a ten taky něco našel ake jeho rychlos skenování je zoufalá 4kb/s tak jsem sken předčasně ukončil. Při pokusu spustit HijackThist to vyhodí hlášku "Z nějakého důvodu vám systém odepřel přístup pro zápis do souboru Hosts." tak jsem spustil HijackThist jako správce a objevila se mi hláška že HijackThist je už spuštěn ale nikde jsem ho spuštěn nenašel a ani ve správci úloh nebyl nikde vidět.
Mám Windows 7 64b.
Za veškeré rady předem děkuji.

Sken z HijackThist ale nevím jestli je úplný.

Logfile of HijackThis v1.99.1
Scan saved at 12:08:09, on 28.9.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\PSPad editor\PSPad.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
D:\Prace\Programy\kontrola pc\HijackThis.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\SysWOW64\drivers\pclepci.sys
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Jak tady v mezičase pročítám web, tak ten sken asi nebude úplný.

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT

-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Dobrý den
jsem velice rád že jste se mě ujala mám s vámi jen ty nejlepší zkušenosti.
Jinak jak jsem psal výše tak ten sken není ok , protože jsem použil HijackThist pro xp který jsem měl ve své sbírce programu. Jelikož jsem pořídil nový notebook a v něm mám windows 7 64b tak jsem se zde na webu dočetl, že musím použít jiný HijackThist. Takže zde dávám nový sken na který jsem se chtěl podívat na stránkách http://www.hijackthis.de/ ale bohužel nic se po dlouhém načítání nezobrazilo.

Logfile of random's system information tool 1.08 (written by random/random)
Run by pater at 2010-09-29 16:42:12
Microsoft Windows 7 Professional
System drive C: has 147 GB (62%) free of 237 GB
Total RAM: 3957 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:42:22, on 29.9.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\pater.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\SysWOW64\drivers\pclepci.sys
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Xacti LLC - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10335 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe"
taskeng.exe {2F738C17-3566-4402-AD8E-926221D6AED4}
"C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"C:\Program Files (x86)\MagicDisc\MagicDisc.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
"C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe"
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
ctfmon.exe
"taskhost.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3848 CREDAT:71937
"C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe"
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe -Embedding
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE"
C:\Windows\splwow64.exe 1
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3848 CREDAT:6408
"D:\Prace\Programy\kontrola pc\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Final Media Player Update Checker.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-07-24 371888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll [2010-09-17 317496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-24 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-17 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-07-24 371888]
{32099AAC-C132-4136-9E9A-4E364A424E17}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-24 278192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2010-02-10 16413288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"ISUSPM Startup"=C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-07-24 39408]
"SpywareTerminatorUpdate"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-09-28 3037696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2010-06-14 190536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-07-24 39408]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]
"ISUSScheduler"=C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

C:\Users\pater\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files (x86)\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-09-28 16:56:56 ----D---- C:\Users\pater\AppData\Roaming\Spyware Terminator
2010-09-28 16:56:54 ----D---- C:\ProgramData\Spyware Terminator
2010-09-28 16:56:54 ----D---- C:\Program Files (x86)\Spyware Terminator
2010-09-28 13:43:39 ----D---- C:\Program Files\trend micro
2010-09-28 13:43:36 ----D---- C:\rsit
2010-09-27 18:47:10 ----A---- C:\Users\pater\AppData\Roaming\ispro3_0.tmp
2010-09-21 23:47:53 ----D---- C:\Program Files (x86)\jv16 PowerTools 2009
2010-09-19 16:50:15 ----D---- C:\Users\pater\AppData\Roaming\IcoFX
2010-09-19 16:50:13 ----D---- C:\Program Files (x86)\IcoFX 1.6
2010-09-18 06:48:43 ----A---- C:\Windows\SYSWOW64\WMVDECOD.DLL
2010-09-18 06:48:43 ----A---- C:\Windows\SYSWOW64\mfreadwrite.dll
2010-09-18 06:48:43 ----A---- C:\Windows\system32\mfreadwrite.dll
2010-09-18 06:48:43 ----A---- C:\Windows\system32\mfps.dll
2010-09-18 06:48:42 ----A---- C:\Windows\SYSWOW64\mf.dll
2010-09-18 06:48:42 ----A---- C:\Windows\system32\WMVDECOD.DLL
2010-09-18 06:48:42 ----A---- C:\Windows\system32\mf.dll
2010-09-18 06:48:08 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2010-09-18 06:48:08 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2010-09-18 06:48:08 ----A---- C:\Windows\SYSWOW64\d3d10_1core.dll
2010-09-18 06:48:08 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2010-09-18 06:48:08 ----A---- C:\Windows\system32\FntCache.dll
2010-09-18 06:48:08 ----A---- C:\Windows\system32\DWrite.dll
2010-09-18 06:48:08 ----A---- C:\Windows\system32\d3d10warp.dll
2010-09-18 06:48:08 ----A---- C:\Windows\system32\d3d10_1core.dll
2010-09-18 06:48:08 ----A---- C:\Windows\system32\d2d1.dll
2010-09-18 06:47:36 ----A---- C:\Windows\SYSWOW64\XpsRasterService.dll
2010-09-18 06:47:36 ----A---- C:\Windows\SYSWOW64\XpsGdiConverter.dll
2010-09-18 06:47:36 ----A---- C:\Windows\system32\XpsRasterService.dll
2010-09-18 06:47:36 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2010-09-18 06:46:57 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2010-09-18 06:46:57 ----A---- C:\Windows\system32\ExplorerFrame.dll
2010-09-18 06:46:30 ----D---- C:\Program Files (x86)\Feedback Tool
2010-09-15 08:20:20 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2010-09-15 08:20:20 ----A---- C:\Windows\system32\iertutil.dll
2010-09-15 07:44:40 ----A---- C:\Windows\system32\spoolsv.exe
2010-09-14 19:30:03 ----D---- C:\Users\pater\AppData\Roaming\KASTNER software
2010-09-09 20:14:46 ----D---- C:\Program Files (x86)\GIF to AVI SWF Converter
2010-09-09 18:03:25 ----D---- C:\Program Files (x86)\ScreenShots
2010-09-09 09:50:20 ----D---- C:\Program Files (x86)\Emicsoft Studio
2010-09-08 14:24:41 ----A---- C:\Windows\SYSWOW64\pvmjpg30.dll
2010-09-08 14:24:40 ----A---- C:\Windows\SYSWOW64\msxml4a.dll
2010-09-08 14:24:40 ----A---- C:\Windows\SYSWOW64\GDIPLUS.DLL
2010-09-08 14:24:11 ----N---- C:\Windows\SYSWOW64\RALMain.dll
2010-09-08 14:24:11 ----N---- C:\Windows\SYSWOW64\MMAviAx.dll
2010-09-08 14:24:11 ----N---- C:\Windows\SYSWOW64\MLPagAx.dll
2010-09-08 14:24:11 ----N---- C:\Windows\SYSWOW64\DiskIO.dll
2010-09-08 14:24:11 ----N---- C:\Windows\SYSWOW64\AVIPrAx.dll
2010-09-08 14:24:11 ----A---- C:\Windows\SYSWOW64\cacheX.dll
2010-09-08 14:24:09 ----N---- C:\Windows\SYSWOW64\Ltwvc13n.dll
2010-09-08 14:24:09 ----N---- C:\Windows\SYSWOW64\Ltrio13n.dll
2010-09-08 14:24:09 ----N---- C:\Windows\SYSWOW64\Ltr13n.dll
2010-09-08 14:24:09 ----N---- C:\Windows\SYSWOW64\ltkrn13n.dll
2010-09-08 14:24:09 ----N---- C:\Windows\SYSWOW64\ltfil13n.DLL
2010-09-08 14:24:09 ----N---- C:\Windows\SYSWOW64\LTCLR13s.dll
2010-09-08 14:24:09 ----N---- C:\Windows\SYSWOW64\LTCLR13n.dll
2010-09-08 14:24:08 ----N---- C:\Windows\SYSWOW64\LMUIRes.dll
2010-09-08 14:24:08 ----N---- C:\Windows\SYSWOW64\LMLRes.dll
2010-09-08 14:24:08 ----N---- C:\Windows\SYSWOW64\lftga13s.dll
2010-09-08 14:24:08 ----N---- C:\Windows\SYSWOW64\lftga13n.dll
2010-09-08 14:24:08 ----N---- C:\Windows\SYSWOW64\lfpsd13s.dll
2010-09-08 14:24:08 ----N---- C:\Windows\SYSWOW64\LFCMP13s.DLL
2010-09-08 14:24:08 ----N---- C:\Windows\SYSWOW64\LFCMP13n.DLL
2010-09-08 14:24:08 ----N---- C:\Windows\SYSWOW64\lfbmp13s.dll
2010-09-08 14:24:08 ----N---- C:\Windows\SYSWOW64\lfbmp13n.dll
2010-09-08 14:21:56 ----A---- C:\Windows\SYSWOW64\ATL70.DLL
2010-09-08 14:21:56 ----A---- C:\AUTOEXEC.BAT
2010-09-08 14:21:55 ----A---- C:\Windows\SYSWOW64\mase32.dll
2010-09-08 14:21:55 ----A---- C:\Windows\SYSWOW64\masd32.dll
2010-09-08 14:21:55 ----A---- C:\Windows\SYSWOW64\mamc32.dll
2010-09-08 14:21:55 ----A---- C:\Windows\SYSWOW64\macd32.dll
2010-09-08 14:21:55 ----A---- C:\Windows\SYSWOW64\ma32.dll
2010-09-08 14:19:25 ----A---- C:\Windows\SYSWOW64\drivers\Pclepci.sys
2010-09-08 14:19:17 ----A---- C:\Windows\RSETPATH.exe
2010-09-08 14:18:47 ----A---- C:\Windows\SYSWOW64\PCLEGetGuid.dll
2010-09-08 14:18:47 ----A---- C:\Windows\SYSWOW64\MSVCR70.DLL
2010-09-08 14:18:47 ----A---- C:\Windows\SYSWOW64\MSVCP70.DLL
2010-09-08 14:18:47 ----A---- C:\Windows\SYSWOW64\MSVCI70.DLL
2010-09-08 14:18:47 ----A---- C:\Windows\SYSWOW64\MFC70U.DLL
2010-09-08 14:18:47 ----A---- C:\Windows\SYSWOW64\MFC70.DLL
2010-09-08 14:17:17 ----D---- C:\ProgramData\Pinnacle Studio
2010-09-08 14:16:29 ----D---- C:\Users\pater\AppData\Roaming\InstallShield
2010-09-08 14:15:11 ----D---- C:\Program Files (x86)\Pinnacle
2010-09-08 11:58:22 ----D---- C:\ProgramData\Pinnacle
2010-09-07 11:54:45 ----SHD---- C:\Windows\SYSWOW64\%APPDATA%
2010-09-06 19:16:18 ----ASH---- C:\pagefile.sys
2010-09-06 15:48:59 ----D---- C:\Users\pater\AppData\Roaming\skypePM
2010-09-06 15:48:11 ----D---- C:\Users\pater\AppData\Roaming\Skype
2010-09-06 15:47:42 ----RD---- C:\Program Files (x86)\Skype
2010-09-06 15:47:39 ----D---- C:\ProgramData\Skype
2010-09-04 23:36:26 ----D---- C:\Program Files\Common Files\Logitech
2010-09-04 23:23:44 ----D---- C:\Users\pater\AppData\Roaming\Hamachi
2010-09-04 23:23:13 ----A---- C:\Windows\system32\drivers\hamachi.sys
2010-09-04 23:23:12 ----D---- C:\Program Files (x86)\Hamachi
2010-09-04 22:10:25 ----D---- C:\ProgramData\Trymedia
2010-09-04 21:56:47 ----D---- C:\Program Files (x86)\rFactor
2010-08-30 21:01:31 ----D---- C:\Program Files (x86)\Artisteer 2

