Kontrola logu Vyřešeno

[Alarma]

Smazal jsem je, spustil znova podle návodu, ale vyplivlo mi to jenom OTL.txt.

Pořád koukám na procesy a ten ESET si fakt veme těch 25 - 50% výkonu procesoru, a dělá to to že jakýkoliv program zatuhne třeba na 10s (Mozilla, Total Comander, QIP,...), je to uplně jedno jaký program to je. Acho jo, nedá se tak pracovat vůbec...

OTL logfile created on: 12.10.2009 18:35:06 - Run 2
OTL by OldTimer - Version 3.0.20.0 Folder = D:\Stahuj
64bit-Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): d:\pagefile.sys 12000 12000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 24,41 Gb Total Space | 6,20 Gb Free Space | 25,40% Space Free | Partition Type: NTFS
Drive D: | 124,63 Gb Total Space | 2,56 Gb Free Space | 2,06% Space Free | Partition Type: NTFS
Drive E: | 5,89 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALARMA-PC
Current User Name: ALARMA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Aston\Aston.exe (Gladiators Software)
PRC - C:\Program Files (x86)\Aston\XP\internat.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\GIGABYTE\GEST\gest.exe ()
PRC - C:\Program Files (x86)\GIGABYTE\GEST\GSvr.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\totalcmd\TOTALCMD.EXE (C. Ghisler & Co.)
PRC - C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
PRC - C:\Program Files (x86)\WinFast PVR2\WFDTV\DTVSchdl.exe (Leadtek Research Inc.)
PRC - C:\Program Files (x86)\WinFast PVR2\WFDTV\WFWIZ.exe (Leadtek Research Inc.)
PRC - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
PRC - D:\Stahuj\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GEST Service [On_Demand | Running]) -- C:\Program Files (x86)\GIGABYTE\GEST\GSvr.exe ()
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (KeyIso [On_Demand | Stopped]) -- C:\Windows\SysWow64\keyiso.dll (Microsoft Corporation)
SRV - (lxdn_device [Auto | Running]) -- C:\Windows\SysWow64\lxdncoms.exe ( )
SRV - (MSDTC [Unknown | Stopped]) -- C:\Windows\SysWow64\Msdtc [2006.11.02 15:34:14 | 00,000,000 | ---D | M]
SRV - (Nero BackItUp Scheduler 3 [Auto | Running]) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (Netlogon [On_Demand | Stopped]) -- C:\Windows\SysWow64\netlogon.dll (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Running]) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SBSDWSCService [Auto | Running]) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Stereo Service [Auto | Running]) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (UleadBurningHelper [Auto | Running]) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (vds [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vds.mof ()
SRV - (VSS [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vss.mof ()
SRV:64bit: - (AppMgmt [On_Demand | Stopped]) -- C:\Windows\SysNative\appmgmts.dll ()
SRV:64bit: - (CscService [Auto | Running]) -- C:\Windows\SysNative\cscsvc.dll ()
SRV:64bit: - (EhttpSrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV:64bit: - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV:64bit: - (Fax [On_Demand | Stopped]) -- C:\Windows\SysNative\fxssvc.exe ()
SRV:64bit: - (lxdn_device [Auto | Running]) -- C:\Windows\SysNative\lxdncoms.exe ()
SRV:64bit: - (lxdnCATSCustConnectService [Auto | Stopped]) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\lxdnserv.exe ()
SRV:64bit: - (UmRdpService [On_Demand | Stopped]) -- C:\Windows\SysNative\umrdp.dll ()
SRV:64bit: - (wbengine [On_Demand | Stopped]) -- C:\Windows\SysNative\wbengine.exe ()
SRV:64bit: - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (CSC [System | Running]) -- C:\Windows\CSC [2008.09.11 11:31:13 | 00,000,000 | ---D | M]
DRV - (ET5Drv [On_Demand | Running]) -- C:\Windows\ET5Drv.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (gdrv [On_Demand | Running]) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (mpsdrv [On_Demand | Running]) -- C:\Windows\SysWow64\Wbem\mpsdrv.mof ()
DRV - (Tcpip [System | Running]) -- C:\Windows\SysWow64\Wbem\tcpip.mof ()
DRV:64bit: - (CSC [System | Running]) -- C:\Windows\SysNative\drivers\csc.sys ()
DRV:64bit: - (CX88VID [On_Demand | Running]) -- C:\Windows\SysNative\drivers\cxavsvid.sys ()
DRV:64bit: - (eamon [Auto | Running]) -- C:\Windows\SysNative\DRIVERS\eamon.sys ()
DRV:64bit: - (easdrv [System | Running]) -- C:\Windows\SysNative\DRIVERS\easdrv.sys ()
DRV:64bit: - (ENTECH64 [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys ()
DRV:64bit: - (epfw [Auto | Running]) -- C:\Windows\SysNative\DRIVERS\epfw.sys ()
DRV:64bit: - (Epfwndis [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\Epfwndis.sys ()
DRV:64bit: - (epfwtdi [System | Running]) -- C:\Windows\SysNative\DRIVERS\epfwtdi.sys ()
DRV:64bit: - (fvevol [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\fvevol.sys ()
DRV:64bit: - (hamachi [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\hamachi.sys ()
DRV:64bit: - (HdAudAddService [On_Demand | Stopped]) -- C:\Windows\SysNative\drivers\HdAudio.sys ()
DRV:64bit: - (JRAID [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\jraid.sys ()
DRV:64bit: - (LUM [System | Running]) -- C:\Windows\SysNative\drivers\LUM.sys ()
DRV:64bit: - (P17 [On_Demand | Running]) -- C:\Windows\SysNative\drivers\P17.sys ()
DRV:64bit: - (RTL8169 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (s916bus [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\s916bus.sys ()
DRV:64bit: - (s916mdfl [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\s916mdfl.sys ()
DRV:64bit: - (s916mdm [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\s916mdm.sys ()
DRV:64bit: - (s916mgmt [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\s916mgmt.sys ()
DRV:64bit: - (sptd [Boot | Running]) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (WIBUKEY [Auto | Running]) -- C:\Windows\SysNative\DRIVERS\WibuKey64.sys ()
DRV:64bit: - (WmBEnum [On_Demand | Running]) -- C:\Windows\SysNative\drivers\WmBEnum.sys ()
DRV:64bit: - (WmFilter [On_Demand | Stopped]) -- C:\Windows\SysNative\drivers\WmFilter.sys ()
DRV:64bit: - (WmHidLo [On_Demand | Stopped]) -- C:\Windows\SysNative\drivers\WmHidLo.sys ()
DRV:64bit: - (WmVirHid [On_Demand | Stopped]) -- C:\Windows\SysNative\drivers\WmVirHid.sys ()
DRV:64bit: - (WmXlCore [On_Demand | Running]) -- C:\Windows\SysNative\drivers\WmXlCore.sys ()
DRV:64bit: - (WpdUsb [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.centrum.cz"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0
FF - prefs.js..extensions.enabledItems: {24cc1362-11c6-4918-a2c0-b9ee5a563185}:1.5.48.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}:6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: support@pdfcreator-toolbar.org:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.43

