[HJT] log mého PC

CZechBoY · Příspěvekod **CZechBoY** » 24 kvě 2010 10:20

Zdravim,
jaro3 si chtěl log z HJT tak ho dávám sem do správné sekce ;-)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:28:59, on 24.5.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Fraps\fraps.exe
D:\Program Files\Skype\Phone\Skype.exe
F:\Programy(x86)\Desktop Sidebar\dsidebar.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
F:\Programy(x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
F:\Programy(x86)\Winamp\winamp.exe
F:\Programy(x86)\QIP Infium\infium.exe
F:\Programy(x86)\uTorrent\utorrent.exe
C:\Users\CZechBoY\Desktop\muj server\SERVER01.exe
F:\Programy(x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\CZechBoY\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - F:\Programy(x86)\Desktop Sidebar\sbhelp.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - (no file)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\CZechBoY\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - (no file)
O4 - HKLM\..\Run: [Ashampoo Core Tuner] "C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner\autostarter.exe"
O4 - HKLM\..\Run: [StartCCC] "F:\Programy(x86)\ATi CCC\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "F:\Programy(x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [uTorrent] "F:\Programy(x86)\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [SIDEBAR] "F:\Programy(x86)\Desktop Sidebar\dsidebar.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Programy(x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Infium] "F:\Programy(x86)\QIP Infium\infium.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://F:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - F:\Programy(x86)\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - F:\Programy(x86)\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B80841A-0029-48AD-87BC-AAB888D81B5D}: NameServer = 10.0.0.100,10.0.0.200
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B80841A-0029-48AD-87BC-AAB888D81B5D}: NameServer = 10.0.0.100,10.0.0.200
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B80841A-0029-48AD-87BC-AAB888D81B5D}: NameServer = 10.0.0.100,10.0.0.200
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: Ashampoo CoreTuner Helper Service (acthelper) - Ashampoo Development GmbH & Co. KG - C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner\ACTHelperService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - F:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - F:\Programy(x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O&O CleverCache - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - F:\Programy(x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 9130 bytes

Reklama

Příspěvekod **jaro3** » 24 kvě 2010 10:35

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\CZechBoY\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - (no file)
O3 - Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - (no file)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Koukám antivir nemáš...

Malwarebytes' Anti-Malware nic nenašel?

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

CZechBoY · Příspěvekod **CZechBoY** » 24 kvě 2010 14:01

jo MbAM našel nějakej bordel, já myslel že ho mám spuštěnýho, ale je vyplej :-)
jinak jedu bez AV, protože pak ten komp je celej pomalej a takhle to je lepší, já nelezenu na žádný zavirovaný stránky a čas od času sem hodim log :-))

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4137

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

24.5.2010 14:09:12
mbam-log-2010-05-24 (14-09-12).txt

Typ skenu: Rychlý sken
Skenované objekty: 123468
Uplynulý čas: 2 minuta(y), 53 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{elslya8v-88m1-43n6-x8e0-f006q1k0s15v} (Generic.Bot.H) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Users\CZechBoY\AppData\Roaming\Microsoft_KB73729795\update_dir72938749.exe (Generic.Bot.H) -> No action taken.

Příspěvekod **jaro3** » 24 kvě 2010 20:10

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit nový log z MbAM.

Pak můžeš smazat i tu složku:
C:\Users\CZechBoY\AppData\Roaming\Microsoft_KB73729795

Stáhni si OTH
na svojí plochu( pokud používáš Firefox , pravým klikni na OTH link a vyber uložit jako (Save as..).

Stáhni si OTL
na svojí plochu (pokud používáš Firefox , pravým klikni na OTL link a vyber uložit jako (Save as..).

Stáhni si soubor Scan.txt
na svojí plochu (pokud používáš Firefox , pravým klikni na OTL link a vyber uložit jako (Save as..).

Poklepej na soubor OTH na ploše , po spuštění programu klikni na Kill All Processes.Poté klikni na Start OTL .Poklepej Do prázdného okna pod Vlastní skenování /opravy ( Custom Scans box). Objeví se zpráva: Kliknutím na OK vyberete cestu k souboru, kliknutím na Zrušit zrušíte výběr.
Klikni na OK. Objeví se okno průzkumníku , zde klikneš na plochu a najdeš na ní soubor Scan.txt .Klikni na Otevřít.
Poté klikni na Rychle prohledat (Quick Scan). Neměň žádná jiná nastavení . Sken může trvat dlouho.
Kdy sken skončí , objeví se na ploše dva logy:
OTL.Txt a Extras.Txt , jsou uloženy ve stejném místě jako OTL.
Zkopíruj sem prosím celý obsah obou logů.