======List of files/folders modified in the last 1 months======

2010-09-29 16:42:22 ----D---- C:\Windows\Prefetch
2010-09-29 16:42:17 ----D---- C:\Windows\Temp
2010-09-29 16:33:19 ----D---- C:\Windows\system32\config
2010-09-29 16:25:11 ----SHD---- C:\Windows\Installer
2010-09-29 16:25:07 ----D---- C:\ProgramData\Microsoft Help
2010-09-29 16:23:15 ----D---- C:\Windows\system32\catroot2
2010-09-29 16:23:15 ----D---- C:\Windows\system32\catroot
2010-09-29 16:23:12 ----D---- C:\Windows\winsxs
2010-09-29 04:55:14 ----SHD---- C:\System Volume Information
2010-09-28 20:54:57 ----D---- C:\Windows\system32\drivers
2010-09-28 20:41:27 ----D---- C:\Windows\System32
2010-09-28 20:41:27 ----D---- C:\Windows\inf
2010-09-28 20:41:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-09-28 16:56:54 ----RD---- C:\Program Files (x86)
2010-09-28 16:56:54 ----HD---- C:\ProgramData
2010-09-28 14:27:35 ----D---- C:\Windows\Tasks
2010-09-28 14:27:35 ----D---- C:\Windows\system32\wfp
2010-09-28 14:27:33 ----D---- C:\Windows\system32\wbem
2010-09-28 14:27:33 ----AD---- C:\Windows
2010-09-28 14:26:45 ----D---- C:\Windows\system32\DriverStore
2010-09-28 14:26:45 ----D---- C:\Windows\system32\drivers\etc
2010-09-28 14:26:44 ----D---- C:\Windows\AppCompat
2010-09-28 14:26:44 ----D---- C:\Users\pater\AppData\Roaming\PSpad
2010-09-28 14:26:44 ----D---- C:\Users\pater\AppData\Roaming\GHISLER
2010-09-28 14:26:44 ----D---- C:\Users\pater\AppData\Roaming\FinalMediaPlayer
2010-09-28 14:26:44 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-09-28 14:26:43 ----D---- C:\Program Files (x86)\PSPad editor
2010-09-28 14:26:42 ----D---- C:\Windows\registration
2010-09-28 14:26:24 ----D---- C:\Windows\system32\Tasks
2010-09-28 14:26:14 ----RD---- C:\Program Files
2010-09-22 19:09:18 ----D---- C:\Users\pater\AppData\Roaming\App Launcher Gadget
2010-09-22 17:13:33 ----D---- C:\Windows\rescache
2010-09-22 16:28:19 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2010-09-21 23:37:42 ----D---- C:\Windows\debug
2010-09-21 22:41:14 ----D---- C:\Windows\SYSWOW64\migration
2010-09-21 22:41:14 ----D---- C:\Windows\SYSWOW64\en-US
2010-09-21 22:41:14 ----D---- C:\Windows\SYSWOW64\cs-CZ
2010-09-21 22:41:14 ----D---- C:\Windows\SysWOW64
2010-09-21 22:41:14 ----D---- C:\Windows\system32\migration
2010-09-21 22:41:14 ----D---- C:\Windows\system32\en-US
2010-09-21 22:41:14 ----D---- C:\Windows\system32\cs-CZ
2010-09-21 22:41:14 ----D---- C:\Windows\PolicyDefinitions
2010-09-21 22:41:14 ----D---- C:\Program Files\Internet Explorer
2010-09-21 22:41:13 ----D---- C:\Program Files (x86)\Internet Explorer
2010-09-21 21:29:37 ----D---- C:\Program Files\Windows Portable Devices
2010-09-21 21:29:37 ----D---- C:\Program Files (x86)\Windows Portable Devices
2010-09-21 21:27:57 ----D---- C:\Windows\SYSWOW64\Macromed
2010-09-21 21:27:55 ----D---- C:\Windows\system32\CodeIntegrity
2010-09-21 21:27:46 ----D---- C:\ProgramData\InstallShield
2010-09-21 21:27:46 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-09-21 21:27:45 ----D---- C:\Program Files (x86)\Common Files
2010-09-21 21:27:44 ----D---- C:\Program Files (x86)\Adobe
2010-09-21 19:49:44 ----D---- C:\Windows\system32\LogFiles
2010-09-21 06:07:29 ----D---- C:\ProgramData\Adobe
2010-09-18 06:46:00 ----D---- C:\Windows\SoftwareDistribution
2010-09-18 06:45:59 ----D---- C:\Windows\Logs
2010-09-15 11:51:08 ----D---- C:\Windows\Microsoft.NET
2010-09-15 11:51:07 ----RSD---- C:\Windows\assembly
2010-09-15 08:31:17 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-09-15 08:20:57 ----A---- C:\Windows\system32\MRT.exe
2010-09-14 06:36:25 ----SD---- C:\Users\pater\AppData\Roaming\Microsoft
2010-09-10 12:07:50 ----D---- C:\Windows\SYSWOW64\config
2010-09-10 12:04:15 ----D---- C:\Windows\system32\NDF
2010-09-09 18:06:02 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-09-09 16:45:43 ----D---- C:\Windows\Downloaded Program Files
2010-09-09 11:51:36 ----D---- C:\ProgramData\Macromedia
2010-09-08 14:24:13 ----RSD---- C:\Windows\Fonts
2010-09-08 14:19:25 ----D---- C:\Windows\SYSWOW64\drivers
2010-09-08 12:32:40 ----D---- C:\Program Files (x86)\Zoner
2010-09-07 19:07:45 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2010-09-07 17:11:54 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2010-09-05 21:01:28 ----D---- C:\Program Files (x86)\CCleaner
2010-09-04 23:36:26 ----D---- C:\Program Files\Logitech
2010-09-04 23:36:26 ----D---- C:\Program Files\Common Files
2010-09-04 21:21:48 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-09-04 21:21:19 ----D---- C:\Users\pater\AppData\Roaming\Mozilla

