Sekání PC x Avast Vyřešeno

[Alarma]

Zdravím, prosím o radu, občas se mi sekne počítač tak na 3-5s, mám podezření že mi to dělá Avast. Zkoušel jsem ho spustit a pustit kontrolu antivirovou a byl to děs, sekalo se všechno a skoro se to nedalo ani vypnout ta kontrola, musel jsem to natvrdo restartnout. Posílám log, zda v tom nebude něco jiného, nevím...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:30:34, on 11.5.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\PROGRA~2\Aston\aston.exe
C:\PROGRA~2\Aston\XP\internat.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\WinFast PVR2\WFDTV\DTVSchdl.exe
C:\Program Files (x86)\WinFast PVR2\WFDTV\WFWIZ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files (x86)\GIGABYTE\GEST\gest.exe
C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\WinFast PVR2\WFDTV\DVBTAP.exe
C:\Program Files (x86)\totalcmd\TOTALCMD.EXE
C:\Program Files (x86)\Winamp 5\winamp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Stahuj\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WinFastDTV] "C:\Program Files (x86)\WinFast PVR2\WFDTV\DTVSchdl.exe"
O4 - HKLM\..\Run: [WinFast Schedule] "C:\Program Files (x86)\WinFast PVR2\WFDTV\WFWIZ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime 7\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: gest – zástupce.lnk = C:\Program Files (x86)\GIGABYTE\GEST\gest.exe
O4 - Global Startup: Network Server.lnk = C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\GEST\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9238 bytes

[Reklama]

[M4RTY]

Máš podezření ? Tak ho vypni, nebo zkus jiný..

[Stene]

Zkusil bych log hodit do správné sekce? Hm : )

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime 7\QTTask.exe" -atboottime


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

[Alarma]

Zatím jsem projel systém scanerem MWAW a výsledek níže...Jdu provést ten postup co mi byl doporučen...

Přemístění hodnot registrů: ******** (shell) Previous Value: [C:\PROGRA~2\Aston\aston.exe ,svchost.exe], New Value: [Explorer.exe]
Objekt "Conducent FlexPak Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Spyware.PCAgent Commercial KeyLogger" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Windows\system32\Dvbpws.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files (x86)\Zoner\Photo Studio 11\Program\zoner.photo.studio.v11.0.1.3.enterprise.czech-patch.exe je infikovaný virem Backdoor.Generic.133975 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Windows\System32\Dvbpws.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Windows\SysWOW64\Dvbpws.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor D:\Install\ArchiCAD 12 CZE\3.Patch\archicad.12.build.2285-patch.SQL.fix.x.Z.t.exe je infikovaný virem Backdoor.Bot.61379 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor D:\Install\artlantis.studio.2.0-patch.by.x.Z.rar je infikovaný virem Trojan.Generic.1242060 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor D:\Install\driver\keygen.exe je infikovaný virem Trojan.Generic.1053803 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor D:\Install\Nexis.v3.40.11.CZECH-dT\SETUP\crack.exe je infikovaný virem Trojan.Generic.1903892 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor D:\Install\Nexis.v3.40.11.CZECH-dT\SETUP\data1.cab je infikovaný virem Gen:Trojan.Heur.VB.bm0@dmyhKTci (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor D:\Install\Zoner 11\crack\zoner.photo.studio.v11.0.1.3.enterprise.czech-patch.exe je infikovaný virem Backdoor.Generic.133975 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor D:\Stahuj\170603373_Hanys\Crack_for_LFS_patch_V.rar je infikovaný virem Trojan.Generic.1007859 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor D:\Stahuj\170603373_Hanys\Live For Speed Y Unlocker 1.rar je infikovaný virem Trojan.Generic.2404183 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor D:\Stahuj\crack\LFS.exe je infikovaný virem Trojan.Generic.1007859 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor D:\Stahuj\ip-patch.rar je infikovaný virem Trojan.Generic.776714 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor D:\Výpal\Gamesy\LFS Z\ip-patch.exe je infikovaný virem Trojan.Generic.776714 (DB) !! Provedené akce: Ponecháno, neodstraněno!.


Projel jsem to podle postupu a při fixnutí v HiJackThis položky "O1 - Hosts: ::1 localhost" to hodilo nějakou chybu a nefixlo to, ale ostatní ano. ATF Cleanerem jsem to projel a Malwarem taky a ten mi vyhodil že "Žádné škodlivé položky nebyly zjištěny"

[jaro3]

Toto bys měl smazat:
C:\Program Files (x86)\Zoner\Photo Studio 11\Program\zoner.photo.studio.v11.0.1.3.enterprise.czech-patch.exe
D:\Install\ArchiCAD 12 CZE\3.Patch\archicad.12.build.2285-patch.SQL.fix.x.Z.t.exe
D:\Install\artlantis.studio.2.0-patch.by.x.Z.rar
D:\Install\driver\keygen.exe
D:\Install\Nexis.v3.40.11.CZECH-dT\SETUP\crack.exe
D:\Install\Nexis.v3.40.11.CZECH-dT\SETUP\data1.cab
D:\Install\Zoner 11\crack\zoner.photo.studio.v11.0.1.3.enterprise.czech-patch.exe
D:\Stahuj\170603373_Hanys\Crack_for_LFS_patch_V.rar
D:\Stahuj\170603373_Hanys\Live For Speed Y Unlocker 1.rar
D:\Stahuj\crack\LFS.exe
D:\Stahuj\ip-patch.rar
D:\Výpal\Gamesy\LFS Z\ip-patch.exe
*****************************************************************************************************************************************

Stáhni si OTH
na svojí plochu( pokud používáš Firefox , pravým klikni na OTH link a vyber uložit jako (Save as..).

Stáhni si OTL
na svojí plochu (pokud používáš Firefox , pravým klikni na OTL link a vyber uložit jako (Save as..).

Stáhni si soubor Scan.txt
na svojí plochu (pokud používáš Firefox , pravým klikni na OTL link a vyber uložit jako (Save as..).