CZechBoY · Příspěvekod **CZechBoY** » 24 kvě 2010 20:16

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 4137

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

24.5.2010 20:24:52
mbam-log-2010-05-24 (20-24-52).txt

Typ skenu: Rychlý sken
Skenované objekty: 123725
Uplynulý čas: 2 minuta(y), 44 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{elslya8v-88m1-43n6-x8e0-f006q1k0s15v} (Generic.Bot.H) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Users\CZechBoY\AppData\Roaming\Microsoft_KB73729795\update_dir72938749.exe (Generic.Bot.H) -> Quarantined and deleted successfully.

takže ty OTL a OTH nebo co to je, u toho jednoho mi to vyhodilo error při skenu, to je zajmavý, u všeho mi to háže chyby

Příspěvekod **jaro3** » 24 kvě 2010 23:34

U toho OTL , klikni pravým a vyber Odstranit potíže s kompatibilitou.

CZechBoY · Příspěvekod **CZechBoY** » 25 kvě 2010 07:47

OTL logfile created on: 25.5.2010 7:51:07 - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\CZechBoY\Desktop
64bit-Windows XP Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 37,25 Gb Total Space | 8,85 Gb Free Space | 23,77% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 5,02 Gb Free Space | 25,72% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 32,50 Gb Free Space | 66,57% Space Free | Partition Type: NTFS
Drive F: | 164,51 Gb Total Space | 45,39 Gb Free Space | 27,59% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MNO
Current User Name: CZechBoY
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.05.24 20:26:42 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\CZechBoY\Desktop\OTL.exe
PRC - [2010.04.29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- F:\Programy(x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010.04.29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- F:\Programy(x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010.02.15 14:00:06 | 003,375,960 | ---- | M] (Ashampoo Development GmbH & Co. KG) -- C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner\ct.exe
PRC - [2010.02.11 14:01:40 | 005,150,504 | ---- | M] (TeamViewer GmbH) -- F:\Programy(x86)\TeamViewer\TeamViewer.exe
PRC - [2010.02.11 13:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- F:\Programy(x86)\TeamViewer\TeamViewer_Service.exe
PRC - [2010.01.14 00:45:58 | 001,552,736 | ---- | M] (Nullsoft, Inc.) -- F:\Programy(x86)\Winamp\winamp.exe
PRC - [2009.09.30 20:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2009.09.22 17:22:46 | 005,661,184 | ---- | M] (QIP) -- F:\Programy(x86)\QIP Infium\infium.exe
PRC - [2009.07.26 17:45:00 | 003,883,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009.01.29 19:37:34 | 001,105,026 | ---- | M] () -- C:\Users\CZechBoY\Desktop\muj server\SERVER01.exe
PRC - [2004.09.04 14:57:44 | 001,126,400 | ---- | M] (Idea2) -- F:\Programy(x86)\Desktop Sidebar\dsidebar.exe

========== Modules (SafeList) ==========

MOD - [2010.05.24 20:26:42 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\CZechBoY\Desktop\OTL.exe
MOD - [2010.02.01 18:22:48 | 000,171,552 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll
MOD - [2009.07.14 03:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll
MOD - [2009.07.14 03:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
MOD - [2009.07.14 03:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\thumbcache.dll
MOD - [2009.07.14 03:16:15 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\StructuredQuery.dll
MOD - [2009.07.14 03:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll
MOD - [2009.07.14 03:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll
MOD - [2009.07.14 03:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009.07.14 03:16:14 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SortServer2003Compat.dll
MOD - [2009.07.14 03:16:14 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shunimpl.dll
MOD - [2009.07.14 03:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SearchFolder.dll
MOD - [2009.07.14 03:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll
MOD - [2009.07.14 03:16:11 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll
MOD - [2009.07.14 03:16:03 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\networkexplorer.dll
MOD - [2009.07.14 03:15:42 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.dll
MOD - [2009.07.14 03:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll
MOD - [2009.07.14 03:15:28 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MOD - [2009.07.14 03:15:21 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fltLib.dll
MOD - [2009.07.14 03:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll
MOD - [2009.07.14 03:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009.07.14 03:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll
MOD - [2009.07.14 03:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\actxprxy.dll
MOD - [2009.07.14 03:14:52 | 000,211,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcXtrnal.dll
MOD - [2009.07.14 03:14:51 | 002,175,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcGenral.dll
MOD - [2009.07.14 03:14:51 | 000,559,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcLayers.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 03:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.03.03 06:12:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.02.01 18:22:48 | 001,083,144 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2009.10.30 23:20:42 | 000,843,592 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\CleverCache\ooccag.exe -- (O&O CleverCache)
SRV:64bit: - [2009.09.12 00:40:22 | 002,287,360 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV:64bit: - [2009.07.14 03:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009.07.14 03:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009.07.14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.07.14 03:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009.07.14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009.07.14 03:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009.07.14 03:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009.07.14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009.07.14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009.07.14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009.07.14 03:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009.07.14 03:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009.07.14 03:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009.07.14 03:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009.07.14 03:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009.07.14 03:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009.07.14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.07.14 03:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009.07.14 03:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009.07.14 03:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 03:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009.07.14 03:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009.07.14 03:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2007.11.07 10:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2010.04.29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Disabled | Running] -- F:\Programy(x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.03.30 11:16:14 | 001,823,112 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- F:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.03.18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010.03.18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.15 14:00:10 | 000,902,488 | ---- | M] (Ashampoo Development GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner\ACTHelperService.exe -- (acthelper)
SRV - [2010.02.11 13:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- F:\Programy(x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) Služba DTC (Distributed Transaction Coordinator)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:15:27 | 014,745,600 | -HS- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\\System\icm64.dll -- (wmcmgc)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.13 22:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010.04.29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | Disabled | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010.03.25 19:52:36 | 000,145,936 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010.03.03 06:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.03.03 06:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.03.03 05:07:32 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.02.18 21:35:20 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.01.28 16:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.01.07 12:35:10 | 000,081,584 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pctNdis64.sys -- (pctNDIS)
DRV:64bit: - [2009.12.28 02:53:56 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009.09.23 10:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,153,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009.07.14 03:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009.07.14 03:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009.07.14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009.07.14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009.07.14 03:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009.07.14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 03:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009.07.14 03:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009.07.14 03:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009.07.14 03:43:13 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009.07.14 02:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009.07.14 02:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009.07.14 02:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009.07.14 02:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009.07.14 02:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST) Protokol RMP (Reliable Multicast Protocol)
DRV:64bit: - [2009.07.14 02:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009.07.14 02:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009.07.14 02:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009.07.14 02:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009.07.14 02:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009.07.14 02:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009.07.14 02:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009.07.14 02:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009.07.14 02:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009.07.14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009.07.14 01:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009.07.14 01:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009.07.14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009.07.14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009.07.14 01:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009.07.14 01:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009.07.14 01:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009.07.14 01:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009.07.14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009.07.14 01:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009.06.30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.01 00:56:32 | 000,588,952 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV561V64.sys -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV:64bit: - [2009.02.17 19:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2008.01.19 02:10:30 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2010.05.08 23:09:00 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2010.05.08 23:08:49 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010.02.01 18:43:19 | 000,000,000 | ---D | M] [File_System | Boot | Running] -- C:\Windows\FltMgr -- (FltMgr)
DRV - [2009.12.23 20:03:43 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009.06.10 23:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009.06.10 23:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2009.02.17 15:33:14 | 000,089,256 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysWOW64\ElbyCDIO.dll -- (ElbyCDIO)
DRV - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 58 E7 A6 AF 85 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\CZechBoY\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: F:\Programy(x86)\Mozilla Firefox\components [2010.04.03 21:51:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: F:\Programy(x86)\Mozilla Firefox\plugins [2010.04.18 21:16:21 | 000,000,000 | ---D | M]