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009.05.24 18:35:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009.04.24 10:27:51 | 00,000,000 | ---D | M]

[2008.12.17 23:34:15 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\mozilla\Extensions
[2008.12.17 23:34:15 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.03.19 20:47:12 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\mozilla\Firefox\Profiles\hdswhmu6.default\extensions
[2009.02.05 19:54:00 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\mozilla\Firefox\Profiles\hdswhmu6.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185}
[2008.12.17 23:40:26 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\mozilla\Firefox\Profiles\hdswhmu6.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
[2008.12.17 23:40:51 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\mozilla\Firefox\Profiles\hdswhmu6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008.12.18 11:56:30 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\mozilla\Firefox\Profiles\hdswhmu6.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009.03.19 20:47:12 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2008.12.19 12:34:23 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008.12.17 23:35:26 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2008.12.17 23:35:26 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008.10.31 23:29:04 | 00,023,040 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2008.10.31 23:29:04 | 00,134,656 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2007.04.10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
[2007.04.30 16:29:22 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll
[2008.10.31 23:29:04 | 00,065,536 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2006.10.26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL
[2005.09.24 05:44:16 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2009.04.24 10:27:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2009.04.24 10:27:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2009.04.24 10:27:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2009.04.24 10:27:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2009.04.24 10:27:51 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2009.04.24 10:27:51 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2009.04.24 10:27:51 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2008.04.16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2008.03.31 21:06:24 | 00,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2008.03.31 21:06:24 | 00,001,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mall-cz.xml
[2008.01.27 11:57:20 | 00,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2008.01.27 11:57:20 | 00,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2008.03.31 21:06:24 | 00,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: (685698 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 123moviedownload.com
O1 - Hosts: 127.0.0.1 123simsen.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 125sms.co.uk
O1 - Hosts: 127.0.0.1 125sms.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 1337crew.info
O1 - Hosts: 127.0.0.1 1337-crew.to
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 150freesms.de
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 171203.com
O1 - Hosts: 127.0.0.1 17concepts.info
O1 - Hosts: 127.0.0.1 17-plus.com
O1 - Hosts: 127.0.0.1 1800searchonline.com
O1 - Hosts: 127.0.0.1 180searchassistant.com
O1 - Hosts: 127.0.0.1 180solutions.com
O1 - Hosts: 127.0.0.1 181.365soft.info
O1 - Hosts: 127.0.0.1 1987324.com
O1 - Hosts: 127.0.0.1 1-domains-registrations.com
O1 - Hosts: 127.0.0.1 1sexparty.com
O1 - Hosts: 127.0.0.1 1sms.de
O1 - Hosts: 11752 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Panel nástrojů) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Panel nástrojů) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Panel nástrojů) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Panel nástrojů) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [lxdnamon] C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe ()
O4:64bit: - HKLM..\Run: [lxdnmon.exe] C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [WinFast Schedule] C:\Program Files (x86)\WinFast PVR2\WFDTV\WFWIZ.exe (Leadtek Research Inc.)
