XP internet security- hází varovné hlášky- prosím o kontrolu

Zpráva

Ecinazuz · #16 Příspěvek od **Ecinazuz** » 24 dub 2010 18:49

stále to jede...a log nikde....dáme mu šanci do 20.00 ?

Ecinazuz · #17 Příspěvek od **Ecinazuz** » 24 dub 2010 19:02

OK- dala jsem mu minutu navíc- a nic...zavřela jsem okno....co dál? /a provedla restart...nějak ztuhnul/

no- a je po ptákách.....při restartu naskočilo černé okno...s nápiem: systém nelze spustit, uvedený soubor je poškozen nebo nebyl nalezen:
windows\system32\config\system

tento systém můřete zkusit opravit spuštěním instalace systému windows pomocí orig. disku cd rom........opravu spustíte pomocí klácesy R na první obrazovce.....

CD sice mám, ale nevím co bude následovat......

Ecinazuz · #18 Příspěvek od **Ecinazuz** » 24 dub 2010 19:14

no- a je po ptákách.....při restartu naskočilo černé okno...s nápiem: systém nelze spustit, uvedený soubor je poškozen nebo nebyl nalezen:
windows\system32\config\system

tento systém můřete zkusit opravit spuštěním instalace systému windows pomocí orig. disku cd rom........opravu spustíte pomocí klácesy R na první obrazovce.....

CD sice mám, ale nevím co bude následovat......

Ecinazuz · #19 Příspěvek od **Ecinazuz** » 24 dub 2010 19:17

ok- počkám/jsem na noťasu:D /...jestli tohle zvládnem/tedy hlavně já

/....

Ecinazuz · #20 Příspěvek od **Ecinazuz** » 24 dub 2010 19:18

já nevím jestli je tam ta konzole pro zotavení.....mám před sebou stále tu černou obrazovku s infromací výše ;.).... OK pojedu podle varianty B

Ecinazuz · #21 Příspěvek od **Ecinazuz** » 24 dub 2010 19:50

no tak s tím asi nehnu-

....nejde mi to- už jsem se dostala i k instalaci, ale vždycky se mi to vrátí nějak zpět, že nelze spustit

.)...tak půjde asi PC do nemocnice....ještě zkusím syna, který se právě vrátil, aby to zkusil on....za chvíli na to koukne....
snažila jsem se postupovat podle návodu...ale nějak nevím kam napsat ten příkaz.....uffff/do prdele!/

ještě se ozvu- jak to vypadá

Ecinazuz · #22 Příspěvek od **Ecinazuz** » 24 dub 2010 19:58

ty jo!!!! mladej to spustil podle toho tvýho návodu- super!!!!!! já jsem lama

...

tak co dál ????

Ecinazuz · #23 Příspěvek od **Ecinazuz** » 24 dub 2010 20:04

OK- udělám. Díky za ten obrázek

...tam byla ta moje chyba.....
snad nevadí, že mi mladej aktivně hned spustil malwarebytes anti-malware- tak až to doskenuje- hodím sem taky výsledek a pak udělám to OTL.
ufff

Ecinazuz · #24 Příspěvek od **Ecinazuz** » 24 dub 2010 20:30

sken:
MŮŽU ODSTRANIT VŠE????

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3873
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24.4.2010 21:28:36
mbam-log-2010-04-24 (21-28-30).txt

Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 192566
Uplynulý čas: 26 minute(s), 55 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 1
Infikované datové položky registru: 3
Infikované adresáře: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> No action taken.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Documents and Settings\Admin\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.

Ecinazuz · #25 Příspěvek od **Ecinazuz** » 24 dub 2010 20:34

ok- smazáno-chtělo to restart... jdu na OTL

Ecinazuz · #26 Příspěvek od **Ecinazuz** » 24 dub 2010 20:45

sken OTL hotov- pochopila jsem správně , žemám ho ještě dát do toho gmeru? který otl- nebo extras?