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-25 834544]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-09-07 28752]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-09-07 121936]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-09-07 51280]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 SABI;SAMSUNG Kernel Driver For Windows 7; \??\C:\Windows\system32\Drivers\SABI.sys [2009-05-28 13824]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-09-07 20048]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\Windows\system32\DRIVERS\stflt.sys [2010-07-07 50696]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2010-06-10 1605632]
R3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-09-04 33344]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 255552]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2010-04-27 26440]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2010-04-27 77512]
S3 aqkqx4z7;aqkqx4z7; C:\Windows\system32\drivers\aqkqx4z7.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2010-04-27 43976]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2010-04-27 36936]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2010-04-27 16200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-02-10 392296]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-08-05 66872]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe [2010-09-28 1033255]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 135664]
S2 PCLEPCI;PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [2005-02-09 14165]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-07-24 182768]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2010-07-24 69632]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe []
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-23 1255736]

-----------------EOF-----------------

a protože máte 64b systém, na kterém Rsit nejede uplně korektně a combofix vůbec, tak bych poprosila o log z OTL, viz výše

a o mbam

Jdu na to

Takže tady to je.

OTL Extras logfile created on: 29.9.2010 17:30:17 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\pater\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231,29 Gb Total Space | 143,84 Gb Free Space | 62,19% Space Free | Partition Type: NTFS
Drive D: | 234,37 Gb Total Space | 201,56 Gb Free Space | 86,00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEMON
Current User Name: pater
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.2.3
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{790E02A1-145A-3843-8C13-A4F41C9B48B7}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 21
"{2EE90F26-20B3-4423-81DE-E57E5D2E4FEF}" = Zoner GIF Animator 5
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{2F952048-3220-4AC7-A206-D01EFC774BB2}" = Studio 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3.4 - Czech
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF7074B-BE72-44E1-9CAC-3FFAC582C692}" = CZ
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"Artisteer 2" = Artisteer 2
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"EasyPHP_is1" = EasyPHP 1.8
"Emicsoft Video Converter_is1" = Emicsoft Video Converter
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FinalMediaPlayer_is1" = Final Media Player 2010
"Hamachi" = Hamachi 1.0.3.0
"jv16 PowerTools 2009_is1" = jv16 PowerTools 2009
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Morphyre" = Morphyre
"Mozilla Firefox (2.0.0.12)" = Mozilla Firefox (2.0.0.12)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"PSPad editor_is1" = PSPad editor
"rFactor" = rFactor (remove only)
"Spyware Terminator_is1" = Spyware Terminator
"Totalcmd" = Total Commander (Remove or Repair)
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.43
"ZonerPhotoStudio10_CZ_is1" = Zoner Photo Studio 10

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1394808611-132047784-1634663889-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"207s2000 1.0 for rFactor" = 207s2000 1.0 for rFactor
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27.9.2010 8:44:21 | Computer Name = Demon | Source = MsiInstaller | ID = 10005
Description =

Error - 27.9.2010 8:46:25 | Computer Name = Demon | Source = MsiInstaller | ID = 10005
Description =

Error - 27.9.2010 8:48:43 | Computer Name = Demon | Source = MsiInstaller | ID = 10005
Description =

Error - 27.9.2010 12:59:51 | Computer Name = Demon | Source = MsiInstaller | ID = 10005
Description =

Error - 27.9.2010 13:01:16 | Computer Name = Demon | Source = MsiInstaller | ID = 10005
Description =

Error - 27.9.2010 21:38:47 | Computer Name = Demon | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files (x86)\spybot - search
& destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files (x86)\spybot - search & destroy\DelZip179.dll na řádku 8. Hodnota * atributu
language v prvku assemblyIdentity je neplatná.

Error - 28.9.2010 2:47:22 | Computer Name = Demon | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Služba Šifrování selhala při volání OnIdentity() v objektu System
Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary DrWeb Protection.

System
Error: Systém nemůže nalézt uvedený soubor. .

Error - 28.9.2010 8:24:58 | Computer Name = Demon | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Služba Šifrování selhala při volání OnIdentity() v objektu System
Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary DrWeb Protection.

System
Error: Systém nemůže nalézt uvedený soubor. .

Error - 28.9.2010 22:52:26 | Computer Name = Demon | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files (x86)\spybot - search
& destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files (x86)\spybot - search & destroy\DelZip179.dll na řádku 8. Hodnota * atributu
language v prvku assemblyIdentity je neplatná.

Error - 29.9.2010 11:30:45 | Computer Name = Demon | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Služba Šifrování selhala při volání OnIdentity() v objektu System
Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary DrWeb Protection.

System
Error: Systém nemůže nalézt uvedený soubor. .

[ Media Center Events ]
Error - 4.9.2010 10:10:57 | Computer Name = Demon | Source = MCUpdate | ID = 0
Description = 16:10:57 - Chyba při připojování k Internetu 16:10:57 - Nelze kontaktovat
server..

Error - 4.9.2010 10:11:06 | Computer Name = Demon | Source = MCUpdate | ID = 0
Description = 16:11:03 - Chyba při připojování k Internetu 16:11:03 - Nelze kontaktovat
server..

Error - 18.9.2010 22:11:13 | Computer Name = Demon | Source = MCUpdate | ID = 0
Description = 4:11:13 - Chyba při připojování k Internetu 4:11:13 - Nelze kontaktovat
server..

Error - 18.9.2010 22:11:22 | Computer Name = Demon | Source = MCUpdate | ID = 0
Description = 4:11:18 - Chyba při připojování k Internetu 4:11:18 - Nelze kontaktovat
server..

Error - 18.9.2010 23:11:40 | Computer Name = Demon | Source = MCUpdate | ID = 0
Description = 5:11:40 - Chyba při připojování k Internetu 5:11:40 - Nelze kontaktovat
server..

Error - 18.9.2010 23:11:46 | Computer Name = Demon | Source = MCUpdate | ID = 0
Description = 5:11:45 - Chyba při připojování k Internetu 5:11:45 - Nelze kontaktovat
server..