Poklepej na soubor OTH na ploše , po spuštění programu klikni na Kill All Processes.Poté klikni na Start OTL .Poklepej Do prázdného okna pod Vlastní skenování /opravy ( Custom Scans box). Objeví se zpráva: Kliknutím na OK vyberete cestu k souboru, kliknutím na Zrušit zrušíte výběr.
Klikni na OK. Objeví se okno průzkumníku , zde klikneš na plochu a najdeš na ní soubor Scan.txt .Klikni na Otevřít.
Poté klikni na Rychle prohledat (Quick Scan). Neměň žádná jiná nastavení . Sken může trvat dlouho.
Kdy sken skončí , objeví se na ploše dva logy:
OTL.Txt a Extras.Txt , jsou uloženy ve stejném místě jako OTL.
Zkopíruj sem prosím celý obsah obou logů.

[Alarma]

Udělal jsem to podle postupu, ale vyplivlo mi to jenom texťák OTL.txt viz níže...

OTL logfile created on: 12.5.2010 8:53:38 - Run 3
OTL by OldTimer - Version 3.2.4.1 Folder = D:\Install\Antiviry, čističe
64bit-Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

8,00 Gb Total Physical Memory | 7,00 Gb Available Physical Memory | 84,00% Memory free
19,00 Gb Paging File | 18,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): d:\pagefile.sys 12000 12000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 24,41 Gb Total Space | 2,39 Gb Free Space | 9,79% Space Free | Partition Type: NTFS
Drive D: | 124,63 Gb Total Space | 3,10 Gb Free Space | 2,48% Space Free | Partition Type: NTFS
Drive E: | 4,18 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALARMA-PC
Current User Name: ALARMA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - D:\Install\Antiviry, čističe\OTL.exe (OldTimer Tools)
PRC - D:\Install\Antiviry, čističe\OTH.scr (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\GIGABYTE\GEST\GSvr.exe ()
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (SafeList) ==========

MOD - D:\Install\Antiviry, čističe\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wpdshext.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\PortableDeviceApi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\WMVCORE.DLL (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\audiodev.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\WMASF.DLL (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\davclnt.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wintrust.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\SLC.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\thumbcache.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\ntshrui.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\ntlanman.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msshsq.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\imagehlp.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\duser.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\drprov.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\actxprxy.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\GdiPlus.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV:64bit: - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV:64bit: - (lxdn_device) -- C:\Windows\SysNative\lxdncoms.exe ()
SRV:64bit: - (lxdnCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdnserv.exe ()
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe ()
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll ()
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll ()
SRV:64bit: - (Fax) -- C:\Windows\SysNative\fxssvc.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (BthServ) -- C:\Windows\SysNative\bthserv.dll ()
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (lxdn_device) -- C:\Windows\SysWow64\lxdncoms.exe ( )
SRV - (GEST Service) -- C:\Program Files (x86)\GIGABYTE\GEST\GSvr.exe ()
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 15:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys ()
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\DRIVERS\aswMonFlt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys ()
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\DRIVERS\seehcri.sys ()
DRV:64bit: - (s916mgmt) Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\DRIVERS\s916mgmt.sys ()
DRV:64bit: - (s916mdm) -- C:\Windows\SysNative\DRIVERS\s916mdm.sys ()
DRV:64bit: - (s916bus) Sony Ericsson Device 916 driver (WDM) -- C:\Windows\SysNative\DRIVERS\s916bus.sys ()
DRV:64bit: - (s916mdfl) -- C:\Windows\SysNative\DRIVERS\s916mdfl.sys ()
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\DRIVERS\jraid.sys ()
DRV:64bit: - (CX88VID) -- C:\Windows\SysNative\drivers\cxavsvid.sys ()
DRV:64bit: - (P17) -- C:\Windows\SysNative\drivers\P17.sys ()
DRV:64bit: - (LUM) -- C:\Windows\SysNative\drivers\LUM.sys ()
DRV:64bit: - (WIBUKEY) -- C:\Windows\SysNative\DRIVERS\WibuKey64.sys ()
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys ()
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\DRIVERS\fvevol.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (BthPan) Zařízení Bluetooth (síť PAN) -- C:\Windows\SysNative\DRIVERS\bthpan.sys ()
DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\Drivers\BTHport.sys ()
DRV:64bit: - (usbvideo) Zobrazovací zařízení USB (WDM) -- C:\Windows\SysNative\Drivers\usbvideo.sys ()
DRV:64bit: - (RFCOMM) Zařízení Bluetooth (RFCOMM protokol TDI) -- C:\Windows\SysNative\DRIVERS\rfcomm.sys ()
DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\DRIVERS\BthEnum.sys ()
DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\Drivers\BTHUSB.sys ()
DRV:64bit: - (usbaudio) Ovladač zvuků USB (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys ()
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys ()
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys ()
DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys ()
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys ()
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys ()
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (CSC) -- C:\Windows\CSC [2008.09.11 11:31:13 | 000,000,000 | ---D | M]
DRV - (ET5Drv) -- C:\Windows\ET5Drv.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page =

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.centrum.cz"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0
FF - prefs.js..extensions.enabledItems: {24cc1362-11c6-4918-a2c0-b9ee5a563185}:2.5.2.13
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.3
FF - prefs.js..extensions.enabledItems: support@pdfcreator-toolbar.org:1.0
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.43

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009.11.25 21:45:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009.11.06 11:05:10 | 000,000,000 | ---D | M]