OTL logfile created on: 24.4.2010 21:37:25 - Run 4
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Admin\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 155,24 Gb Total Space | 140,96 Gb Free Space | 90,80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 77,64 Gb Total Space | 37,64 Gb Free Space | 48,48% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-D958691FD9
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.24 18:16:08 | 000,224,768 | -HS- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ave.exe
PRC - [2010.04.24 15:46:15 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Plocha\OTL.exe
PRC - [2009.10.28 21:33:14 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.17 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007.12.21 08:21:16 | 000,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2007.12.21 08:21:06 | 001,443,072 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2007.05.11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe
PRC - [2007.05.11 02:08:54 | 002,512,392 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodtray.exe
PRC - [2007.03.30 13:05:32 | 001,024,512 | ---- | M] () -- C:\Program Files\GIGABYTE\VGA Utility Manager\Utility.exe
PRC - [2007.03.06 19:20:00 | 000,536,576 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2006.11.08 12:36:40 | 000,118,870 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2006.11.08 12:36:38 | 000,274,520 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2003.05.23 06:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2003.03.14 04:38:12 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe

========== Modules (SafeList) ==========

MOD - [2010.04.24 15:46:15 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Plocha\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009.10.28 21:33:14 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.10.28 21:33:13 | 000,360,192 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.09.10 12:35:45 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.12.11 14:31:36 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007.12.21 08:22:44 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2007.12.21 08:21:16 | 000,468,224 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2007.05.11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2006.11.08 12:36:40 | 000,118,870 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006.11.08 12:36:38 | 000,274,520 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2003.05.23 06:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)

========== Driver Services (SafeList) ==========

DRV - [2009.09.09 12:28:18 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008.04.14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.12.21 08:21:54 | 000,053,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2007.12.21 08:21:52 | 000,030,728 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2007.12.21 08:21:46 | 000,071,176 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2007.12.21 08:20:14 | 000,030,216 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2007.12.21 08:19:54 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007.07.18 13:26:04 | 004,547,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.05.11 00:03:00 | 006,738,432 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006.11.27 16:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.11.27 16:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.10.18 16:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006.06.18 23:59:28 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.10.15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2003.10.24 06:53:14 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [1997.12.23 03:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-583907252-162531612-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
IE - HKU\S-1-5-21-583907252-162531612-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-583907252-162531612-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.14 01:01:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.14 01:01:37 | 000,000,000 | ---D | M]

[2009.09.10 19:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Extensions
[2009.09.10 19:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\extensions
[2009.12.18 07:51:15 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icq-search.xml
[2010.02.19 23:05:21 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-1.xml
[2010.03.11 22:01:21 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-2.xml
[2010.03.23 10:04:16 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-3.xml
[2010.04.14 01:01:53 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-4.xml
[2008.03.31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin.gif
[2008.03.31 09:52:00 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin.src
[2010.01.08 19:55:19 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin.xml
[2010.04.21 19:59:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.09.10 19:04:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.03.11 22:01:11 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.03.11 22:01:11 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.03.11 22:01:11 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.03.11 22:01:11 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.03.11 22:01:11 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.04.24 18:56:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-583907252-162531612-682003330-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe (O&O Software GmbH)
O4 - Startup: C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění\GIGABYTE VGA Utility.lnk = C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-162531612-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-583907252-162531612-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-583907252-162531612-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-583907252-162531612-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.09 11:59:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = secfile] -- "C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ave.exe" /START "%1" %* ()
O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ave.exe" /START "%1" %* ()
O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ave.exe" /START "%1" %* ()
O37 - HKU\S-1-5-21-583907252-162531612-682003330-1004\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.09.09 13:42:16 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.at3 - C:\WINDOWS\System32\atrac3.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.hfyu - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745656140070912)

========== Files/Folders - Created Within 7 Days ==========

[2010.04.24 20:02:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.04.24 18:55:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.04.24 18:51:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.04.24 18:11:11 | 000,562,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Plocha\OTL.scr
[2010.04.24 16:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\avG
[2010.04.24 16:20:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.04.24 16:20:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.04.24 16:20:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.04.24 16:20:20 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.04.24 16:19:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.04.24 16:03:52 | 000,910,296 | ---- | C] (Mozilla Corporation) -- C:\Documents and Settings\Admin\Plocha\firefox.exe
[2010.04.24 15:45:55 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Plocha\OTL.exe
[2010.04.24 13:35:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2010.04.24 13:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\avG
[2010.04.24 13:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\avG
[2010.04.19 18:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Plocha\plány MŠ