Error - 19.9.2010 0:12:04 | Computer Name = Demon | Source = MCUpdate | ID = 0
Description = 6:12:04 - Chyba při připojování k Internetu 6:12:04 - Nelze kontaktovat
server..

Error - 19.9.2010 0:12:10 | Computer Name = Demon | Source = MCUpdate | ID = 0
Description = 6:12:09 - Chyba při připojování k Internetu 6:12:09 - Nelze kontaktovat
server..

Error - 19.9.2010 1:12:28 | Computer Name = Demon | Source = MCUpdate | ID = 0
Description = 7:12:28 - Chyba při připojování k Internetu 7:12:28 - Nelze kontaktovat
server..

Error - 19.9.2010 1:12:34 | Computer Name = Demon | Source = MCUpdate | ID = 0
Description = 7:12:33 - Chyba při připojování k Internetu 7:12:33 - Nelze kontaktovat
server..

[ System Events ]
Error - 21.9.2010 13:31:48 | Computer Name = Demon | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 21.9.2010 15:23:03 | Computer Name = Demon | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 21.9.2010 15:34:02 | Computer Name = Demon | Source = Service Control Manager | ID = 7022
Description = Služba avast! Antivirus přestala během spouštění reagovat.

Error - 26.9.2010 10:00:06 | Computer Name = Demon | Source = volsnap | ID = 393245
Description = Stínové kopie svazku F: byly přerušeny během rozpoznávání.

Error - 27.9.2010 9:31:08 | Computer Name = Demon | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR2.

Error - 27.9.2010 9:31:09 | Computer Name = Demon | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR2.

Error - 27.9.2010 9:31:10 | Computer Name = Demon | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR2.

Error - 27.9.2010 9:31:10 | Computer Name = Demon | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR2.

Error - 28.9.2010 8:23:37 | Computer Name = Demon | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 28.9.2010 8:32:17 | Computer Name = Demon | Source = Service Control Manager | ID = 7022
Description = Služba avast! Antivirus přestala během spouštění reagovat.

< End of report >

a tady je další

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4716

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

29.9.2010 18:12:49
mbam-log-2010-09-29 (18-12-49).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 312319
Uplynulý čas: 28 minuta(y), 56 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Mrkněte ještě po tomto logu

OTL.Txt, bude ve složce OTL

Tak jsem ten soubor našel a byl ve složce C:\Users\uživatel\Desktop

Při pokusu ho sem dosta to píše "Vaše zpráva obsahuje 76466 znaků. Maximální povolený počet znaků je 60000."
Tak ho rozdělím.

OTL logfile created on: 29.9.2010 17:30:17 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\pater\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231,29 Gb Total Space | 143,84 Gb Free Space | 62,19% Space Free | Partition Type: NTFS
Drive D: | 234,37 Gb Total Space | 201,56 Gb Free Space | 86,00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEMON
Current User Name: pater
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.09.29 17:26:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\pater\Desktop\OTL.exe
PRC - [2010.09.28 16:56:57 | 003,037,696 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2010.09.09 16:47:56 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
PRC - [2010.09.07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.08.05 16:59:46 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.07.24 09:36:57 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010.07.24 09:12:36 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010.07.11 00:54:32 | 000,408,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
PRC - [2009.10.13 19:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.02.23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2005.08.11 16:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

========== Modules (SafeList) ==========

MOD - [2010.09.29 17:26:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\pater\Desktop\OTL.exe
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009.07.14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.07.14 03:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009.07.14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010.09.28 16:56:57 | 001,033,255 | ---- | M] (Xacti LLC) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010.08.05 16:59:46 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.07.24 11:42:51 | 000,069,632 | ---- | M] (Macromedia) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2010.03.18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.10.25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2005.02.09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\Windows\SysWOW64\drivers\Pclepci.sys -- (PCLEPCI)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010.09.07 16:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010.09.04 23:23:13 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2010.08.25 16:05:41 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.07.07 11:26:46 | 000,050,696 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2010.06.10 11:45:38 | 001,605,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.04.27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010.04.27 16:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010.04.27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010.04.27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010.04.27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009.12.30 12:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009.09.28 11:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009.07.14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009.07.14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009.07.14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009.07.14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.28 15:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009.02.24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009.02.24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1394808611-132047784-1634663889-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1394808611-132047784-1634663889-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.cz/
IE - HKU\S-1-5-21-1394808611-132047784-1634663889-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = cs
IE - HKU\S-1-5-21-1394808611-132047784-1634663889-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 4A E1 D6 87 2A CB 01 [binary data]
IE - HKU\S-1-5-21-1394808611-132047784-1634663889-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.09.04 21:21:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.04 21:21:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.09.22 16:28:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010.07.23 22:13:53 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Mozilla\Extensions
[2010.07.23 22:13:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pater\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.31 15:30:24 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Mozilla\Firefox\Profiles\0o7oxozv.default\extensions
[2010.09.04 21:21:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.09.04 21:21:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\talkback@mozilla.org
[2008.02.02 12:19:57 | 000,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\jar50.dll
[2008.02.02 12:19:57 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\jsd3250.dll
[2008.02.02 12:19:57 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\myspell.dll
[2008.02.02 12:19:57 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\spellchk.dll
[2008.02.02 12:19:57 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\xpinstal.dll
[2006.06.04 22:11:07 | 000,001,118 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\centrum-cz.xml
[2006.06.04 22:11:07 | 000,000,661 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2006.06.04 22:11:07 | 000,001,674 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mall-cz.xml
[2006.08.25 17:16:33 | 000,001,302 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seznam-cz.xml
[2006.06.04 22:11:07 | 000,000,765 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slunecnice-cz.xml