O4 - HKLM..\Run: [WinFastDTV] C:\Program Files (x86)\WinFast PVR2\WFDTV\DTVSchdl.exe (Leadtek Research Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - Startup: C:\Users\ALARMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\egui – zástupce.lnk = C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - Startup: C:\Users\ALARMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gest – zástupce.lnk = C:\Program Files (x86)\GIGABYTE\GEST\gest.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\winrnr.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\NLAapi.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\napinsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWow64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWow64\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWow64\napinsp.dll (Společnost Microsoft)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWow64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWow64\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 99 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.81.64.34 88.81.92.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll ()
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWow64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWow64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWow64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - application/octet-stream - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter: - application/x-complus - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter: - application/x-msdownload - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter: - deflate - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter: - gzip - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll ()
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) - C:\Windows\SysWow64\Userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\PROGRA~2\Aston\aston.exe) - C:\Program Files (x86)\Aston\Aston.exe (Gladiators Software)
O20 - HKCU Winlogon: Shell - (svchost.exe) - C:\Windows\SysWow64\svchost.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll ()
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWow64\browseui.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll ()
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll ()
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll ()
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll ()
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.05 10:53:54 | 00,000,252 | -H-- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009.10.06 08:21:29 | 00,000,000 | ---D | C] -- C:\ProgramData\Link Data Security
[2009.10.12 08:15:32 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.10.12 08:15:39 | 00,000,000 | ---D | C] -- C:\Users\ALARMA\AppData\Roaming\Malwarebytes
[2009.10.05 20:00:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Graphisoft Shared
[2009.10.12 08:15:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009.10.05 20:00:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\WIBU-SYSTEMS
[2009.10.05 19:57:00 | 00,000,000 | ---D | C] -- C:\Program Files\Graphisoft
[2009.10.05 20:00:36 | 00,000,000 | ---D | C] -- C:\Program Files\WIBU-SYSTEMS
[2009.10.12 08:15:35 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009.10.05 20:01:11 | 00,022,016 | ---- | C] (WIBU-SYSTEMS AG) -- C:\Windows\SysWow64\WkWin32.les
[2009.10.05 20:01:11 | 00,014,848 | ---- | C] (WIBU-SYSTEMS AG) -- C:\Windows\SysWow64\WkWin32.lcn
[2009.10.05 20:01:10 | 00,028,672 | ---- | C] (WIBU-SYSTEMS AG) -- C:\Windows\SysWow64\WkWin32.lbr
[2009.10.05 20:01:09 | 00,020,480 | ---- | C] (WIBU-SYSTEMS AG) -- C:\Windows\SysWow64\WkWin32.ljp
[2009.10.05 20:01:08 | 00,028,672 | ---- | C] (WIBU-SYSTEMS AG) -- C:\Windows\SysWow64\WkWin32.lit
[2009.10.05 20:01:08 | 00,022,016 | ---- | C] (WIBU-SYSTEMS AG) -- C:\Windows\SysWow64\WkWin32.lfr
[2009.10.05 20:01:07 | 00,022,016 | ---- | C] (WIBU-SYSTEMS AG) -- C:\Windows\SysWow64\WkWin32.lde
[2009.10.05 20:01:00 | 00,348,160 | ---- | C] (WIBU-SYSTEMS AG) -- C:\Windows\SysWow64\WkExt32.dll
[2009.10.05 20:00:59 | 00,479,232 | ---- | C] (WIBU-SYSTEMS AG) -- C:\Windows\SysWow64\wibuKJni.dll
[2009.10.05 20:00:40 | 00,159,744 | ---- | C] (WIBU-SYSTEMS AG) -- C:\Windows\SysWow64\WkWin32.dll
[2008.12.24 23:16:24 | 00,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdninpa.dll
[2008.12.24 23:16:24 | 00,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdniesc.dll
[2008.12.24 23:16:23 | 00,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnpmui.dll
[2008.12.24 23:16:22 | 01,101,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnserv.dll
[2008.12.24 23:16:22 | 00,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnusb1.dll
[2008.12.24 23:16:22 | 00,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnlmpm.dll
[2008.12.24 23:16:22 | 00,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnprox.dll
[2008.12.24 23:16:21 | 00,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnhbn3.dll
[2008.12.24 23:16:21 | 00,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomm.dll
[2008.12.24 23:16:20 | 00,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomc.dll