========== Files - Modified Within 7 Days ==========

[2010.04.24 21:35:00 | 000,013,166 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\I6vNTV7g2h23
[2010.04.24 21:35:00 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\Úklid 1 kliknutím.job
[2010.04.24 21:34:46 | 000,002,545 | ---- | M] () -- C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění\GIGABYTE VGA Utility.lnk
[2010.04.24 21:34:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.24 21:34:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.24 21:34:39 | 000,611,557 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2010.04.24 21:34:04 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010.04.24 18:56:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.04.24 18:56:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.04.24 18:19:54 | 000,013,170 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\3413392581
[2010.04.24 18:19:54 | 000,013,170 | -HS- | M] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\3413392581
[2010.04.24 18:18:55 | 000,013,178 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\1891633005
[2010.04.24 18:18:55 | 000,013,178 | -HS- | M] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\1891633005
[2010.04.24 18:16:30 | 000,013,182 | -HS- | M] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\I6vNTV7g2h23
[2010.04.24 18:16:19 | 000,224,768 | -HS- | M] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\ave.exe
[2010.04.24 18:11:38 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Plocha\OTL.scr
[2010.04.24 16:32:39 | 000,002,561 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\Microsoft Office Word 2003.lnk
[2010.04.24 16:17:49 | 003,923,062 | R--- | M] () -- C:\Documents and Settings\Admin\Plocha\abraka.com
[2010.04.24 16:07:10 | 000,002,517 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\Microsoft Office Excel 2003.lnk
[2010.04.24 16:03:45 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Documents and Settings\Admin\Plocha\firefox.exe
[2010.04.24 15:46:15 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Plocha\OTL.exe
[2010.04.24 15:15:44 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.04.24 14:47:19 | 000,224,768 | -HS- | M] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\MSASCui.exe
[2010.04.24 14:47:19 | 000,224,768 | -HS- | M] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\av.exe
[2010.04.24 14:34:00 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\RSIT.exe
[2010.04.24 13:35:27 | 000,000,416 | ---- | M] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20100424_133515.reg
[2010.04.23 20:09:20 | 000,425,984 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\Část z manuálu do balíčku.doc
[2010.04.21 22:52:25 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20100421_225222.reg
[2010.04.21 17:19:40 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\V jedné chaloupce žila koza se svými kůzlátky.doc
[2010.04.21 17:19:26 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\Mustr priprava - Kopie.doc
[2010.04.21 16:39:19 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\Jaro budí zvířátka...a jejich mláďátka...2010.doc
[2010.04.20 23:28:23 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20100420_232820.reg
[2010.04.19 07:20:25 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\Admin\intlname.ols