[2008.12.17 23:34:15 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Mozilla\Extensions
[2009.12.22 13:21:28 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Mozilla\Firefox\Profiles\hdswhmu6.default\extensions
[2009.12.22 13:21:28 | 000,000,000 | ---D | M] (ArchiBar Toolbar) -- C:\Users\ALARMA\AppData\Roaming\Mozilla\Firefox\Profiles\hdswhmu6.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185}
[2008.12.17 23:40:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALARMA\AppData\Roaming\Mozilla\Firefox\Profiles\hdswhmu6.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
[2008.12.17 23:40:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\ALARMA\AppData\Roaming\Mozilla\Firefox\Profiles\hdswhmu6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008.12.18 11:56:30 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\ALARMA\AppData\Roaming\Mozilla\Firefox\Profiles\hdswhmu6.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009.11.06 11:05:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2008.12.17 23:35:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2009.11.06 11:05:34 | 001,012,832 | ---- | M] (www.devalvr.com) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdevalvr.dll
[2008.03.31 21:06:24 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2008.03.31 21:06:24 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mall-cz.xml
[2008.01.27 11:57:20 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seznam-cz.xml
[2008.01.27 11:57:20 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2008.03.31 21:06:24 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.05.05 12:59:50 | 000,393,134 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13577 more lines...
O2 - BHO: (Lexmark Panel nástrojů) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Panel nástrojů) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Panel nástrojů) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Panel nástrojů) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O4:64bit: - HKLM..\Run: [lxdnamon] C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe ()
O4:64bit: - HKLM..\Run: [lxdnmon.exe] C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [WinFast Schedule] C:\Program Files (x86)\WinFast PVR2\WFDTV\WFWIZ.exe (Leadtek Research Inc.)
O4 - HKLM..\Run: [WinFastDTV] C:\Program Files (x86)\WinFast PVR2\WFDTV\DTVSchdl.exe (Leadtek Research Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\ALARMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gest – zástupce.lnk = C:\Program Files (x86)\GIGABYTE\GEST\gest.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.81.64.34 88.81.92.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\PROGRA~2\Aston\aston.exe) - C:\Program Files (x86)\Aston\Aston.exe (Gladiators Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.05 10:53:54 | 000,000,252 | -H-- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2006.11.02 15:34:09 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll ()
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll ()
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll ()
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2006.11.02 15:34:13 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010.05.11 21:09:57 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL
[2010.05.11 21:09:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe
[2010.05.11 21:09:56 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2010.05.11 21:09:56 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE
[2010.05.11 21:09:56 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2010.05.11 21:09:56 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe
[2010.05.11 21:04:37 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2010.05.11 21:04:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld
[2010.05.11 21:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2010.05.03 17:59:22 | 000,000,000 | ---D | C] -- C:\Users\ALARMA\AppData\Roaming\PDF reDirect
[2010.05.02 12:17:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Skype
[2010.04.27 12:22:24 | 000,000,000 | ---D | C] -- C:\Users\ALARMA\Documents\My Digital Editions
[2010.04.07 13:23:59 | 000,000,000 | ---D | C] -- C:\Users\ALARMA\AppData\Roaming\Winamp
[2010.04.07 13:23:58 | 000,000,000 | ---D | C] -- C:\Users\ALARMA\AppData\Roaming\Winamp 5
[2010.04.07 13:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp 5
[2010.04.06 11:43:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webteh
[2010.03.30 15:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest Bluetooth SDK
[2010.03.22 11:47:13 | 000,000,000 | ---D | C] -- C:\Users\ALARMA\Desktop\PCS Diag
[2010.03.22 11:24:27 | 000,000,000 | ---D | C] -- C:\Users\ALARMA\Documents\Sony Ericsson
[2010.03.22 11:20:56 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeF0D5.dll
[2010.03.22 11:16:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avanquest update
[2010.03.22 11:16:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson
[2010.03.12 13:43:40 | 000,000,000 | ---D | C] -- C:\Users\ALARMA\Documents\Tiger Woods PGA TOUR 08
[2010.03.07 12:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Artlantis Studio 3.0.2
[2010.02.22 00:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Cabela's Outdoor Adventures Saves
[2008.12.24 23:16:24 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdninpa.dll
[2008.12.24 23:16:24 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdniesc.dll
[2008.12.24 23:16:23 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnpmui.dll
[2008.12.24 23:16:22 | 001,101,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnserv.dll
[2008.12.24 23:16:22 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnusb1.dll
[2008.12.24 23:16:22 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnlmpm.dll
[2008.12.24 23:16:22 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnprox.dll
[2008.12.24 23:16:21 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnhbn3.dll
[2008.12.24 23:16:21 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomm.dll
[2008.12.24 23:16:20 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomc.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010.05.12 08:53:29 | 007,602,176 | -HS- | M] () -- C:\Users\ALARMA\NTUSER.DAT
[2010.05.12 08:47:44 | 001,267,816 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.05.12 08:47:44 | 000,612,848 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.05.12 08:47:44 | 000,476,608 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2010.05.12 08:47:44 | 000,104,570 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.05.12 08:47:44 | 000,082,366 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2010.05.12 08:42:15 | 000,034,990 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.05.12 08:41:56 | 002,679,736 | -H-- | M] () -- C:\Users\ALARMA\AppData\Local\IconCache.db
[2010.05.12 08:41:55 | 000,000,246 | ---- | M] () -- C:\Windows\win.ini
[2010.05.12 08:41:12 | 000,034,990 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.05.12 08:41:01 | 000,003,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.12 08:41:01 | 000,003,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.12 08:41:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.12 08:40:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.12 01:58:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.05.12 00:14:07 | 000,000,176 | ---- | M] () -- C:\Users\ALARMA\Documents\pinfect.zip
[2010.05.12 00:00:33 | 000,393,117 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.new
[2010.05.11 23:14:36 | 000,000,002 | ---- | M] () -- C:\Windows\SysWow64\Dvbpws.dll
[2010.05.11 21:09:55 | 000,000,054 | ---- | M] () -- C:\Windows\Lic.xxx
[2010.05.11 21:04:36 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2010.05.07 09:03:03 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.05.05 12:59:50 | 000,393,134 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.05.04 16:01:29 | 000,103,424 | ---- | M] () -- C:\Users\ALARMA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.29 15:39:28 | 000,024,664 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.29 13:01:35 | 000,393,134 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100505-125950.backup