O1 HOSTS File: ([2010.09.07 08:32:31 | 000,417,891 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 14417 more lines...
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-1394808611-132047784-1634663889-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1394808611-132047784-1634663889-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1394808611-132047784-1634663889-1000..\Run: [ISUSPM Startup] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-1394808611-132047784-1634663889-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1394808611-132047784-1634663889-1000..\Run: [SpywareTerminatorUpdate] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKU\S-1-5-21-1394808611-132047784-1634663889-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\pater\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8:64bit: - Extra context menu item: WikiKomentáře Google... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: WikiKomentáře Google... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.09 18:08:04 | 000,000,107 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.11.27 15:40:12 | 000,345,360 | R--- | M] (Valve Corporation) - G:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.03.23 19:20:23 | 000,000,050 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{faec843e-b051-11df-b7d6-b482fe381f3d}\Shell - "" = AutoRun
O33 - MountPoints2\{faec843e-b051-11df-b7d6-b482fe381f3d}\Shell\AutoRun\command - "" = H:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - vdrcodec.dll File not found
Drivers32: VIDC.MJPG - C:\Windows\SysWow64\pvmjpg30.dll (Pegasus Imaging Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010.09.29 17:26:19 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\pater\Desktop\OTL.exe
[2010.09.28 16:56:56 | 000,000,000 | ---D | C] -- C:\Users\pater\AppData\Roaming\Spyware Terminator
[2010.09.28 16:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2010.09.28 16:56:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2010.09.28 13:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.09.28 13:43:36 | 000,000,000 | ---D | C] -- C:\rsit
[2010.09.28 01:06:07 | 000,000,000 | ---D | C] -- C:\Users\pater\DoctorWeb
[2010.09.27 18:47:11 | 000,000,000 | ---D | C] -- C:\Users\pater\Application Data
[2010.09.21 23:47:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jv16 PowerTools 2009
[2010.09.21 22:15:03 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Users\pater\Desktop\iertutil.dll
[2010.09.19 16:50:15 | 000,000,000 | ---D | C] -- C:\Users\pater\AppData\Roaming\IcoFX
[2010.09.19 16:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IcoFX 1.6
[2010.09.19 04:33:42 | 000,000,000 | ---D | C] -- C:\Users\pater\Documents\Corel User Files
[2010.09.18 06:48:43 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010.09.18 06:48:43 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010.09.18 06:48:43 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010.09.18 06:48:43 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010.09.18 06:48:42 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010.09.18 06:48:42 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010.09.18 06:48:42 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010.09.18 06:48:08 | 001,844,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2010.09.18 06:48:08 | 001,543,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2010.09.18 06:48:08 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2010.09.18 06:48:08 | 001,076,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2010.09.18 06:48:08 | 000,899,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2010.09.18 06:48:08 | 000,737,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2010.09.18 06:48:08 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2010.09.18 06:48:08 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2010.09.18 06:47:36 | 000,466,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2010.09.18 06:47:36 | 000,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2010.09.18 06:47:36 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2010.09.18 06:47:36 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2010.09.18 06:46:57 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2010.09.18 06:46:57 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2010.09.18 06:46:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool
[2010.09.15 08:20:20 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010.09.14 19:30:03 | 000,000,000 | ---D | C] -- C:\Users\pater\AppData\Roaming\KASTNER software
[2010.09.14 07:35:54 | 000,000,000 | ---D | C] -- C:\Users\pater\Documents\GRIL
[2010.09.09 20:16:29 | 000,000,000 | ---D | C] -- C:\Users\pater\Documents\Converted_GIF
[2010.09.09 20:14:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIF to AVI SWF Converter
[2010.09.09 20:14:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArmDic
[2010.09.09 18:03:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScreenShots
[2010.09.09 10:29:08 | 000,000,000 | ---D | C] -- C:\Users\pater\Desktop\Emicsoft_Video_Converter_4.1.16
[2010.09.09 09:50:26 | 000,000,000 | ---D | C] -- C:\Users\pater\Documents\Emicsoft Studio
[2010.09.09 09:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emicsoft Studio
[2010.09.08 14:28:52 | 000,000,000 | ---D | C] -- C:\Users\pater\Documents\Pinnacle Studio
[2010.09.08 14:24:41 | 000,401,408 | ---- | C] (Pegasus Imaging Corporation) -- C:\Windows\SysWow64\pvmjpg30.dll
[2010.09.08 14:24:40 | 001,712,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GDIPLUS.DLL
[2010.09.08 14:24:40 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll
[2010.09.08 14:24:11 | 000,233,472 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\SysWow64\DiskIO.dll
[2010.09.08 14:24:11 | 000,184,320 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\SysWow64\RALMain.dll
[2010.09.08 14:24:11 | 000,126,976 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\SysWow64\AVIPrAx.dll
[2010.09.08 14:24:11 | 000,073,728 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\SysWow64\MMAviAx.dll
[2010.09.08 14:24:11 | 000,041,984 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\SysWow64\cacheX.dll
[2010.09.08 14:24:11 | 000,032,768 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\SysWow64\MLPagAx.dll
[2010.09.08 14:24:09 | 002,079,232 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\LTCLR13s.dll
[2010.09.08 14:24:09 | 001,693,696 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\LTCLR13n.dll
[2010.09.08 14:24:09 | 001,013,248 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\Ltwvc13n.dll
[2010.09.08 14:24:09 | 000,930,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\Ltr13n.dll
[2010.09.08 14:24:09 | 000,453,120 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\ltkrn13n.dll
[2010.09.08 14:24:09 | 000,306,352 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\Ltrio13n.dll
[2010.09.08 14:24:09 | 000,153,088 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\ltfil13n.DLL
[2010.09.08 14:24:08 | 000,884,736 | ---- | C] (Fellowes, Inc.) -- C:\Windows\SysWow64\LMUIRes.dll
[2010.09.08 14:24:08 | 000,409,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\LFCMP13s.DLL
[2010.09.08 14:24:08 | 000,393,216 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\LFCMP13n.DLL
[2010.09.08 14:24:08 | 000,110,080 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\lfpsd13s.dll
[2010.09.08 14:24:08 | 000,070,144 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\lfbmp13s.dll
[2010.09.08 14:24:08 | 000,064,512 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\lftga13s.dll
[2010.09.08 14:24:08 | 000,030,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\lfbmp13n.dll
[2010.09.08 14:24:08 | 000,024,576 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\lftga13n.dll
[2010.09.08 14:24:08 | 000,012,288 | ---- | C] (Fellowes, Inc.) -- C:\Windows\SysWow64\LMLRes.dll