========== Files Created - No Company Name ==========

[2010.04.24 16:32:40 | 000,013,170 | -HS- | C] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\3413392581
[2010.04.24 16:32:39 | 000,013,178 | -HS- | C] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\1891633005
[2010.04.24 16:32:39 | 000,013,170 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\3413392581
[2010.04.24 16:22:33 | 000,013,178 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\1891633005
[2010.04.24 16:20:26 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.04.24 16:20:23 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.04.24 16:20:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.04.24 16:20:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.04.24 16:20:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.04.24 16:17:27 | 003,923,062 | R--- | C] () -- C:\Documents and Settings\Admin\Plocha\abraka.com
[2010.04.24 15:00:30 | 000,013,166 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\I6vNTV7g2h23
[2010.04.24 15:00:29 | 000,224,768 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ave.exe
[2010.04.24 14:47:19 | 000,224,768 | -HS- | C] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\MSASCui.exe
[2010.04.24 14:47:19 | 000,224,768 | -HS- | C] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\ave.exe
[2010.04.24 14:47:19 | 000,224,768 | -HS- | C] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\av.exe
[2010.04.24 14:47:19 | 000,013,182 | -HS- | C] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\I6vNTV7g2h23
[2010.04.24 14:33:57 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Admin\Plocha\RSIT.exe
[2010.04.24 13:35:17 | 000,000,416 | ---- | C] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20100424_133515.reg
[2010.04.24 13:26:02 | 000,013,166 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\I6vNTV7g2h23
[2010.04.24 13:25:45 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Data aplikací\kcmdte.dat
[2010.04.23 20:09:20 | 000,425,984 | ---- | C] () -- C:\Documents and Settings\Admin\Plocha\Část z manuálu do balíčku.doc
[2010.04.21 22:52:23 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20100421_225222.reg
[2010.04.21 17:19:40 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Admin\Plocha\V jedné chaloupce žila koza se svými kůzlátky.doc
[2010.04.21 16:39:18 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Admin\Plocha\Jaro budí zvířátka...a jejich mláďátka...2010.doc
[2010.04.20 23:28:22 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20100420_232820.reg
[2009.11.20 17:40:06 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.11.11 15:41:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.10.12 21:03:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2009.09.10 16:54:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009.09.10 16:54:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009.09.10 16:53:08 | 000,000,213 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009.09.10 16:53:08 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009.09.09 15:44:56 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007.05.11 00:03:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.05.11 00:03:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.05.11 00:03:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.05.11 00:03:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.05.11 00:03:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007.02.26 23:24:20 | 000,220,672 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2007.02.26 23:22:42 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2007.02.26 23:22:36 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2007.02.26 23:22:34 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2007.02.26 23:22:30 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2007.02.26 23:22:24 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2007.02.26 23:22:14 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2007.02.26 23:22:04 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2007.02.26 23:21:46 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2007.02.26 23:21:38 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2007.02.26 23:21:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2007.02.12 21:21:22 | 003,426,304 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007.02.12 21:21:22 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007.02.12 21:21:22 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007.02.12 21:21:22 | 000,399,872 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007.02.12 21:21:22 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2007.02.12 21:21:22 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007.02.12 21:21:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007.02.12 21:21:22 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007.02.12 21:21:22 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007.02.12 21:21:22 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007.02.12 21:21:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007.02.12 21:21:22 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007.02.12 21:21:22 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007.02.12 21:21:22 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007.02.12 21:21:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007.02.12 21:21:22 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007.02.12 21:21:22 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007.02.12 21:21:22 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007.02.12 21:21:22 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007.01.30 07:03:40 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006.11.01 16:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006.11.01 16:52:38 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006.07.07 17:51:02 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll
[2006.03.21 21:13:33 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.05.18 00:18:30 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll

========== LOP Check ==========

[2009.09.09 15:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\BinarySense
[2009.12.13 16:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Canon
[2009.10.16 19:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\ESET
[2010.02.09 22:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\ICQ
[2009.10.28 21:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\TuneUp Software
[2010.03.26 22:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\VSO
[2010.04.24 13:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avG
[2009.11.21 12:19:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2010.03.30 19:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJ
[2009.11.21 12:23:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJMyPrinter
[2010.04.20 19:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
[2009.12.13 16:59:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJScan
[2009.11.21 12:23:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJSolutionMenu
[2009.10.16 19:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2009.09.10 19:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2009.09.30 22:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PCSettings
[2009.10.28 21:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
[2009.10.28 21:32:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
[2010.04.24 21:35:00 | 000,000,478 | ---- | M] () -- C:\WINDOWS\Tasks\Úklid 1 kliknutím.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Skype" = "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized -- [2010.03.09 10:02:14 | 026,100,520 | R--- | M] (Skype Technologies S.A.)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.10.11 12:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Adobe
[2009.09.09 15:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Ahead
[2009.09.09 15:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\BinarySense
[2009.09.10 16:56:37 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Admin\Data aplikací\Brother
[2009.12.13 16:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Canon
[2009.11.11 15:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\DivX
[2009.10.16 19:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\ESET
[2010.02.09 22:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\ICQ
[2009.09.09 12:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Identities
[2009.09.09 12:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\InstallShield
[2009.09.10 19:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Macromedia
[2009.10.14 13:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Malwarebytes
[2010.02.13 09:06:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Admin\Data aplikací\Microsoft
[2009.09.10 19:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Mozilla
[2010.04.24 21:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Skype
[2010.04.24 18:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\skypePM
[2009.09.10 12:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Symantec
[2009.10.28 21:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\TuneUp Software
[2010.03.26 22:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\VSO
[2009.10.05 22:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\WinRAR