[2010.04.18 20:47:45 | 000,000,000 | ---D | M] -- C:\Users\CZechBoY\AppData\Roaming\Mozilla\Extensions
[2010.05.24 16:17:42 | 000,000,000 | ---D | M] -- C:\Users\CZechBoY\AppData\Roaming\Mozilla\Firefox\Profiles\d7h0cvez.default\extensions
[2010.04.18 18:47:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CZechBoY\AppData\Roaming\Mozilla\Firefox\Profiles\d7h0cvez.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
[2010.05.21 09:53:28 | 000,000,000 | ---D | M] -- C:\Users\CZechBoY\AppData\Roaming\Mozilla\Firefox\Profiles\d7h0cvez.default\extensions\firebug@software.joehewitt.com

O1 HOSTS File: ([2010.02.05 15:05:31 | 000,000,019 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Idea2 SidebarBrowserMonitor Class) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - F:\Programy(x86)\Desktop Sidebar\sbhelp.dll (Idea2)
O2 - BHO: (Pomocník pro přihlášení ke službě Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\CZechBoY\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Ashampoo Core Tuner] C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner\autostarter.exe (Ashampoo Development GmbH & Co. KG)
O4:64bit: - HKLM..\Run: [OOCCCTRL.EXE] C:\Program Files\OO Software\CleverCache\ooccctrl.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [Ashampoo Core Tuner] C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner\autostarter.exe (Ashampoo Development GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] F:\Programy(x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] F:\Programy(x86)\ATi CCC\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] F:\Programy(x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Infium] F:\Programy(x86)\QIP Infium\infium.exe (QIP)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SIDEBAR] F:\Programy(x86)\Desktop Sidebar\dsidebar.exe (Idea2)
O4 - HKCU..\Run: [uTorrent] F:\Programy(x86)\uTorrent\utorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-2B02V.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] F:\Programy(x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 1
O8:64bit: - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - F:\Programy(x86)\Microsoft Office 2003\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - F:\Programy(x86)\Microsoft Office 2003\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - F:\Programy(x86)\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra 'Tools' menuitem : Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - F:\Programy(x86)\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra Button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programy(x86)\Microsoft Office 2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/C ... 2363194444 (Update Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010.04.18 20:40:41 | 000,000,000 | -H-D | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.04.18 20:40:45 | 000,000,000 | -H-D | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.04.18 20:40:48 | 000,000,000 | -H-D | M] - E:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.04.18 20:40:52 | 000,000,000 | -H-D | M] - F:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{7a29aa2f-efed-11de-8991-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7a29aa2f-efed-11de-8991-806e6f6e6963}\Shell\AutoRun\command - "" = G:\RunGame.exe -- File not found
O34 - HKLM BootExecute: (OODBS) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: wmcmgc - C:\Program Files (x86)\Common Files\\System\icm64.dll ()
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010.05.24 20:26:41 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\CZechBoY\Desktop\OTL.exe
[2010.05.24 20:26:34 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\CZechBoY\Desktop\OTH.scr
[2010.05.24 20:18:42 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\AppData\Roaming\Audacity
[2010.05.24 14:42:01 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\AppData\Roaming\Jcx.Software
[2010.05.24 14:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.05.24 14:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Jcx.Software
[2010.05.24 08:33:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2010.05.24 08:33:05 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.13 18:39:47 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\Desktop\WebKit
[2010.05.13 17:30:12 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\Library
[2010.05.13 17:10:33 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\AppData\Roaming\Apple Computer
[2010.05.13 17:10:33 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\AppData\Local\Apple Computer
[2010.05.05 18:06:27 | 000,557,568 | ---- | C] (Ikysasoft s.r.l. uninominale) -- C:\Windows\SysWow64\B4FM.dll
[2010.04.20 20:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2010.04.20 07:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QS