[2010.04.22 09:22:13 | 000,392,774 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100429-130135.backup
[2010.04.16 15:33:33 | 000,392,016 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100422-092213.backup
[2010.04.12 08:56:51 | 000,385,972 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100416-153333.backup
[2010.04.06 22:26:34 | 000,385,972 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100412-085651.backup
[2010.04.02 11:49:51 | 000,058,768 | ---- | M] () -- C:\Users\ALARMA\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.02 08:40:22 | 000,272,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.03.25 23:19:49 | 000,381,028 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100406-222634.backup
[2010.03.22 11:20:56 | 000,148,736 | ---- | M] (Avanquest Software) -- C:\ProgramData\hpeF0D5.dll
[2010.03.19 23:25:19 | 000,380,776 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100325-221949.backup
[2010.03.05 15:10:30 | 000,380,325 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100319-222519.backup
[2010.02.28 20:05:38 | 000,380,325 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100305-141030.backup
[2010.02.22 09:45:00 | 000,380,221 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100228-190538.backup
[2010.02.16 17:32:46 | 000,378,519 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100222-084500.backup
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.12 00:14:07 | 000,000,176 | ---- | C] () -- C:\Users\ALARMA\Documents\pinfect.zip
[2010.05.11 21:04:37 | 000,000,522 | ---- | C] () -- C:\Windows\SysWow64\Microsoft.VC80.CRT.manifest
[2010.03.30 15:17:43 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010.03.22 11:20:52 | 000,034,032 | ---- | C] () -- C:\Windows\SysNative\drivers\seehcri.sys
[2010.01.09 00:27:40 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.11.29 19:54:33 | 000,000,026 | ---- | C] () -- C:\Windows\neosetup.INI
[2009.09.26 19:19:52 | 000,000,142 | ---- | C] () -- C:\Windows\WININIT.INI
[2009.08.07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.04.28 17:34:12 | 000,000,100 | ---- | C] () -- C:\Windows\WDLS.INI
[2009.03.10 10:37:53 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC.dll
[2009.01.25 18:13:09 | 000,000,307 | ---- | C] () -- C:\Windows\game.ini
[2008.12.24 23:16:24 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDNinst.dll
[2008.12.24 23:16:24 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdncomx.dll
[2008.12.24 23:16:23 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\lxdnjswr.dll
[2008.12.24 23:16:23 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxdninsr.dll
[2008.12.20 10:28:31 | 000,000,002 | ---- | C] () -- C:\Windows\SysWow64\Dvbpws.dll
[2008.12.20 10:27:44 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2008.10.27 07:56:16 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.10.09 18:30:04 | 000,000,042 | ---- | C] () -- C:\Windows\AlchemyMindworksUpdateList.INI
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.09.18 19:32:59 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2008.09.14 15:57:57 | 001,286,366 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008.09.11 12:45:01 | 000,003,348 | ---- | C] () -- C:\Windows\SysWow64\ludap17.ini
[2008.09.11 12:45:01 | 000,000,078 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2008.09.11 12:44:50 | 000,105,472 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.dll
[2008.09.11 12:44:50 | 000,067,072 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.dll
[2008.09.11 11:43:11 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008.06.05 09:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2007.11.21 02:02:39 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdndrs.dll
[2007.11.21 01:44:48 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdncaps.dll
[2007.10.03 00:51:09 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdncnv4.dll
[2007.06.07 13:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2007.04.09 09:42:00 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2007.03.20 17:23:56 | 000,001,669 | ---- | C] () -- C:\Windows\P17EP.ini
[2006.11.02 14:20:47 | 000,055,858 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 14:18:05 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2008.09.15 17:40:41 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Abvent
[2010.03.07 03:09:59 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Abvent_Artlantis2
[2010.04.27 17:47:05 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Abvent_Artlantis3
[2008.10.09 18:32:57 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Alchemy Mindworks
[2008.09.15 15:22:14 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Aston
[2010.04.16 11:59:36 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\BSplayer PRO
[2009.05.13 22:20:41 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\COWON
[2008.09.11 17:09:00 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\DAEMON Tools
[2009.03.01 00:58:45 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\DassaultSystemes
[2008.09.22 19:48:15 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\EBookSys
[2008.09.11 22:01:49 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\ESET
[2008.12.01 22:28:08 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\FlashGet
[2009.01.04 00:59:01 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\GHISLER
[2010.01.23 21:05:37 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Graphisoft
[2008.12.24 23:42:46 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Lexmark Productivity Studio
[2008.10.09 18:21:37 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\mioObjects
[2010.05.03 17:59:40 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\PDF reDirect
[2009.03.10 10:37:25 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\pdfMachine
[2010.01.29 11:24:43 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\PeerNetworking
[2008.10.09 17:15:31 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Planetside Software
[2008.10.01 20:03:49 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Sony
[2008.10.09 17:16:25 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\uk.co.planetside
[2010.05.11 22:48:54 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\uTorrent
[2009.11.20 23:58:34 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\VitySoft
[2008.11.16 00:18:07 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Zoner
[2010.05.12 01:58:22 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006.11.02 11:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
[2008.09.11 12:28:21 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2007.11.07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007.03.17 13:41:22 | 000,171,136 | RHS- | M] () -- C:\grldr
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007.11.07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007.11.07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007.11.07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007.11.07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007.11.07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007.11.07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007.11.07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007.11.07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007.11.07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007.11.07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010.05.11 10:04:35 | 000,000,103 | ---- | M] () -- C:\mbam-error.txt
[2010.05.12 08:41:44 | 000,000,122 | ---- | M] () -- C:\service.log
[2007.11.07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007.11.07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007.11.07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 512 bytes -> C:\ProgramData\TEMP:05EE1EEF
< End of report >