< %APPDATA%\*.exe /s >
[2009.09.09 15:52:15 | 000,025,214 | R--- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{2EDC23E5-29FB-49D0-BF6D-F2D55EA25496}\_0F4BC114588B95640F7F3B.exe
[2009.09.09 15:52:15 | 000,025,214 | R--- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{2EDC23E5-29FB-49D0-BF6D-F2D55EA25496}\_3822ED5C6A689F7E906806.exe
[2009.09.09 15:52:15 | 000,025,214 | R--- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{2EDC23E5-29FB-49D0-BF6D-F2D55EA25496}\_6FEFF9B68218417F98F549.exe
[2009.09.09 15:52:15 | 000,062,526 | R--- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{2EDC23E5-29FB-49D0-BF6D-F2D55EA25496}\_A2BDAD1987E4FB1071BD84.exe
[2009.09.09 15:52:15 | 000,029,926 | R--- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{2EDC23E5-29FB-49D0-BF6D-F2D55EA25496}\_B3AF483CD1C894FD13F9F6.exe
[2010.02.18 17:19:08 | 000,000,766 | R--- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\ARPPRODUCTICON.exe
[2010.02.18 17:19:08 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
[2010.02.18 17:19:09 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\UNINST_Uninstall_VGA_D27BDB5D3B4C44F0A648BD00B0E79B39.exe
[2010.02.18 17:19:08 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe1_D27BDB5D3B4C44F0A648BD00B0E79B39.exe
[2010.02.18 17:19:09 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe
[2010.02.18 17:19:08 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe_D27BDB5D3B4C44F0A648BD00B0E79B39.exe

< MD5 for: AGP440.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 14:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATA.SYS >
[2006.10.18 16:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: SCECLI.DLL >
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 16:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 14:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.09.09 13:46:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.09.09 13:46:38 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.09.09 13:46:38 | 000,475,136 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.04.24 21:34:39 | 000,611,557 | ---- | M] () -- C:\WINDOWS\system32\oodbs.lor
< End of report >
***************************************************
*****************************************************

Ecinazuz · #27 Příspěvek od **Ecinazuz** » 24 dub 2010 20:46

extras

OTL Extras logfile created on: 24.4.2010 21:37:25 - Run 4
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Admin\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 155,24 Gb Total Space | 140,96 Gb Free Space | 90,80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 77,64 Gb Total Space | 37,64 Gb Free Space | 48,48% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-D958691FD9
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ave.exe ()

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ave.exe ()

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ave.exe ()

[HKEY_USERS\S-1-5-21-583907252-162531612-682003330-1004\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0901FCE8-5415-4499-BBC8-1AA106DD66E2}" = Adobe Setup
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EDC23E5-29FB-49D0-BF6D-F2D55EA25496}" = HDDlife
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.1.72
"{5178C1BB-1EB1-4468-894B-7DE964DDCAA2}" = Adobe Photoshop CS3
"{53480330-E1D1-41CA-B8F8-7F78644F7F50}" = O&O Defrag Professional Edition
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}" = Adobe Asset Services CS3
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91C0B95B-B83A-4828-A775-BBE2DD421029}" = Nero 7 Premium
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{A1350B64-1AF8-497B-AC07-307DF67FB8D4}" = ESET Smart Security
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{AC76BA86-7AD7-1029-7B44-A81200000003}" = Adobe Reader 8 - Czech
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}" = VGA Utility
"{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"3FA1705966809259F916AF817C59B4F389F4572C" = Balíček ovladače systému Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4977c84bcdc298c444ccfbdcccb660d" = Adobe Photoshop CS3
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 6.0.9
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Foxit PDF Editor" = Foxit PDF Editor
"HD Tune_is1" = HD Tune 2.50
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MV2Player" = MV2Player (remove only)
"NOD32 v3.x FiX 1.1 by TemDono_is1" = NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
"NVIDIA Drivers" = NVIDIA Drivers
"Registrace uživatele zařízení Canon MP630 series" = Registrace uživatele zařízení Canon MP630 series
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22.4.2010 19:46:32 | Computer Name = HOME-D958691FD9 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 23.4.2010 0:46:11 | Computer Name = HOME-D958691FD9 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 23.4.2010 10:32:55 | Computer Name = HOME-D958691FD9 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 23.4.2010 23:32:33 | Computer Name = HOME-D958691FD9 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 24.4.2010 1:42:43 | Computer Name = HOME-D958691FD9 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 24.4.2010 8:47:25 | Computer Name = HOME-D958691FD9 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 24.4.2010 8:48:40 | Computer Name = HOME-D958691FD9 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.2.3743, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 24.4.2010 10:21:59 | Computer Name = HOME-D958691FD9 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 24.4.2010 14:56:19 | Computer Name = HOME-D958691FD9 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 24.4.2010 15:34:50 | Computer Name = HOME-D958691FD9 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

[ System Events ]
Error - 24.4.2010 12:59:10 | Computer Name = HOME-D958691FD9 | Source = Service Control Manager | ID = 7000
Description = Služba Správce vzdáleného přístupu neuspěla při spuštění v důsledku
následující chyby: %%1053

Error - 24.4.2010 12:59:10 | Computer Name = HOME-D958691FD9 | Source = Service Control Manager | ID = 7011
Description = Vypršel časový limit (30000 milisekund) čekání na odezvu transakce
služby ShellHWDetection.