[2010.04.19 14:00:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010.04.18 20:40:41 | 000,000,000 | -H-D | C] -- C:\Autorun.inf
[2010.04.18 20:07:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.04.18 20:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010.04.18 20:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2010.04.18 20:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2010.04.18 20:04:20 | 000,420,864 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2010.04.18 20:04:20 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2010.04.18 20:04:20 | 000,274,432 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2010.04.18 20:04:20 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2010.04.18 20:04:20 | 000,116,736 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\drivers\AtiHdmi.sys
[2010.04.18 20:04:20 | 000,055,296 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll
[2010.04.18 20:04:19 | 000,450,560 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2010.04.18 20:04:19 | 000,202,752 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2010.04.18 20:04:19 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2010.04.18 20:04:19 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2010.04.18 20:04:19 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2010.04.18 20:04:19 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010.04.18 15:17:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oodag
[2010.04.07 20:54:55 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\AppData\Local\NFS Underground 2
[2010.04.07 13:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\3DO Shared
[2010.04.07 13:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3DO
[2010.04.07 11:50:44 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\AppData\Roaming\skypePM
[2010.04.07 11:49:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.04.07 11:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.04.07 11:49:35 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2010.03.12 00:21:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMODO
[2010.03.09 22:54:13 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.03.09 21:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.03.08 08:50:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2010.03.02 21:24:56 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\AppData\Local\Apps
[2010.02.24 22:17:07 | 000,000,000 | ---D | C] -- C:\Users\CZechBoY\Desktop\Captcha
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010.05.25 07:52:22 | 004,718,592 | -HS- | M] () -- C:\Users\CZechBoY\NTUSER.DAT
[2010.05.25 07:43:51 | 000,005,259 | ---- | M] () -- C:\Windows\WINCMD.INI
[2010.05.24 20:42:33 | 000,017,615 | ---- | M] () -- C:\Users\CZechBoY\Desktop\otl-error.png
[2010.05.24 20:26:42 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\CZechBoY\Desktop\OTL.exe
[2010.05.24 20:26:34 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\CZechBoY\Desktop\OTH.scr
[2010.05.24 14:04:31 | 000,711,168 | ---- | M] () -- C:\Windows\is-2B02V.exe
[2010.05.24 14:04:31 | 000,012,364 | ---- | M] () -- C:\Windows\is-2B02V.msg
[2010.05.24 14:04:31 | 000,000,361 | ---- | M] () -- C:\Windows\is-2B02V.lst
[2010.05.24 09:01:16 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\GlaryOneClickOptimizer.job
[2010.05.24 08:32:39 | 000,824,681 | ---- | M] () -- C:\Users\CZechBoY\Desktop\RSIT.exe
[2010.05.24 08:28:45 | 000,525,824 | ---- | M] () -- C:\Users\CZechBoY\Desktop\dds.scr
[2010.05.20 17:16:54 | 000,108,458 | ---- | M] () -- C:\Users\CZechBoY\.recently-used.xbel
[2010.05.14 16:41:21 | 035,538,825 | ---- | M] () -- C:\Users\CZechBoY\Desktop\WebKit_kompr.rar
[2010.05.13 19:22:00 | 035,922,564 | ---- | M] () -- C:\Users\CZechBoY\Desktop\WebKit na 4.01.rar
[2010.05.13 19:03:18 | 000,024,576 | ---- | M] () -- C:\Users\CZechBoY\Desktop\brb.doc
[2010.05.13 15:53:36 | 000,000,372 | ---- | M] () -- C:\Users\CZechBoY\Desktop\hesla k Chmatjabko.rar
[2010.05.09 18:56:07 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.09 18:56:07 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.09 18:54:53 | 001,551,264 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.05.09 18:54:53 | 000,660,724 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2010.05.09 18:54:53 | 000,637,856 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.05.09 18:54:53 | 000,136,592 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2010.05.09 18:54:53 | 000,118,244 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.05.09 18:50:39 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010.05.09 18:50:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.09 18:50:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.09 18:50:34 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.09 18:50:33 | 000,059,371 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2010.05.08 23:09:00 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2010.05.08 23:09:00 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2010.05.07 17:34:52 | 001,529,726 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.05.05 16:39:36 | 000,673,280 | ---- | M] () -- C:\Windows\is-LPBG0.exe