[jaro3]

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O1 HOSTS File: ([2010.05.05 12:59:50 | 000,393,134 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13577 more lines...
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O34 - HKLM BootExecute: (autocheck autochk) - File not found
@Alternate Data Stream - 512 bytes -> C:\ProgramData\TEMP:05EE1EEF

:Files
C:\WINDOWS\System32\*.tmp /s
C:\WINDOWS\*.tmp /s
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
c:\windows\Tasks\*.job /s
C:\Windows\VDLL.DLL
C:\Windows\SysWow64\runouce.exe
C:\ProgramData\nvModes.dat
C:\Windows\tasks\SA.DAT
C:\Windows\bthservsdp.dat
C:\Users\ALARMA\Documents\pinfect.zip
C:\Windows\SysNative\drivers\etc\hosts.new
C:\Windows\SysWow64\Dvbpws.dll
c:\Users\ALARMA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Windows\SysNative\drivers\etc\hosts.20100505-125950.backup
C:\Windows\SysNative\drivers\etc\hosts.20100429-130135.backup
C:\Windows\SysNative\drivers\etc\hosts.20100422-092213.backup
C:\Windows\SysNative\drivers\etc\hosts.20100416-153333.backup
C:\Windows\SysNative\drivers\etc\hosts.20100412-085651.backup
C:\Windows\SysNative\drivers\etc\hosts.20100406-222634.backup
C:\Windows\SysNative\drivers\etc\hosts.20100325-221949.backup
C:\Windows\SysNative\drivers\etc\hosts.20100319-222519.backup
C:\Windows\SysNative\drivers\etc\hosts.20100305-141030.backup
C:\Windows\SysNative\drivers\etc\hosts.20100228-190538.backup
C:\Windows\SysNative\drivers\etc\hosts.20100222-084500.backup
C:\Windows\SysWow64\*.tmp
C:\Windows\SysNative\*.tmp
C:\ProgramData\*.tmp
C:\Windows\GSetup.ini
C:\Windows\system32\*.tmp

:Reg
:Commands
[resethosts]
[purity]
[emptytemp]
[start explorer]
[Reboot]


Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\ProgramData\hpeF0D5.dll
C:\install.exe
C:\install.ini

Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkazy na stránky s výsledky.

[Alarma]

tak tady to je...
OTL:

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
127.0.0.1 localhost removed from HOSTS file successfully
::1 localhost removed from HOSTS file successfully
127.0.0.1 www.007guard.com removed from HOSTS file successfully
127.0.0.1 007guard.com removed from HOSTS file successfully
127.0.0.1 008i.com removed from HOSTS file successfully
127.0.0.1 www.008k.com removed from HOSTS file successfully
127.0.0.1 008k.com removed from HOSTS file successfully
127.0.0.1 www.00hq.com removed from HOSTS file successfully
127.0.0.1 00hq.com removed from HOSTS file successfully
127.0.0.1 010402.com removed from HOSTS file successfully
127.0.0.1 www.032439.com removed from HOSTS file successfully
127.0.0.1 032439.com removed from HOSTS file successfully
127.0.0.1 www.0scan.com removed from HOSTS file successfully
127.0.0.1 0scan.com removed from HOSTS file successfully
127.0.0.1 1000gratisproben.com removed from HOSTS file successfully
127.0.0.1 1001namen.com removed from HOSTS file successfully
127.0.0.1 100888290cs.com removed from HOSTS file successfully
127.0.0.1 www.100sexlinks.com removed from HOSTS file successfully
127.0.0.1 100sexlinks.com removed from HOSTS file successfully
127.0.0.1 10sek.com removed from HOSTS file successfully
127.0.0.1 www.1-2005-search.com removed from HOSTS file successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ deleted successfully.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk deleted successfully.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
========== FILES ==========
C:\WINDOWS\System32\~.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5189.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP1C65.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPDC4A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPDFC3.tmp folder moved successfully.
C:\WINDOWS\Installer\MSIE610.tmp moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RACA370.tmp moved successfully.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder c:\windows\Tasks\*.job not found.
C:\Windows\VDLL.DLL folder moved successfully.
C:\Windows\SysWow64\runouce.exe folder moved successfully.
C:\ProgramData\nvModes.dat moved successfully.
C:\Windows\tasks\SA.DAT moved successfully.
C:\Windows\bthservsdp.dat moved successfully.
C:\Users\ALARMA\Documents\pinfect.zip moved successfully.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.new scheduled to be moved on reboot.
C:\Windows\SysWow64\Dvbpws.dll moved successfully.
c:\Users\ALARMA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.20100505-125950.backup scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.20100429-130135.backup scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.20100422-092213.backup scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.20100416-153333.backup scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.20100412-085651.backup scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.20100406-222634.backup scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.20100325-221949.backup scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.20100319-222519.backup scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.20100305-141030.backup scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.20100228-190538.backup scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.20100222-084500.backup scheduled to be moved on reboot.
File\Folder C:\Windows\SysWow64\*.tmp not found.
File move failed. C:\Windows\SysNative\SETD665.tmp scheduled to be moved on reboot.
C:\ProgramData\SPLA776.tmp moved successfully.
C:\Windows\GSetup.ini moved successfully.
File\Folder C:\Windows\system32\*.tmp not found.
========== REGISTRY ==========
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: ALARMA
->Temp folder emptied: 172 bytes
->Temporary Internet Files folder emptied: 5611739 bytes
->Java cache emptied: 8486616 bytes
->FireFox cache emptied: 43910265 bytes
->Flash cache emptied: 992961 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 84 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 81616 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26294 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 56,00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05122010_110604

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\drivers\etc\hosts.new scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.20100505-125950.backup scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.20100429-130135.backup scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.20100422-092213.backup scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.20100416-153333.backup scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.20100412-085651.backup scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.20100406-222634.backup scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.20100325-221949.backup scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.20100319-222519.backup scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.20100305-141030.backup scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.20100228-190538.backup scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.20100222-084500.backup scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETD665.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KI4YVDBH\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K8Z8NP8D\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K82YF037\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWA0T88Y\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

a ty odkazy....
http://www.virustotal.com/cs/analisis/4 ... 1273656350
http://www.virustotal.com/cs/analisis/0 ... 1273656213
http://www.virustotal.com/cs/analisis/6 ... 1273656430

[jaro3]

Poklepej znovu na ikonu OTL by OldTimer, pod Custom Scans/Fixes vlož následující text , zeleně zbarvený:

Kód: Vybrat vše

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

Neměň nastavení, jen klikni na Run Scan, nech sken dokončit. Až se se objeví textový soubor , tak sem vlož prosím jeho celý obsah.