[2010.09.08 14:22:23 | 000,000,000 | ---D | C] -- C:\Users\pater\Documents\My Projects
[2010.09.08 14:22:23 | 000,000,000 | ---D | C] -- C:\Users\pater\My Documents
[2010.09.08 14:21:56 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ATL70.DLL
[2010.09.08 14:21:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Projects
[2010.09.08 14:19:25 | 000,014,165 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\SysWow64\drivers\Pclepci.sys
[2010.09.08 14:19:17 | 000,041,219 | ---- | C] (Pinnacle Systems) -- C:\Windows\RSETPATH.exe
[2010.09.08 14:18:47 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC70.DLL
[2010.09.08 14:18:47 | 000,964,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC70U.DLL
[2010.09.08 14:18:47 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCP70.DLL
[2010.09.08 14:18:47 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCR70.DLL
[2010.09.08 14:18:47 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCI70.DLL
[2010.09.08 14:18:47 | 000,049,152 | ---- | C] (Pinnacle Systems) -- C:\Windows\SysWow64\PCLEGetGuid.dll
[2010.09.08 14:17:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle Studio
[2010.09.08 14:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio
[2010.09.08 14:17:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle
[2010.09.08 14:16:29 | 000,000,000 | ---D | C] -- C:\Users\pater\AppData\Roaming\InstallShield
[2010.09.08 14:15:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pinnacle
[2010.09.08 12:32:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010.09.08 11:58:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2010.09.07 11:54:45 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010.09.06 20:36:29 | 000,000,000 | ---D | C] -- C:\Users\pater\Hry
[2010.09.06 15:48:59 | 000,000,000 | ---D | C] -- C:\Users\pater\AppData\Roaming\skypePM
[2010.09.06 15:48:11 | 000,000,000 | ---D | C] -- C:\Users\pater\AppData\Roaming\Skype
[2010.09.06 15:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.09.06 15:47:42 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010.09.06 15:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.09.04 23:38:51 | 000,000,000 | ---D | C] -- C:\Users\pater\AppData\Local\Logitech
[2010.09.04 23:36:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2010.09.04 23:23:44 | 000,000,000 | ---D | C] -- C:\Users\pater\AppData\Roaming\Hamachi
[2010.09.04 23:23:13 | 000,033,344 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys
[2010.09.04 23:23:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hamachi
[2010.09.04 22:15:11 | 000,000,000 | ---D | C] -- C:\Users\pater\Documents\rFactor
[2010.09.04 22:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2010.09.04 21:56:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\rFactor
[2010.09.01 12:15:41 | 000,000,000 | ---D | C] -- C:\Users\pater\Desktop\Adobe.Photoshop.CS4.Compact.Edition
[2010.08.31 15:30:23 | 000,000,000 | ---D | C] -- C:\Users\pater\AppData\Local\Mozilla
[2010.08.31 09:13:56 | 000,000,000 | ---D | C] -- C:\Users\pater\Documents\Artisteer Templates
[2010.08.30 21:01:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Artisteer 2
[1 C:\Users\pater\AppData\Roaming\*.tmp files -> C:\Users\pater\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.09.29 17:33:05 | 006,291,456 | -HS- | M] () -- C:\Users\pater\ntuser.dat
[2010.09.29 17:26:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\pater\Desktop\OTL.exe
[2010.09.29 16:36:00 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.29 16:17:27 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.29 16:12:01 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2010.09.29 16:11:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.28 20:41:27 | 001,497,474 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.09.28 20:41:27 | 000,639,986 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2010.09.28 20:41:27 | 000,624,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.09.28 20:41:27 | 000,126,866 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2010.09.28 20:41:27 | 000,110,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.09.28 18:22:17 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2010.09.28 14:39:22 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.28 14:39:22 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.28 14:32:22 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.09.28 14:32:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010.09.28 14:32:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.28 14:31:02 | 000,524,288 | -HS- | M] () -- C:\Users\pater\ntuser.dat{c877379f-ca09-11df-bfa7-b482fe381f3d}.TMContainer00000000000000000002.regtrans-ms
[2010.09.28 14:31:02 | 000,524,288 | -HS- | M] () -- C:\Users\pater\ntuser.dat{c877379f-ca09-11df-bfa7-b482fe381f3d}.TMContainer00000000000000000001.regtrans-ms
[2010.09.28 14:31:02 | 000,065,536 | -HS- | M] () -- C:\Users\pater\ntuser.dat{c877379f-ca09-11df-bfa7-b482fe381f3d}.TM.blf
[2010.09.28 14:27:48 | 000,458,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.09.28 14:27:34 | 3111,555,072 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.28 14:25:21 | 006,291,456 | -H-- | M] () -- C:\Users\pater\AppData\Local\IconCache.db
[2010.09.27 11:02:14 | 000,121,696 | ---- | M] () -- C:\Users\pater\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.09.21 23:47:57 | 000,000,991 | ---- | M] () -- C:\Users\pater\Desktop\jv16 PowerTools 2009.lnk
[2010.09.21 22:41:12 | 000,524,288 | -HS- | M] () -- C:\Users\pater\ntuser.dat{1d9b27af-c5b5-11df-bea4-b482fe381f3d}.TMContainer00000000000000000002.regtrans-ms
[2010.09.21 22:41:12 | 000,524,288 | -HS- | M] () -- C:\Users\pater\ntuser.dat{1d9b27af-c5b5-11df-bea4-b482fe381f3d}.TMContainer00000000000000000001.regtrans-ms
[2010.09.21 22:41:12 | 000,065,536 | -HS- | M] () -- C:\Users\pater\ntuser.dat{1d9b27af-c5b5-11df-bea4-b482fe381f3d}.TM.blf
[2010.09.21 22:14:57 | 000,266,752 | ---- | M] (Microsoft Corporation) -- C:\Users\pater\Desktop\iertutil.dll
[2010.09.21 19:21:08 | 000,524,288 | -HS- | M] () -- C:\Users\pater\ntuser.dat{be99926f-c532-11df-8acd-b482fe381f3d}.TMContainer00000000000000000002.regtrans-ms
[2010.09.21 19:21:08 | 000,524,288 | -HS- | M] () -- C:\Users\pater\ntuser.dat{be99926f-c532-11df-8acd-b482fe381f3d}.TMContainer00000000000000000001.regtrans-ms
[2010.09.21 19:21:08 | 000,065,536 | -HS- | M] () -- C:\Users\pater\ntuser.dat{be99926f-c532-11df-8acd-b482fe381f3d}.TM.blf
[2010.09.19 08:18:53 | 000,007,632 | ---- | M] () -- C:\Users\pater\AppData\Local\resmon.resmoncfg
[2010.09.18 06:50:19 | 000,000,000 | -H-- | M] () -- C:\Windows\wusa.lock
[2010.09.15 15:01:42 | 000,010,946 | ---- | M] () -- C:\Users\pater\Documents\Žádám vás o zakončení zasílaní reklamy.docx
[2010.09.15 10:01:27 | 022,823,424 | ---- | M] () -- C:\Users\pater\Desktop\ispring_pro_5_5_1.msi
[2010.09.09 20:58:06 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2010.09.09 18:08:04 | 000,000,107 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010.09.09 11:45:37 | 000,003,584 | ---- | M] () -- C:\Users\pater\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.07 17:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010.09.07 17:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010.09.07 16:52:29 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010.09.07 16:52:09 | 000,121,936 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010.09.07 16:47:49 | 000,028,752 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010.09.07 16:47:33 | 000,061,008 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010.09.07 16:47:10 | 000,020,048 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010.09.07 08:32:31 | 000,417,891 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.09.06 15:48:59 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.09.04 23:48:04 | 000,001,103 | ---- | M] () -- C:\Users\pater\Desktop\G25 Racing Wheel – zástupce.lnk