[2010.05.05 16:39:36 | 000,012,255 | ---- | M] () -- C:\Windows\is-LPBG0.msg
[2010.05.05 16:39:36 | 000,000,166 | ---- | M] () -- C:\Windows\is-LPBG0.lst
[2010.05.03 16:44:52 | 000,035,376 | ---- | M] () -- C:\Users\CZechBoY\AppData\Roaming\SQLite3.dll
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.19 14:50:51 | 000,006,656 | ---- | M] () -- C:\Windows\SysWow64\lpcio.dll
[2010.04.18 19:23:08 | 000,014,844 | ---- | M] () -- C:\Windows\crpf_sdum.bin
[2010.04.18 19:23:08 | 000,013,116 | ---- | M] () -- C:\Windows\crpf.bin
[2010.04.18 18:56:33 | 000,044,517 | ---- | M] () -- C:\Users\CZechBoY\Documents\pinfect.zip
[2010.04.18 18:50:32 | 000,000,054 | ---- | M] () -- C:\Windows\Lic.xxx
[2010.04.18 18:42:49 | 000,673,280 | ---- | M] () -- C:\Windows\is-4IFKK.exe
[2010.04.18 18:42:49 | 000,012,255 | ---- | M] () -- C:\Windows\is-4IFKK.msg
[2010.04.18 18:42:49 | 000,000,166 | ---- | M] () -- C:\Windows\is-4IFKK.lst
[2010.04.15 16:23:14 | 000,000,002 | ---- | M] () -- C:\vzhledy.ini
[2010.04.10 21:42:24 | 000,001,189 | ---- | M] () -- C:\Users\CZechBoY\AppData\Roaming\vso_ts_preview.xml
[2010.04.08 19:01:44 | 001,376,145 | ---- | M] () -- C:\Users\CZechBoY\Desktop\ikony_Win7.png
[2010.04.07 11:50:44 | 000,000,048 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.03.26 14:38:58 | 004,169,301 | ---- | M] () -- C:\Users\CZechBoY\Documents\FileZilla_3.3.2.1_win32-setup.exe
[2010.03.03 06:16:42 | 000,033,616 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2010.03.03 06:12:52 | 000,450,560 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2010.03.03 06:12:12 | 000,202,752 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2010.03.03 06:10:34 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2010.03.03 06:10:12 | 000,420,864 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2010.03.03 06:10:04 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2010.03.03 06:09:48 | 000,274,432 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2010.03.03 06:09:40 | 000,012,288 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2010.03.03 06:09:34 | 000,059,392 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2010.03.03 06:09:28 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2010.03.03 05:29:44 | 000,511,072 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2010.03.03 05:24:00 | 000,511,072 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2010.03.03 05:23:52 | 000,055,296 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll
[2010.03.02 22:57:10 | 000,020,692 | ---- | M] () -- C:\Windows\atiogl.xml
[2010.02.27 03:00:34 | 000,029,203 | ---- | M] () -- C:\Users\CZechBoY\Desktop\def.png
[2010.02.25 21:55:46 | 000,201,875 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat
[2010.02.25 21:36:42 | 000,000,317 | ---- | M] () -- C:\Windows\WpePro_0delay.INI
[2010.02.24 17:56:19 | 000,030,087 | ---- | M] () -- C:\Users\CZechBoY\Desktop\dj-kartin.cekuj.net-náhled.JPG
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.24 20:42:33 | 000,017,615 | ---- | C] () -- C:\Users\CZechBoY\Desktop\otl-error.png
[2010.05.24 14:04:31 | 000,711,168 | ---- | C] () -- C:\Windows\is-2B02V.exe
[2010.05.24 14:04:31 | 000,012,364 | ---- | C] () -- C:\Windows\is-2B02V.msg
[2010.05.24 14:04:31 | 000,000,361 | ---- | C] () -- C:\Windows\is-2B02V.lst
[2010.05.24 08:32:39 | 000,824,681 | ---- | C] () -- C:\Users\CZechBoY\Desktop\RSIT.exe
[2010.05.24 08:28:45 | 000,525,824 | ---- | C] () -- C:\Users\CZechBoY\Desktop\dds.scr
[2010.05.20 17:16:54 | 000,108,458 | ---- | C] () -- C:\Users\CZechBoY\.recently-used.xbel
[2010.05.14 16:40:20 | 035,538,825 | ---- | C] () -- C:\Users\CZechBoY\Desktop\WebKit_kompr.rar
[2010.05.13 19:21:20 | 035,922,564 | ---- | C] () -- C:\Users\CZechBoY\Desktop\WebKit na 4.01.rar
[2010.05.13 19:01:16 | 000,024,576 | ---- | C] () -- C:\Users\CZechBoY\Desktop\brb.doc
[2010.05.13 15:53:36 | 000,000,372 | ---- | C] () -- C:\Users\CZechBoY\Desktop\hesla k Chmatjabko.rar
[2010.05.05 16:39:36 | 000,673,280 | ---- | C] () -- C:\Windows\is-LPBG0.exe
[2010.05.05 16:39:36 | 000,012,255 | ---- | C] () -- C:\Windows\is-LPBG0.msg
[2010.05.05 16:39:36 | 000,000,166 | ---- | C] () -- C:\Windows\is-LPBG0.lst
[2010.05.03 16:44:52 | 000,035,376 | ---- | C] () -- C:\Users\CZechBoY\AppData\Roaming\SQLite3.dll