[Alarma]

OTL logfile created on: 12.5.2010 14:10:57 - Run 4
OTL by OldTimer - Version 3.2.4.1 Folder = D:\Install\Antiviry, čističe
64bit-Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 78,00% Memory free
19,00 Gb Paging File | 18,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): d:\pagefile.sys 12000 12000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 24,41 Gb Total Space | 2,83 Gb Free Space | 11,60% Space Free | Partition Type: NTFS
Drive D: | 124,63 Gb Total Space | 3,08 Gb Free Space | 2,47% Space Free | Partition Type: NTFS
Drive E: | 4,18 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALARMA-PC
Current User Name: ALARMA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - D:\Install\Antiviry, čističe\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Winamp 5\winamp.exe (Nullsoft)
PRC - C:\Program Files (x86)\Aston\Aston.exe (Gladiators Software)
PRC - C:\Program Files (x86)\GIGABYTE\GEST\gest.exe ()
PRC - C:\Program Files (x86)\GIGABYTE\GEST\GSvr.exe ()
PRC - C:\Program Files (x86)\WinFast PVR2\WFDTV\DVBTAP.exe (Leadtek Research Inc.)
PRC - C:\Program Files (x86)\WinFast PVR2\WFDTV\DTVSchdl.exe (Leadtek Research Inc.)
PRC - C:\Program Files (x86)\WinFast PVR2\WFDTV\WFWIZ.exe (Leadtek Research Inc.)
PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files (x86)\totalcmd\TOTALCMD.EXE (C. Ghisler & Co.)
PRC - C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files (x86)\Aston\XP\internat.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - D:\Install\Antiviry, čističe\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Aston\aHook.dll ()
MOD - C:\Program Files (x86)\Aston\XP\indicdll.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV:64bit: - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV:64bit: - (lxdn_device) -- C:\Windows\SysNative\lxdncoms.exe ()
SRV:64bit: - (lxdnCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdnserv.exe ()
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe ()
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll ()
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll ()
SRV:64bit: - (Fax) -- C:\Windows\SysNative\fxssvc.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (BthServ) -- C:\Windows\SysNative\bthserv.dll ()
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (lxdn_device) -- C:\Windows\SysWow64\lxdncoms.exe ( )
SRV - (GEST Service) -- C:\Program Files (x86)\GIGABYTE\GEST\GSvr.exe ()
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 15:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys ()
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\DRIVERS\aswMonFlt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys ()
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\DRIVERS\seehcri.sys ()
DRV:64bit: - (s916mgmt) Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\DRIVERS\s916mgmt.sys ()
DRV:64bit: - (s916mdm) -- C:\Windows\SysNative\DRIVERS\s916mdm.sys ()
DRV:64bit: - (s916bus) Sony Ericsson Device 916 driver (WDM) -- C:\Windows\SysNative\DRIVERS\s916bus.sys ()
DRV:64bit: - (s916mdfl) -- C:\Windows\SysNative\DRIVERS\s916mdfl.sys ()
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\DRIVERS\jraid.sys ()
DRV:64bit: - (CX88VID) -- C:\Windows\SysNative\drivers\cxavsvid.sys ()
DRV:64bit: - (P17) -- C:\Windows\SysNative\drivers\P17.sys ()
DRV:64bit: - (LUM) -- C:\Windows\SysNative\drivers\LUM.sys ()
DRV:64bit: - (WIBUKEY) -- C:\Windows\SysNative\DRIVERS\WibuKey64.sys ()
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys ()
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\DRIVERS\fvevol.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (BthPan) Zařízení Bluetooth (síť PAN) -- C:\Windows\SysNative\DRIVERS\bthpan.sys ()
DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\Drivers\BTHport.sys ()
DRV:64bit: - (usbvideo) Zobrazovací zařízení USB (WDM) -- C:\Windows\SysNative\Drivers\usbvideo.sys ()
DRV:64bit: - (RFCOMM) Zařízení Bluetooth (RFCOMM protokol TDI) -- C:\Windows\SysNative\DRIVERS\rfcomm.sys ()
DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\DRIVERS\BthEnum.sys ()
DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\Drivers\BTHUSB.sys ()
DRV:64bit: - (usbaudio) Ovladač zvuků USB (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys ()
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys ()
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys ()
DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys ()
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys ()
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys ()
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (CSC) -- C:\Windows\CSC [2008.09.11 11:31:13 | 000,000,000 | ---D | M]
DRV - (ET5Drv) -- C:\Windows\ET5Drv.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page =

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.centrum.cz"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0
FF - prefs.js..extensions.enabledItems: {24cc1362-11c6-4918-a2c0-b9ee5a563185}:2.5.2.13
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.3
FF - prefs.js..extensions.enabledItems: support@pdfcreator-toolbar.org:1.0
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.43

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009.11.25 21:45:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009.11.06 11:05:10 | 000,000,000 | ---D | M]