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\SysNative\*.tmp files]
[2009.10.12 18:26:24 | 00,612,848 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009.10.12 18:26:24 | 00,476,608 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2009.10.12 18:26:24 | 00,104,570 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009.10.12 18:26:24 | 00,082,366 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2009.10.12 18:26:23 | 01,267,816 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009.10.12 18:23:42 | 00,000,002 | ---- | M] () -- C:\Windows\SysWow64\Dvbpws.dll
[2009.10.12 18:20:15 | 00,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2009.10.12 18:20:14 | 00,032,974 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009.10.12 18:20:12 | 00,032,974 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009.10.12 18:19:38 | 00,003,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.10.12 18:19:37 | 00,003,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.10.12 18:19:35 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.10.12 18:19:34 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.10.12 18:17:59 | 00,000,246 | ---- | M] () -- C:\Windows\win.ini
[2009.10.12 18:00:44 | 00,685,698 | RH-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2009.10.12 15:18:35 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009.10.12 14:27:06 | 00,343,689 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.new
[2009.10.07 22:58:59 | 00,079,360 | ---- | M] () -- C:\Users\ALARMA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.05 20:01:17 | 00,000,989 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk
[2009.10.05 20:00:34 | 00,011,932 | ---- | M] () -- C:\Windows\vpd.properties
[2009.10.04 13:29:09 | 00,000,699 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp.lnk
[2009.09.27 13:03:21 | 02,667,494 | -H-- | M] () -- C:\Users\ALARMA\AppData\Local\IconCache.db
[2009.09.26 19:19:52 | 00,000,142 | ---- | M] () -- C:\Windows\WININIT.INI