[2010.04.18 20:04:20 | 000,511,072 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2010.04.18 20:04:20 | 000,511,072 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2010.04.18 20:04:20 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.04.18 20:04:20 | 000,001,105 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2010.04.18 20:04:19 | 000,201,875 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2010.04.18 20:04:19 | 000,033,616 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2010.04.18 20:04:19 | 000,020,692 | ---- | C] () -- C:\Windows\atiogl.xml
[2010.04.18 19:23:07 | 000,014,844 | ---- | C] () -- C:\Windows\crpf_sdum.bin
[2010.04.18 19:23:07 | 000,013,116 | ---- | C] () -- C:\Windows\crpf.bin
[2010.04.18 18:43:02 | 000,000,390 | ---- | C] () -- C:\Windows\tasks\GlaryOneClickOptimizer.job
[2010.04.18 18:42:49 | 000,673,280 | ---- | C] () -- C:\Windows\is-4IFKK.exe
[2010.04.18 18:42:49 | 000,012,255 | ---- | C] () -- C:\Windows\is-4IFKK.msg
[2010.04.18 18:42:49 | 000,000,166 | ---- | C] () -- C:\Windows\is-4IFKK.lst
[2010.04.15 16:22:41 | 000,000,002 | ---- | C] () -- C:\vzhledy.ini
[2010.04.08 19:01:41 | 001,376,145 | ---- | C] () -- C:\Users\CZechBoY\Desktop\ikony_Win7.png
[2010.04.07 11:50:44 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.03.26 14:38:54 | 004,169,301 | ---- | C] () -- C:\Users\CZechBoY\Documents\FileZilla_3.3.2.1_win32-setup.exe
[2010.02.27 03:00:34 | 000,029,203 | ---- | C] () -- C:\Users\CZechBoY\Desktop\def.png
[2010.02.24 17:56:18 | 000,030,087 | ---- | C] () -- C:\Users\CZechBoY\Desktop\dj-kartin.cekuj.net-náhled.JPG
[2010.01.14 16:07:50 | 000,000,384 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.01.14 10:58:29 | 000,000,317 | ---- | C] () -- C:\Windows\WpePro_0delay.INI
[2010.01.07 20:31:57 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.12.29 02:25:58 | 001,529,726 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.12.27 19:59:47 | 000,000,406 | ---- | C] () -- C:\Windows\SysWow64\AutoClick.ini
[2009.12.24 01:56:16 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2009.12.23 20:37:01 | 000,005,259 | ---- | C] () -- C:\Windows\WINCMD.INI
[2009.12.23 20:18:01 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2009.12.23 20:10:50 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.14 01:16:42 | 000,006,656 | ---- | C] () -- C:\Windows\SysWow64\lpcio.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.01.05 16:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2003.04.09 16:38:04 | 000,005,664 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2010.05.25 07:48:44 | 000,000,000 | ---D | M] -- C:\Users\CZechBoY\AppData\Roaming\Audacity
[2010.01.07 19:37:02 | 000,000,000 | ---D | M] -- C:\Users\CZechBoY\AppData\Roaming\Canneverbe_Limited
[2010.02.03 14:32:11 | 000,000,000 | ---D | M] -- C:\Users\CZechBoY\AppData\Roaming\CheckPoint
[2010.02.27 01:43:12 | 000,000,000 | ---D | M] -- C:\Users\CZechBoY\AppData\Roaming\DAEMON Tools Lite
[2010.05.05 16:32:57 | 000,000,000 | ---D | M] -- C:\Users\CZechBoY\AppData\Roaming\Desktop Sidebar
[2010.05.24 21:41:10 | 000,000,000 | ---D | M] -- C:\Users\CZechBoY\AppData\Roaming\FileZilla
[2010.04.18 18:50:56 | 000,000,000 | ---D | M] -- C:\Users\CZechBoY\AppData\Roaming\GlarySoft
[2010.05.20 17:16:44 | 000,000,000 | ---D | M] -- C:\Users\CZechBoY\AppData\Roaming\gtk-2.0
[2010.05.24 14:42:01 | 000,000,000 | ---D | M] -- C:\Users\CZechBoY\AppData\Roaming\Jcx.Software
[2010.02.19 00:40:27 | 000,000,000 | ---D | M] -- C:\Users\CZechBoY\AppData\Roaming\NCH Swift Sound
[2009.12.23 20:24:47 | 000,000,000 | ---D | M] -- C:\Users\CZechBoY\AppData\Roaming\Opera
[2010.02.05 15:53:40 | 000,000,000 | ---D | M] -- C:\Users\CZechBoY\AppData\Roaming\Prevx
[2010.02.01 17:25:34 | 000,000,000 | ---D | M] -- C:\Users\CZechBoY\AppData\Roaming\SoftPerfect Personal Firewall
[2010.05.05 20:45:03 | 000,000,000 | ---D | M] -- C:\Users\CZechBoY\AppData\Roaming\TeamViewer
[2010.03.08 17:44:53 | 000,000,000 | ---D | M] -- C:\Users\CZechBoY\AppData\Roaming\Ubisoft
[2010.05.05 21:23:13 | 000,000,000 | ---D | M] -- C:\Users\CZechBoY\AppData\Roaming\uTorrent
[2010.04.10 21:42:26 | 000,000,000 | ---D | M] -- C:\Users\CZechBoY\AppData\Roaming\Vso
[2010.05.09 18:50:39 | 000,000,314 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2010.05.24 09:01:16 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\GlaryOneClickOptimizer.job
[2009.07.14 07:08:49 | 000,013,222 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009.12.24 03:50:03 | 000,000,003 | ---- | M] () -- C:\7Loader.TAG
[2009.12.23 20:14:14 | 000,000,087 | ---- | M] () -- C:\csb.log
[2010.05.09 18:50:34 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2010.01.12 20:34:37 | 000,000,851 | ---- | M] () -- C:\muj server.lnk
[2010.05.09 18:50:33 | 312,991,743 | -HS- | M] () -- C:\pagefile.sys
[2009.12.23 20:13:08 | 000,000,473 | ---- | M] () -- C:\RHDSetup.log
[2010.04.15 16:23:14 | 000,000,002 | ---- | M] () -- C:\vzhledy.ini