[2008.12.17 23:34:15 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Mozilla\Extensions
[2009.12.22 13:21:28 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Mozilla\Firefox\Profiles\hdswhmu6.default\extensions
[2009.12.22 13:21:28 | 000,000,000 | ---D | M] (ArchiBar Toolbar) -- C:\Users\ALARMA\AppData\Roaming\Mozilla\Firefox\Profiles\hdswhmu6.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185}
[2008.12.17 23:40:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALARMA\AppData\Roaming\Mozilla\Firefox\Profiles\hdswhmu6.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
[2008.12.17 23:40:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\ALARMA\AppData\Roaming\Mozilla\Firefox\Profiles\hdswhmu6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008.12.18 11:56:30 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\ALARMA\AppData\Roaming\Mozilla\Firefox\Profiles\hdswhmu6.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009.11.06 11:05:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2008.12.17 23:35:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2009.11.06 11:05:34 | 001,012,832 | ---- | M] (www.devalvr.com) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdevalvr.dll
[2008.03.31 21:06:24 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2008.03.31 21:06:24 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mall-cz.xml
[2008.01.27 11:57:20 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seznam-cz.xml
[2008.01.27 11:57:20 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2008.03.31 21:06:24 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.05.12 11:08:17 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Lexmark Panel nástrojů) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Panel nástrojů) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Panel nástrojů) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Panel nástrojů) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O4:64bit: - HKLM..\Run: [lxdnamon] C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe ()
O4:64bit: - HKLM..\Run: [lxdnmon.exe] C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [WinFast Schedule] C:\Program Files (x86)\WinFast PVR2\WFDTV\WFWIZ.exe (Leadtek Research Inc.)
O4 - HKLM..\Run: [WinFastDTV] C:\Program Files (x86)\WinFast PVR2\WFDTV\DTVSchdl.exe (Leadtek Research Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\ALARMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gest – zástupce.lnk = C:\Program Files (x86)\GIGABYTE\GEST\gest.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.81.64.34 88.81.92.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\PROGRA~2\Aston\aston.exe) - C:\Program Files (x86)\Aston\Aston.exe (Gladiators Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.05 10:53:54 | 000,000,252 | -H-- | M] () - D:\autoexec.bat -- [ NTFS ]
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2006.11.02 15:34:09 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll ()
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll ()
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll ()
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2006.11.02 15:34:13 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010.05.11 21:09:56 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2010.05.11 21:09:56 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE
[2010.05.11 21:09:56 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2010.05.11 21:09:56 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe
[2010.05.11 21:04:37 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2010.05.11 21:04:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld
[2010.05.11 21:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2010.05.03 17:59:22 | 000,000,000 | ---D | C] -- C:\Users\ALARMA\AppData\Roaming\PDF reDirect
[2010.05.02 12:17:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Skype
[2010.04.27 12:22:24 | 000,000,000 | ---D | C] -- C:\Users\ALARMA\Documents\My Digital Editions
[2010.04.07 13:23:59 | 000,000,000 | ---D | C] -- C:\Users\ALARMA\AppData\Roaming\Winamp
[2010.04.07 13:23:58 | 000,000,000 | ---D | C] -- C:\Users\ALARMA\AppData\Roaming\Winamp 5
[2010.04.07 13:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp 5
[2010.04.06 11:43:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webteh
[2010.03.30 15:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest Bluetooth SDK
[2010.03.22 11:47:13 | 000,000,000 | ---D | C] -- C:\Users\ALARMA\Desktop\PCS Diag
[2010.03.22 11:24:27 | 000,000,000 | ---D | C] -- C:\Users\ALARMA\Documents\Sony Ericsson
[2010.03.22 11:20:56 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeF0D5.dll
[2010.03.22 11:16:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avanquest update
[2010.03.22 11:16:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson
[2010.03.12 13:43:40 | 000,000,000 | ---D | C] -- C:\Users\ALARMA\Documents\Tiger Woods PGA TOUR 08
[2010.03.07 12:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Artlantis Studio 3.0.2
[2010.02.22 00:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Cabela's Outdoor Adventures Saves
[2008.12.24 23:16:24 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdninpa.dll
[2008.12.24 23:16:24 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdniesc.dll
[2008.12.24 23:16:23 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnpmui.dll
[2008.12.24 23:16:22 | 001,101,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnserv.dll
[2008.12.24 23:16:22 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnusb1.dll
[2008.12.24 23:16:22 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnlmpm.dll
[2008.12.24 23:16:22 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnprox.dll
[2008.12.24 23:16:21 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnhbn3.dll
[2008.12.24 23:16:21 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomm.dll
[2008.12.24 23:16:20 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomc.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010.05.12 14:10:21 | 007,602,176 | -HS- | M] () -- C:\Users\ALARMA\NTUSER.DAT
[2010.05.12 14:09:48 | 000,003,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.12 14:09:48 | 000,003,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.12 11:16:08 | 001,267,816 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.05.12 11:16:08 | 000,612,848 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.05.12 11:16:08 | 000,476,608 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2010.05.12 11:16:08 | 000,104,570 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.05.12 11:16:08 | 000,082,366 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2010.05.12 11:10:38 | 000,034,990 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.05.12 11:10:38 | 000,034,990 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.05.12 11:09:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.12 11:09:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.12 11:08:17 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.05.12 09:10:44 | 000,000,246 | ---- | M] () -- C:\Windows\win.ini
[2010.05.12 08:41:56 | 002,679,736 | -H-- | M] () -- C:\Users\ALARMA\AppData\Local\IconCache.db
[2010.05.12 00:00:33 | 000,393,117 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.new
[2010.05.11 21:09:55 | 000,000,054 | ---- | M] () -- C:\Windows\Lic.xxx
[2010.05.11 21:04:36 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2010.05.07 09:03:03 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.29 15:39:28 | 000,024,664 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.29 13:01:35 | 000,393,134 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100505-125950.backup
[2010.04.22 09:22:13 | 000,392,774 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100429-130135.backup
[2010.04.16 15:33:33 | 000,392,016 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100422-092213.backup
[2010.04.12 08:56:51 | 000,385,972 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100416-153333.backup
[2010.04.06 22:26:34 | 000,385,972 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100412-085651.backup
[2010.04.02 11:49:51 | 000,058,768 | ---- | M] () -- C:\Users\ALARMA\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.02 08:40:22 | 000,272,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.03.25 23:19:49 | 000,381,028 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100406-222634.backup
[2010.03.22 11:20:56 | 000,148,736 | ---- | M] (Avanquest Software) -- C:\ProgramData\hpeF0D5.dll
[2010.03.19 23:25:19 | 000,380,776 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100325-221949.backup
[2010.03.05 15:10:30 | 000,380,325 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100319-222519.backup
[2010.02.28 20:05:38 | 000,380,325 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100305-141030.backup
[2010.02.22 09:45:00 | 000,380,221 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100228-190538.backup
[2010.02.16 17:32:46 | 000,378,519 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100222-084500.backup
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.12 11:09:47 | 000,034,990 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.05.11 21:04:37 | 000,000,522 | ---- | C] () -- C:\Windows\SysWow64\Microsoft.VC80.CRT.manifest
[2010.03.22 11:20:52 | 000,034,032 | ---- | C] () -- C:\Windows\SysNative\drivers\seehcri.sys
[2010.01.09 00:27:40 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.11.29 19:54:33 | 000,000,026 | ---- | C] () -- C:\Windows\neosetup.INI
[2009.09.26 19:19:52 | 000,000,142 | ---- | C] () -- C:\Windows\WININIT.INI
[2009.08.07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.04.28 17:34:12 | 000,000,100 | ---- | C] () -- C:\Windows\WDLS.INI
[2009.03.10 10:37:53 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC.dll
[2009.01.25 18:13:09 | 000,000,307 | ---- | C] () -- C:\Windows\game.ini
[2008.12.24 23:16:24 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDNinst.dll
[2008.12.24 23:16:24 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdncomx.dll
[2008.12.24 23:16:23 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\lxdnjswr.dll
[2008.12.24 23:16:23 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxdninsr.dll
[2008.12.20 10:27:44 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2008.10.27 07:56:16 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.10.09 18:30:04 | 000,000,042 | ---- | C] () -- C:\Windows\AlchemyMindworksUpdateList.INI
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.09.18 19:32:59 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2008.09.14 15:57:57 | 001,286,366 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008.09.11 12:45:01 | 000,003,348 | ---- | C] () -- C:\Windows\SysWow64\ludap17.ini
[2008.09.11 12:45:01 | 000,000,078 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2008.09.11 12:44:50 | 000,105,472 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.dll
[2008.09.11 12:44:50 | 000,067,072 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.dll
[2008.06.05 09:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2007.11.21 02:02:39 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdndrs.dll
[2007.11.21 01:44:48 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdncaps.dll
[2007.10.03 00:51:09 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdncnv4.dll
[2007.06.07 13:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2007.04.09 09:42:00 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2007.03.20 17:23:56 | 000,001,669 | ---- | C] () -- C:\Windows\P17EP.ini
[2006.11.02 14:20:47 | 000,055,858 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 14:18:05 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2008.09.15 17:40:41 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Abvent
[2010.03.07 03:09:59 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Abvent_Artlantis2
[2010.04.27 17:47:05 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Abvent_Artlantis3
[2008.10.09 18:32:57 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Alchemy Mindworks
[2008.09.15 15:22:14 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Aston
[2010.04.16 11:59:36 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\BSplayer PRO
[2009.05.13 22:20:41 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\COWON
[2008.09.11 17:09:00 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\DAEMON Tools
[2009.03.01 00:58:45 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\DassaultSystemes
[2008.09.22 19:48:15 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\EBookSys
[2008.09.11 22:01:49 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\ESET
[2008.12.01 22:28:08 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\FlashGet
[2009.01.04 00:59:01 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\GHISLER
[2010.01.23 21:05:37 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Graphisoft
[2008.12.24 23:42:46 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Lexmark Productivity Studio
[2008.10.09 18:21:37 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\mioObjects
[2010.05.03 17:59:40 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\PDF reDirect
[2009.03.10 10:37:25 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\pdfMachine
[2010.01.29 11:24:43 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\PeerNetworking
[2008.10.09 17:15:31 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Planetside Software
[2008.10.01 20:03:49 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Sony
[2008.10.09 17:16:25 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\uk.co.planetside
[2010.05.11 22:48:54 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\uTorrent
[2009.11.20 23:58:34 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\VitySoft
[2008.11.16 00:18:07 | 000,000,000 | ---D | M] -- C:\Users\ALARMA\AppData\Roaming\Zoner
[2010.05.12 11:08:36 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: CNGAUDIT.DLL >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: NETLOGON.DLL >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\SysWOW64\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\SysWOW64\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll
[2006.11.02 13:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006.11.02 13:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\SysWOW64\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\SysWOW64\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