========== Files - No Company Name ==========
[2009.10.12 18:19:35 | 00,000,006 | -H-- | C] () -- C:\Windows\tasks\SA.DAT
[2009.10.12 08:15:32 | 00,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009.10.05 20:01:17 | 00,000,989 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk
[2009.10.05 20:01:11 | 00,014,336 | ---- | C] () -- C:\Windows\SysNative\WkWin64.lcn
[2009.10.05 20:01:10 | 00,021,504 | ---- | C] () -- C:\Windows\SysNative\WkWin64.les
[2009.10.05 20:01:09 | 00,019,968 | ---- | C] () -- C:\Windows\SysNative\WkWin64.ljp
[2009.10.05 20:01:09 | 00,019,456 | ---- | C] () -- C:\Windows\SysNative\WkWin64.lhu
[2009.10.05 20:01:08 | 00,020,480 | ---- | C] () -- C:\Windows\SysNative\WkWin64.lit
[2009.10.05 20:01:07 | 00,021,504 | ---- | C] () -- C:\Windows\SysNative\WkWin64.lfr
[2009.10.05 20:01:07 | 00,021,504 | ---- | C] () -- C:\Windows\SysNative\WkWin64.lde
[2009.10.05 20:01:01 | 00,502,272 | ---- | C] () -- C:\Windows\SysNative\WkExt64.dll
[2009.10.05 20:01:00 | 00,599,552 | ---- | C] () -- C:\Windows\SysNative\wibuKJni64.dll
[2009.10.05 20:00:42 | 00,016,896 | ---- | C] () -- C:\Windows\SysNative\drivers\Wibukey2_64.sys
[2009.10.05 20:00:40 | 00,195,072 | ---- | C] () -- C:\Windows\SysNative\WkWin64.dll
[2009.10.05 20:00:40 | 00,107,008 | ---- | C] () -- C:\Windows\SysNative\drivers\WibuKey64.sys
[2009.10.04 13:29:09 | 00,000,699 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp.lnk
[2009.09.26 19:19:52 | 00,000,142 | ---- | C] () -- C:\Windows\WININIT.INI
[2009.05.16 21:20:47 | 00,032,974 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.05.16 14:50:20 | 00,032,974 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.04.28 17:34:12 | 00,000,100 | ---- | C] () -- C:\Windows\WDLS.INI
[2009.03.10 10:37:53 | 00,023,552 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC.dll
[2009.03.10 10:37:10 | 00,000,571 | ---- | C] () -- C:\Windows\SysWow64\FeMakro.ini
[2009.03.10 10:37:10 | 00,000,497 | ---- | C] () -- C:\Windows\SysWow64\FeAnim.ini
[2009.01.25 18:13:09 | 00,000,307 | ---- | C] () -- C:\Windows\game.ini
[2008.12.24 23:52:44 | 00,000,492 | ---- | C] () -- C:\ProgramData\lxdnDiagnostics.log
[2008.12.24 23:52:13 | 00,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2008.12.24 23:16:24 | 00,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDNinst.dll
[2008.12.24 23:16:24 | 00,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdncomx.dll
[2008.12.24 23:16:23 | 00,147,456 | ---- | C] () -- C:\Windows\SysWow64\lxdnjswr.dll
[2008.12.24 23:16:23 | 00,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxdninsr.dll
[2008.12.20 10:28:31 | 00,000,002 | ---- | C] () -- C:\Windows\SysWow64\Dvbpws.dll
[2008.12.20 10:27:44 | 00,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2008.10.27 07:56:16 | 00,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.10.22 05:29:06 | 00,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008.10.09 18:30:04 | 00,000,042 | ---- | C] () -- C:\Windows\AlchemyMindworksUpdateList.INI
[2008.10.07 10:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.09.18 19:32:59 | 00,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2008.09.15 13:10:40 | 00,079,360 | ---- | C] () -- C:\Users\ALARMA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.14 16:35:23 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.09.14 15:57:57 | 01,286,366 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008.09.11 12:45:01 | 00,003,348 | ---- | C] () -- C:\Windows\SysWow64\ludap17.ini
[2008.09.11 12:45:01 | 00,000,078 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2008.09.11 12:44:50 | 00,105,472 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.dll
[2008.09.11 12:44:50 | 00,067,072 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.dll
[2008.09.11 11:56:02 | 02,667,494 | -H-- | C] () -- C:\Users\ALARMA\AppData\Local\IconCache.db
[2008.09.11 11:43:11 | 00,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008.09.11 11:41:57 | 00,057,192 | ---- | C] () -- C:\Users\ALARMA\AppData\Local\GDIPFONTCACHEV1.DAT
[2008.06.05 09:58:26 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2007.11.21 02:02:39 | 00,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdndrs.dll
[2007.11.21 01:44:48 | 00,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdncaps.dll
[2007.10.03 00:51:09 | 00,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdncnv4.dll
[2007.06.07 13:25:42 | 00,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2007.04.09 09:42:00 | 00,148,480 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2007.03.20 17:23:56 | 00,001,669 | ---- | C] () -- C:\Windows\P17EP.ini
[2006.11.02 17:24:55 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006.11.02 17:24:55 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006.11.02 14:34:27 | 00,000,246 | ---- | C] () -- C:\Windows\win.ini
[2006.11.02 14:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006.11.02 14:20:47 | 00,055,858 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 14:18:05 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2009.10.12 08:15:39 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming
[2008.09.15 17:40:41 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Abvent
[2009.10.10 17:50:06 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Abvent_Artlantis2
[2008.10.09 18:32:57 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Alchemy Mindworks
[2008.09.15 15:22:14 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Aston
[2009.01.07 14:18:54 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\BSplayer PRO
[2009.05.13 22:20:41 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\COWON
[2008.09.11 17:09:00 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\DAEMON Tools
[2009.03.01 00:58:45 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\DassaultSystemes
[2009.10.10 09:07:09 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\dvdcss
[2008.09.22 19:48:15 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\EBookSys
[2008.09.11 22:01:49 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\ESET
[2008.12.01 22:28:08 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\FlashGet
[2009.01.04 00:59:01 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\GHISLER
[2009.10.05 20:02:35 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Graphisoft
[2009.10.02 15:53:15 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Hamachi
[2008.12.24 23:42:46 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Lexmark Productivity Studio
[2006.11.02 17:06:33 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Media Center Programs
[2008.10.09 18:21:37 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\mioObjects
[2009.03.10 10:37:25 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\pdfMachine
[2008.10.09 17:15:31 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Planetside Software
[2008.10.05 18:32:49 | 00,000,000 | RH-D | M] -- C:\Users\ALARMA\AppData\Roaming\SecuROM
[2008.10.01 20:03:49 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Sony
[2008.10.09 17:16:25 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\uk.co.planetside
[2009.10.11 19:52:18 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\uTorrent
[2008.11.16 00:18:07 | 00,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Zoner
[2009.10.12 18:19:35 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009.10.12 18:18:38 | 00,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 512 bytes -> C:\ProgramData\TEMP:05EE1EEF
< End of report >