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:E9D197480E139C42
< End of report >

pak ten log vyhodim po tvé odpovědi, jestli nevadí...(myslím tady že ho smažu)

Příspěvekod **jaro3** » 25 kvě 2010 09:08

Máš tam COMODO firewall? Funkční?

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
DRV:64bit: - [2010.01.07 12:35:10 | 000,081,584 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pctNdis64.sys -- (pctNDIS)
DRV:64bit: - [2009.06.30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.startup.homepage: "about:blank"
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\CZechBoY\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/C ... 2363194444 (Update Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - AutoRun File - [2010.04.18 20:40:41 | 000,000,000 | -H-D | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.04.18 20:40:45 | 000,000,000 | -H-D | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.04.18 20:40:48 | 000,000,000 | -H-D | M] - E:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.04.18 20:40:52 | 000,000,000 | -H-D | M] - F:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{7a29aa2f-efed-11de-8991-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7a29aa2f-efed-11de-8991-806e6f6e6963}\Shell\AutoRun\command - "" = G:\RunGame.exe -- File not found
O34 - HKLM BootExecute: (OODBS) - File not found
@Alternate Data Stream - 24 bytes -> C:\Windows:E9D197480E139C42

:Files
C:\WINDOWS\System32\*.tmp /s
C:\WINDOWS\*.tmp /s
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
c:\windows\Tasks\*.job /s
C:\Autorun.inf
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
C:\Windows\tasks\SA.DAT
C:\Windows\SysWow64\ezsidmv.dat
C:\Windows\bdoscandellang.ini
C:\Windows\bdoscandel.exe

:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\Windows\is-2B02V.exe
C:\Windows\crpf_sdum.bin
C:\Windows\SysWow64\lpcio.dll
C:\Windows\crpf.bin
C:\Windows\is-4IFKK.exe
C:\Windows\is-LPBG0.exe

Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkazy na stránky s výsledky.

CZechBoY · Příspěvekod **CZechBoY** » 25 kvě 2010 09:34

to COmodo myslim nějak zlobili, nemohl jsem se vůbec hnout s myší atd. všechny FW tohle dělali tak jsem zůstal u defaultního od MS