[jaro3]

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG či Avast, následně T-Cleaner smaž a zapni si AVG či Avast.


pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware, následně T-Cleaner smaž a zapni si zase antivir i antispyware.


Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page =
[2010.05.12 00:00:33 | 000,393,117 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.new
 [2010.04.29 13:01:35 | 000,393,134 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100505-125950.backup
[2010.04.22 09:22:13 | 000,392,774 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100429-130135.backup
[2010.04.16 15:33:33 | 000,392,016 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100422-092213.backup
[2010.04.12 08:56:51 | 000,385,972 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100416-153333.backup
[2010.04.06 22:26:34 | 000,385,972 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100412-085651.backup

:Files
C:\Windows\SysNative\drivers\etc\hosts.new
C:\Windows\SysNative\drivers\etc\hosts.20100505-125950.backup
C:\Windows\SysNative\drivers\etc\hosts.20100429-130135.backup
C:\Windows\SysNative\drivers\etc\hosts.20100422-092213.backup
C:\Windows\SysNative\drivers\etc\hosts.20100416-153333.backup
C:\Windows\SysNative\drivers\etc\hosts.20100412-085651.backup
C:\install.exe

:Reg
:Commands
[resethosts]
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

********************************************************************************************************************************************

Spusť F-Secure Online Scanner

Tento skener je možno použít jen v prohlížeči Internet Explorer (není již podmínkou)! Postupuj podle instrukcí na stránce F-Secure pro správnou instalaci. Akceptuj licenci. Po instalaci ActiveX, klikni na Full System Scan. Když stahování skončeno, automaticky začne sken . Vyčkej konce skenu, po jeho dobu neprováděj jiné operace ani neklikej myší. Když skončí sken klikni na tlačítko Automatic clearing (recommended). Poté klikni na tlačítko Show Report a zkopíruj a vlož sem .