[Reklama]

[Damned]

Eset-NOD32: Fix Dasumo v3.2 hasta el 2038. To může být problém a také Marsu-Fix. Co to je?

[Alarma]

To jsou všechno fixátory na ESET aby byl funkční, na víc dní myslím, ale to už mám strašně dlouho a nerýpal jsem do ESETu ted vůbec, že by to samo od sebe se nějak zmrvilo, nevím

[Damned]

Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

C:\Windows\SysWow64\Dvbpws.dll

[Alarma]

Našel jsem ho a otestoval, podle výsledků vypadá čistý

http://www.virustotal.com/cs/analisis/9 ... 1255372944

[jaro3]

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Custom Scans/Fixes do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL   
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
O13 - gopher Prefix: missing

:Files
C:\ProgramData\nvModes.dat
C:\ProgramData\nvModes.001
C:\Windows\tasks\SA.DAT
C:\Windows\SysNative\drivers\etc\hosts.new
C:\Windows\SysWow64\FeMakro.ini
C:\Windows\SysWow64\FeAnim.ini

:Reg
:Commands
[resethosts]
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Run Fix. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
Ještě otestuj na Virus Total toto:
C:\Windows\SysWow64\APOMngr.dll

Pak počkej na Damneda.

[Alarma]

Tak tu je ten log

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Extensions Off Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Security Risk Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Extensions Off Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Security Risk Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
========== FILES ==========
C:\ProgramData\nvModes.dat moved successfully.
C:\ProgramData\nvModes.001 moved successfully.
C:\Windows\tasks\SA.DAT moved successfully.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.new scheduled to be moved on reboot.
C:\Windows\SysWow64\FeMakro.ini moved successfully.
C:\Windows\SysWow64\FeAnim.ini moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: ALARMA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 41417930 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\Windows\SysNative\SETD665.tmp scheduled to be deleted on reboot.
%systemroot%\System32 (64bit) .tmp files removed: 81616 bytes
Windows Temp folder emptied: 1534 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 39,61 mb


OTL by OldTimer - Version 3.0.20.0 log created on 10122009_214053

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\drivers\etc\hosts.new scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETD665.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[Alarma]

Nejsem si jist, ale hned po restartu systemu to tuhne nejvíc, jakoby se něco spouštělo třeba s nějakým programem, než jsem to ted restartnul tak to beželo vpohodě bez tuhnutí

Jo a ten soubor otestovaný ...

http://www.virustotal.com/cs/analisis/e ... 1255376944

[Damned]

Stáhni si :Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlačítky dole můzeš soubor léčit, smazat, přesunout nebo přejmenovat.Pak napiš výsledek. Sken může trvat dlouho. Nalezenou infekci nejdříve léčit, potom teprve smazat. Pokud něco najde ve složce System Volume Information, tak smazat.

[Alarma]

Ted jsem to projel expresním skenováním a nic to nenašlo , co takhle skusit dát pryč ESET a nahodit Dr.Web Security Space, co když je ESET nějaký pokazený a zasekává se, anebo kontroluje furt něco při práci.

[jaro3]

Ten ESET si odinstaluj (crack) a stáhni si Aviru nebo Avast ( obé free).

vyčisti systém CCleanerem

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Nákazu tam nevidím , takže pokud nejsou problémy , dej vyřešeno , fajfku.

[Alarma]

Ještě jednou jsem projel Dr.Webem jenom disk C, kde mám system a našlo mi to jenom v C:\Documents and Settings\All Users\Apllication Data\Spybot - Search and Destroy\Snapshots 2, tak jsem to vyléčil. Ok odstraním ten ESET a nahodím Avast. CCleaner používám pravidelně.