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
Service pctNDIS stopped successfully!
Service pctNDIS deleted successfully!
C:\Windows\SysNative\drivers\pctNdis64.sys moved successfully.
Error: Unable to stop service pavboot!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pavboot deleted successfully.
C:\Windows\SysNative\drivers\pavboot64.sys moved successfully.
Prefs.js: "QIP Search" removed from browser.search.defaultenginename
Prefs.js: "about:blank" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
C:\Users\CZechBoY\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Privacy\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
C:\Windows\Downloaded Program Files\iuctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\0x00000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ deleted successfully.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\oledb\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}\ deleted successfully.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\0x00000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\oledb\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ deleted successfully.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ deleted successfully.
File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D9F03FA-7A94-11D3-BE81-0050048385D1}\ deleted successfully.
File {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap11\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505114-5902-49B2-880A-1F7738E5A384}\ deleted successfully.
File {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ deleted successfully.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807553E5-5146-11D5-A672-00B0D022E945}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
File not found.
File not found.
File not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a29aa2f-efed-11de-8991-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a29aa2f-efed-11de-8991-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a29aa2f-efed-11de-8991-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a29aa2f-efed-11de-8991-806e6f6e6963}\ not found.
File G:\RunGame.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:OODBS deleted successfully.
ADS C:\Windows:E9D197480E139C42 deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wltEA83.tmp moved successfully.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
c:\windows\Tasks\GlaryInitialize.job moved successfully.
c:\windows\Tasks\GlaryOneClickOptimizer.job moved successfully.
Folder move failed. C:\Autorun.inf scheduled to be moved on reboot.
Folder move failed. D:\Autorun.inf scheduled to be moved on reboot.
Folder move failed. E:\Autorun.inf scheduled to be moved on reboot.
Folder move failed. F:\Autorun.inf scheduled to be moved on reboot.
C:\Windows\tasks\SA.DAT moved successfully.
C:\Windows\SysWow64\ezsidmv.dat moved successfully.
C:\Windows\bdoscandellang.ini moved successfully.
C:\Windows\bdoscandel.exe moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: CZechBoY
->Temp folder emptied: 15918042 bytes
->Temporary Internet Files folder emptied: 5657946 bytes
->Java cache emptied: 14573903 bytes
->FireFox cache emptied: 32683070 bytes
->Flash cache emptied: 1051 bytes

User: Default
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50507 bytes
RecycleBin emptied: 38112 bytes

Total Files Cleaned = 66,00 mb

OTL by OldTimer - Version 3.2.5.0 log created on 05252010_094606

Files\Folders moved on Reboot...
C:\Autorun.inf folder moved successfully.
D:\Autorun.inf folder moved successfully.
E:\Autorun.inf folder moved successfully.
F:\Autorun.inf folder moved successfully.

Registry entries deleted on Reboot...

virusTotal
C:\Windows\is-2B02V.exe =nenalezen
C:\Windows\crpf_sdum.bin = čistý
C:\Windows\SysWow64\lpcio.dll = Antiy-AVL;2.0.3.7;2010.05.24;Trojan/Win32.Vapsup.gen;nProtect;2010-05-24.01;2010.05.24;Trojan/W32.Vapsup.6656
C:\Windows\crpf.bin = čistý
C:\Windows\is-4IFKK.exe = čistý
C:\Windows\is-LPBG0.exe = čistý

Příspěvekod **jaro3** » 25 kvě 2010 15:14

Takže měls tam zbytky Panda , BitDefender, odmažeme ještě COMODO a další..

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
DRV:64bit: - [2010.01.07 12:35:10 | 000,081,584 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pctNdis64.sys -- (pctNDIS)
DRV:64bit: - [2009.06.30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.startup.homepage: "about:blank"
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\CZechBoY\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/C ... 2363194444 (Update Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - AutoRun File - [2010.04.18 20:40:41 | 000,000,000 | -H-D | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.04.18 20:40:45 | 000,000,000 | -H-D | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.04.18 20:40:48 | 000,000,000 | -H-D | M] - E:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.04.18 20:40:52 | 000,000,000 | -H-D | M] - F:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{7a29aa2f-efed-11de-8991-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7a29aa2f-efed-11de-8991-806e6f6e6963}\Shell\AutoRun\command - "" = G:\RunGame.exe -- File not found
O34 - HKLM BootExecute: (OODBS) - File not found
@Alternate Data Stream - 24 bytes -> C:\Windows:E9D197480E139C42

:Files
C:\Windows\tasks\SA.DAT
C:\Windows\SysWow64\ezsidmv.dat
C:\Windows\bdoscandellang.ini
C:\Windows\bdoscandel.exe
C:\Windows\SysWow64\lpcio.dll
C:\Windows\is-2B02V.exe
C:\Windows\is-2B02V.msg
C:\Windows\is-2B02V.lst
C:\Windows\system32\guard64.dll
C:\Windows\SysNative\guard64.dll
C:\Windows\SysWOW64\guard32.dll
C:\Users\CZechBoY\AppData\Roaming\SoftPerfect Personal Firewall

:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\Windows\is-4IFKK.exe
Pokud už byl soubor testován-klikni na otestovat znovu.

Až skončí test všech antivirů, vlož sem pak odkaz na stránku s výsledky.

CZechBoY · Příspěvekod **CZechBoY** » 25 kvě 2010 16:08

hele ale ten soubor už jsem testoval přece, on se změní tim skenem nějak?

Příspěvekod **jaro3** » 25 kvě 2010 16:58

Ne , to je moje chyba , nevšiml jsem si , že už si to dával na VT.

Proveď ten script.

[HJT] log mého PC Vyřešeno

[HJT] log mého PC

Re: [HJT] log mého PC

Re: [HJT] log mého PC

Re: [HJT] log mého PC

Re: [HJT] log mého PC

Re: [HJT] log mého PC

Re: [HJT] log mého PC

Re: [HJT] log mého PC

Re: [HJT] log mého PC

Re: [HJT] log mého PC

Re: [HJT] log mého PC

Re: [HJT] log mého PC

Kdo je online