[2010.09.04 23:23:13 | 000,033,344 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys
[2010.09.04 22:12:03 | 000,524,288 | -HS- | M] () -- C:\Users\pater\ntuser.dat{e525880e-b851-11df-9f3b-b482fe381f3d}.TMContainer00000000000000000002.regtrans-ms
[2010.09.04 22:12:03 | 000,524,288 | -HS- | M] () -- C:\Users\pater\ntuser.dat{e525880e-b851-11df-9f3b-b482fe381f3d}.TMContainer00000000000000000001.regtrans-ms
[2010.09.04 22:12:03 | 000,065,536 | -HS- | M] () -- C:\Users\pater\ntuser.dat{e525880e-b851-11df-9f3b-b482fe381f3d}.TM.blf
[2010.09.04 16:36:53 | 000,524,288 | -HS- | M] () -- C:\Users\pater\ntuser.dat{979a8550-b82f-11df-b33b-b482fe381f3d}.TMContainer00000000000000000002.regtrans-ms
[2010.09.04 16:36:53 | 000,524,288 | -HS- | M] () -- C:\Users\pater\ntuser.dat{979a8550-b82f-11df-b33b-b482fe381f3d}.TMContainer00000000000000000001.regtrans-ms
[2010.09.04 16:36:53 | 000,065,536 | -HS- | M] () -- C:\Users\pater\ntuser.dat{979a8550-b82f-11df-b33b-b482fe381f3d}.TM.blf
[2010.08.31 15:30:24 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010.08.31 07:19:12 | 002,441,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[1 C:\Users\pater\AppData\Roaming\*.tmp files -> C:\Users\pater\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.09.28 18:22:17 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2010.09.28 14:31:02 | 000,524,288 | -HS- | C] () -- C:\Users\pater\ntuser.dat{c877379f-ca09-11df-bfa7-b482fe381f3d}.TMContainer00000000000000000002.regtrans-ms
[2010.09.28 14:31:02 | 000,524,288 | -HS- | C] () -- C:\Users\pater\ntuser.dat{c877379f-ca09-11df-bfa7-b482fe381f3d}.TMContainer00000000000000000001.regtrans-ms
[2010.09.28 14:31:02 | 000,065,536 | -HS- | C] () -- C:\Users\pater\ntuser.dat{c877379f-ca09-11df-bfa7-b482fe381f3d}.TM.blf
[2010.09.21 23:47:57 | 000,000,991 | ---- | C] () -- C:\Users\pater\Desktop\jv16 PowerTools 2009.lnk
[2010.09.21 21:53:58 | 000,524,288 | -HS- | C] () -- C:\Users\pater\ntuser.dat{1d9b27af-c5b5-11df-bea4-b482fe381f3d}.TMContainer00000000000000000002.regtrans-ms
[2010.09.21 21:53:58 | 000,524,288 | -HS- | C] () -- C:\Users\pater\ntuser.dat{1d9b27af-c5b5-11df-bea4-b482fe381f3d}.TMContainer00000000000000000001.regtrans-ms
[2010.09.21 21:53:58 | 000,065,536 | -HS- | C] () -- C:\Users\pater\ntuser.dat{1d9b27af-c5b5-11df-bea4-b482fe381f3d}.TM.blf
[2010.09.21 21:34:14 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.09.21 18:59:37 | 000,524,288 | -HS- | C] () -- C:\Users\pater\ntuser.dat{be99926f-c532-11df-8acd-b482fe381f3d}.TMContainer00000000000000000002.regtrans-ms
[2010.09.21 18:59:37 | 000,524,288 | -HS- | C] () -- C:\Users\pater\ntuser.dat{be99926f-c532-11df-8acd-b482fe381f3d}.TMContainer00000000000000000001.regtrans-ms
[2010.09.21 18:59:37 | 000,065,536 | -HS- | C] () -- C:\Users\pater\ntuser.dat{be99926f-c532-11df-8acd-b482fe381f3d}.TM.blf
[2010.09.18 06:46:00 | 000,000,000 | -H-- | C] () -- C:\Windows\wusa.lock
[2010.09.15 15:01:41 | 000,010,946 | ---- | C] () -- C:\Users\pater\Documents\Žádám vás o zakončení zasílaní reklamy.docx
[2010.09.15 10:05:44 | 022,823,424 | ---- | C] () -- C:\Users\pater\Desktop\ispring_pro_5_5_1.msi
[2010.09.12 18:17:09 | 575,306,000 | ---- | C] () -- C:\Users\pater\Documents\Microsoft Office 2007 Enterprise CZ.rar
[2010.09.09 11:45:37 | 000,003,584 | ---- | C] () -- C:\Users\pater\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.08 14:28:59 | 000,000,024 | ---- | C] () -- C:\ProgramData\__FileUploader.log
[2010.09.08 14:21:56 | 000,000,107 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010.09.08 14:21:55 | 000,196,096 | ---- | C] () -- C:\Windows\SysWow64\macd32.dll
[2010.09.08 14:21:55 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\mase32.dll
[2010.09.08 14:21:55 | 000,136,192 | ---- | C] () -- C:\Windows\SysWow64\mamc32.dll
[2010.09.08 14:21:55 | 000,057,856 | ---- | C] () -- C:\Windows\SysWow64\masd32.dll
[2010.09.08 14:21:55 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\ma32.dll
[2010.09.08 14:18:47 | 000,027,807 | ---- | C] () -- C:\Windows\wmprfell.prx
[2010.09.08 14:18:47 | 000,025,269 | ---- | C] () -- C:\Windows\WMPrfAra.prx
[2010.09.08 14:18:47 | 000,020,704 | ---- | C] () -- C:\Windows\WMPrfJpn.prx
[2010.09.08 14:18:47 | 000,020,481 | ---- | C] () -- C:\Windows\wmprfheb.prx
[2010.09.08 14:18:47 | 000,020,055 | ---- | C] () -- C:\Windows\wmprfsky.prx
[2010.09.08 14:18:47 | 000,019,751 | ---- | C] () -- C:\Windows\wmprfhun.prx
[2010.09.08 14:18:47 | 000,019,437 | ---- | C] () -- C:\Windows\wmprffra.prx
[2010.09.08 14:18:47 | 000,018,878 | ---- | C] () -- C:\Windows\wmprfcsy.prx
[2010.09.08 14:18:47 | 000,018,536 | ---- | C] () -- C:\Windows\wmprfplk.prx
[2010.09.08 14:18:47 | 000,018,422 | ---- | C] () -- C:\Windows\wmprfptg.prx
[2010.09.08 14:18:47 | 000,017,953 | ---- | C] () -- C:\Windows\wmprfesp.prx
[2010.09.08 14:18:47 | 000,017,903 | ---- | C] () -- C:\Windows\WMPrfKor.prx
[2010.09.08 14:18:47 | 000,017,830 | ---- | C] () -- C:\Windows\wmprfita.prx
[2010.09.08 14:18:47 | 000,017,199 | ---- | C] () -- C:\Windows\wmprfptb.prx
[2010.09.08 14:18:47 | 000,017,025 | ---- | C] () -- C:\Windows\WMPrfDeu.prx
[2010.09.08 14:18:47 | 000,017,019 | ---- | C] () -- C:\Windows\wmprfsve.prx
[2010.09.08 14:18:47 | 000,016,822 | ---- | C] () -- C:\Windows\wmprftrk.prx
[2010.09.08 14:18:47 | 000,016,814 | ---- | C] () -- C:\Windows\wmprfslv.prx
[2010.09.08 14:18:47 | 000,016,446 | ---- | C] () -- C:\Windows\wmprfnor.prx
[2010.09.08 14:18:47 | 000,016,398 | ---- | C] () -- C:\Windows\wmprfnld.prx
[2010.09.08 14:18:47 | 000,016,265 | ---- | C] () -- C:\Windows\wmprffin.prx
[2010.09.08 14:18:47 | 000,015,903 | ---- | C] () -- C:\Windows\wmprfdan.prx
[2010.09.08 14:18:47 | 000,000,635 | ---- | C] () -- C:\Windows\wmprfrus.prx
[2010.09.08 14:18:47 | 000,000,083 | ---- | C] () -- C:\Windows\WMPrfCHS.prx
[2010.09.08 14:18:47 | 000,000,077 | ---- | C] () -- C:\Windows\WMPrfCHT.prx
[2010.09.08 14:16:58 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2010.09.06 15:48:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.04 23:48:04 | 000,001,103 | ---- | C] () -- C:\Users\pater\Desktop\G25 Racing Wheel – zástupce.lnk
[2010.09.04 20:27:04 | 000,524,288 | -HS- | C] () -- C:\Users\pater\ntuser.dat{e525880e-b851-11df-9f3b-b482fe381f3d}.TMContainer00000000000000000002.regtrans-ms
[2010.09.04 20:27:04 | 000,524,288 | -HS- | C] () -- C:\Users\pater\ntuser.dat{e525880e-b851-11df-9f3b-b482fe381f3d}.TMContainer00000000000000000001.regtrans-ms
[2010.09.04 20:27:04 | 000,065,536 | -HS- | C] () -- C:\Users\pater\ntuser.dat{e525880e-b851-11df-9f3b-b482fe381f3d}.TM.blf
[2010.09.04 16:36:53 | 000,524,288 | -HS- | C] () -- C:\Users\pater\ntuser.dat{979a8550-b82f-11df-b33b-b482fe381f3d}.TMContainer00000000000000000002.regtrans-ms
[2010.09.04 16:36:53 | 000,524,288 | -HS- | C] () -- C:\Users\pater\ntuser.dat{979a8550-b82f-11df-b33b-b482fe381f3d}.TMContainer00000000000000000001.regtrans-ms
[2010.09.04 16:36:53 | 000,065,536 | -HS- | C] () -- C:\Users\pater\ntuser.dat{979a8550-b82f-11df-b33b-b482fe381f3d}.TM.blf
[2010.08.31 15:30:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.08.21 09:53:29 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.08.15 09:59:03 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010.08.05 17:02:22 | 000,000,093 | ---- | C] () -- C:\Users\pater\AppData\Local\fusioncache.dat
[2010.08.05 17:01:10 | 001,497,316 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.08.03 23:07:49 | 000,007,632 | ---- | C] () -- C:\Users\pater\AppData\Local\resmon.resmoncfg
[2010.03.13 06:53:08 | 000,099,328 | ---- | C] () -- C:\Windows\SysWow64\ErrorReporting.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2001.01.12 11:52:26 | 000,044,032 | ---- | C] () -- C:\Windows\SysWow64\vbpng1.dll
[2001.01.12 11:49:38 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll

========== LOP Check ==========

[2010.09.22 19:09:18 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\App Launcher Gadget
[2010.07.24 07:57:21 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Artisteer
[2010.08.14 18:41:32 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\DAEMON Tools Lite
[2010.07.24 10:25:07 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Dream Aquarium
[2010.09.28 14:26:44 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\FinalMediaPlayer
[2010.09.28 14:26:44 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\GHISLER
[2010.09.21 18:51:38 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\IcoFX
[2010.09.14 20:01:20 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\KASTNER software
[2010.08.16 16:02:28 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Leadertech
[2010.09.28 18:22:46 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Spyware Terminator
[2010.07.24 08:50:19 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Thunderbird
[2010.08.16 07:45:42 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Uniblue
[2010.08.04 09:25:24 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Zoner
[2010.09.29 16:12:01 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\Final Media Player Update Checker.job
[2010.09.26 09:06:10 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.07.14 03:39:41 | 001,475,072 | ---- | M] (Microsoft Corporation)
"ISUSPM Startup" = "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup -- [2005.08.11 16:30:30 | 000,249,856 | ---- | M] (Macrovision Corporation)
"SpybotSD TeaTimer" = C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe -- [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)
"swg" = "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -- [2010.07.24 09:12:36 | 000,039,408 | ---- | M] (Google Inc.)
"SpywareTerminatorUpdate" = "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" -- [2010.09.28 16:56:57 | 003,037,696 | ---- | M] (Crawler.com)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.07.24 15:53:08 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Adobe
[2010.09.22 19:09:18 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\App Launcher Gadget
[2010.07.24 07:57:21 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Artisteer
[2010.07.24 10:58:39 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Corel
[2010.08.14 18:41:32 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\DAEMON Tools Lite
[2010.07.24 10:25:07 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Dream Aquarium
[2010.09.28 14:26:44 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\FinalMediaPlayer
[2010.09.28 14:26:44 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\GHISLER
[2010.07.24 09:17:58 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Google
[2010.09.18 00:35:29 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Hamachi
[2010.09.21 18:51:38 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\IcoFX
[2010.07.23 18:40:58 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Identities
[2010.09.08 14:16:29 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\InstallShield
[2010.09.14 20:01:20 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\KASTNER software
[2010.08.16 16:02:28 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Leadertech
[2010.08.16 16:01:20 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Logishrd
[2010.08.16 16:02:34 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Logitech
[2010.07.29 15:40:09 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Macromedia
[2010.07.25 09:05:20 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Malwarebytes
[2009.07.14 17:36:58 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Media Center Programs
[2010.09.14 06:36:25 | 000,000,000 | --SD | M] -- C:\Users\pater\AppData\Roaming\Microsoft
[2010.09.04 21:21:19 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Mozilla
[2010.09.28 14:26:44 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\PSpad
[2010.08.05 17:05:23 | 000,000,000 | RH-D | M] -- C:\Users\pater\AppData\Roaming\SecuROM
[2010.09.18 01:11:50 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Skype
[2010.09.18 00:05:02 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\skypePM
[2010.09.28 18:22:46 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Spyware Terminator
[2010.07.24 08:50:19 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Thunderbird
[2010.08.16 07:45:42 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Uniblue
[2010.08.16 19:18:46 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\WinRAR
[2010.08.04 09:25:24 | 000,000,000 | ---D | M] -- C:\Users\pater\AppData\Roaming\Zoner

< %APPDATA%\*.exe /s >
[2010.09.08 12:32:42 | 000,022,016 | R--- | M] () -- C:\Users\pater\AppData\Roaming\Microsoft\Installer\{2EE90F26-20B3-4423-81DE-E57E5D2E4FEF}\Icon2EE90F261.exe
[2010.07.24 10:54:48 | 000,010,134 | R--- | M] () -- C:\Users\pater\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe
[2010.07.24 10:54:48 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\pater\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe

< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\pater\Dokumenty\DriverGenius\Backup\Driver Backup 8-16-2010-152959\Kanál IDE#1\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\pater\Dokumenty\DriverGenius\Backup\Driver Backup 8-16-2010-152959\Kanál IDE#2\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\pater\Dokumenty\DriverGenius\Backup\Driver Backup 8-16-2010-152959\Kanál IDE#3\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\pater\Dokumenty\DriverGenius\Backup\Driver Backup 8-16-2010-152959\Kanál IDE\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\pater\Dokumenty\DriverGenius\Backup\Driver Backup 8-16-2010-152959\PCI Standardní dvoukanálový řadič IDE#1\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\pater\Dokumenty\DriverGenius\Backup\Driver Backup 8-16-2010-152959\PCI Standardní dvoukanálový řadič IDE\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Users\pater\Dokumenty\DriverGenius\Backup\Driver Backup 8-16-2010-152959\Jednotka CD-ROM#1\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Users\pater\Dokumenty\DriverGenius\Backup\Driver Backup 8-16-2010-152959\Jednotka CD-ROM\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: IASTORV.SYS >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2010.06.14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010.06.14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
[2009.08.29 08:59:32 | 011,406,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wmp.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
[2009.08.29 08:59:32 | 011,406,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wmp.dll

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.09.28 14:32:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWOW64\config.nt

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:AE0AA55BA1B6B994
< End of report >

Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
@Alternate Data Stream - 24 bytes -> C:\Windows:AE0AA55BA1B6B994
O32 - AutoRun File - [2009.11.27 15:40:12 | 000,345,360 | R--- | M] (Valve Corporation) - G:\autorun.exe -- [ CDFS ]
O33 - MountPoints2\{faec843e-b051-11df-b7d6-b482fe381f3d}\Shell\AutoRun\command - "" = H:\setup.exe -- File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\ProgramData\.zreglib
C:\ProgramData\ezsidmv.dat

:commands
[emptytemp]
[EMPTYFLASH]
[resethosts]
[Reboot]

-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde

Takže tady je log co vyskočil po restartu.

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
ADS C:\Windows:AE0AA55BA1B6B994 deleted successfully.
File move failed. G:\autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{faec843e-b051-11df-b7d6-b482fe381f3d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{faec843e-b051-11df-b7d6-b482fe381f3d}\ not found.
File H:\setup.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}\ not found.
File {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPDD24.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI39A0.tmp moved successfully.
C:\WINDOWS\Installer\MSI51D.tmp moved successfully.
C:\WINDOWS\Installer\MSI532D.tmp moved successfully.
C:\WINDOWS\Installer\MSI78E6.tmp moved successfully.
C:\WINDOWS\Installer\MSI7CF0.tmp moved successfully.
C:\WINDOWS\Installer\MSICC52.tmp moved successfully.
C:\WINDOWS\Installer\MSIE48A.tmp moved successfully.
C:\ProgramData\.zreglib moved successfully.
C:\ProgramData\ezsidmv.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: pater
->Temp folder emptied: 5696830 bytes
->Temporary Internet Files folder emptied: 4752180 bytes
->Java cache emptied: 1946995 bytes
->FireFox cache emptied: 2643671 bytes
->Flash cache emptied: 5600 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1852058 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68045 bytes
RecycleBin emptied: 4497273534 bytes

Total Files Cleaned = 4 305,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: pater
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.14.1 log created on 09302010_193932

Files\Folders moved on Reboot...
File move failed. G:\autorun.exe scheduled to be moved on reboot.
C:\Users\pater\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\pater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BRSAHJXK\viewtopic[1].htm moved successfully.
C:\Users\pater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8Y00214P\afr[1].htm moved successfully.
C:\Users\pater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8Y00214P\go[1].htm moved successfully.
C:\Users\pater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\77ZFHZLL\afr[1].htm moved successfully.
C:\Users\pater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\77ZFHZLL\afr[2].htm moved successfully.
C:\Users\pater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\77ZFHZLL\honeypot_export[1].htm moved successfully.
C:\Users\pater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

PS: zjistil jsem ještě jeden vážný problém.
Používám jako pošťáka Mozillu Tunderbird a u jednohho účtu mi to při odeslání odpovědi u e-mailu odeslaného připíše k jeho e-mail adrese písmenko e to znamená pokud je jeho e-mail xxx@seznam.cz tak to vypadá takhle exxx@seznam.cz a samozřejmě že e-mail neodejde přijde chybová zpráva.
A ještě se nenačetli po restartu nové aktualizace ale ty jdu zkusit teď po práci OTL znovu doinstalovat.

Zatím moc děkuji za snahu mi pomoct.

Zajímavé, změnilo se něco?

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

Moc dík jdu na věc.
Měl bych dotaz zítra po obědě odjíždím do Brna a beru sebou notebook můžeme se ještě dopoledne spojit pokud ten sken bude trvat delší dobu a vy už dnes na webu nebudete?

Já Vám nemůžu slíbit, že tu dopoledne budu, ale pokusím se. jinak ted tu budu asi do půlnoci, ale během dopoledne se pokusím nakouknout

VIRY.CZ

Problém s klikáním

Problém s klikáním

Re: Problém s klikáním

Re: Problém s klikáním

Re: Problém s klikáním

Re: Problém s klikáním

Re: Problém s klikáním

Re: Problém s klikáním

Re: Problém s klikáním

Re: Problém s klikáním

Re: Problém s klikáním

Re: Problém s klikáním

Re: Problém s klikáním

Re: Problém s klikáním

Re: Problém s klikáním

Re: Problém s klikáním