Error - 24.4.2010 12:59:10 | Computer Name = HOME-D958691FD9 | Source = Service Control Manager | ID = 7000
Description = Služba TVICHW32 neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 24.4.2010 12:59:18 | Computer Name = HOME-D958691FD9 | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

Error - 24.4.2010 14:56:18 | Computer Name = HOME-D958691FD9 | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 24.4.2010 14:56:31 | Computer Name = HOME-D958691FD9 | Source = Service Control Manager | ID = 7000
Description = Služba TVICHW32 neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 24.4.2010 14:56:31 | Computer Name = HOME-D958691FD9 | Source = Service Control Manager | ID = 7000
Description = Služba TVICHW32 neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 24.4.2010 15:34:55 | Computer Name = HOME-D958691FD9 | Source = sr | ID = 1
Description = Filtr nástroje Obnovení systému zjistil neočekávanou chybu 0xC0000001
při zpracování souboru na svazku HarddiskVolume1. Sledování svazku bylo ukončeno.

Error - 24.4.2010 15:34:59 | Computer Name = HOME-D958691FD9 | Source = Service Control Manager | ID = 7000
Description = Služba TVICHW32 neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 24.4.2010 15:34:59 | Computer Name = HOME-D958691FD9 | Source = Service Control Manager | ID = 7000
Description = Služba TVICHW32 neuspěla při spuštění v důsledku následující chyby:
%%2

[ TuneUp Events ]
Error - 14.1.2010 17:38:31 | Computer Name = HOME-D958691FD9 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-14 22:38:31', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','424',0)

Error - 14.1.2010 17:38:36 | Computer Name = HOME-D958691FD9 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-14 22:38:36', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2972',0)

Error - 14.1.2010 17:38:51 | Computer Name = HOME-D958691FD9 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-14 22:38:51', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2148',0)

Error - 14.1.2010 17:39:21 | Computer Name = HOME-D958691FD9 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-14 22:39:21', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2128',0)

Error - 31.1.2010 12:07:45 | Computer Name = HOME-D958691FD9 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-31 17:07:45', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2280',0)

Error - 8.2.2010 14:29:43 | Computer Name = HOME-D958691FD9 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-02-08 19:29:43', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2140',0)

Error - 8.2.2010 14:29:48 | Computer Name = HOME-D958691FD9 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-02-08 19:29:48', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','1496',0)

Error - 8.2.2010 14:30:13 | Computer Name = HOME-D958691FD9 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-02-08 19:30:13', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','1140',0)

Error - 16.3.2010 9:16:12 | Computer Name = HOME-D958691FD9 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-03-16 14:16:12', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2920',0)

Error - 29.3.2010 15:50:35 | Computer Name = HOME-D958691FD9 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-03-29 21:50:35', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2408',0)

< End of report >

Ecinazuz · #28 Příspěvek od **Ecinazuz** » 24 dub 2010 20:55

test z virus total /ještě že je mladej doma a radí

/

Soubor cdrom.sys přijatý 2010.04.24 19:50:56 (UTC)
Současný stav: Dokončeno
Výsledek: 0/40 (0.00%)
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.04.24 -
AhnLab-V3 5.0.0.2 2010.04.24 -
AntiVir 8.2.1.224 2010.04.23 -
Antiy-AVL 2.0.3.7 2010.04.23 -
Authentium 5.2.0.5 2010.04.24 -
Avast 4.8.1351.0 2010.04.24 -
Avast5 5.0.332.0 2010.04.24 -
AVG 9.0.0.787 2010.04.24 -
BitDefender 7.2 2010.04.24 -
CAT-QuickHeal 10.00 2010.04.23 -
ClamAV 0.96.0.3-git 2010.04.24 -
Comodo 4676 2010.04.24 -
DrWeb 5.0.2.03300 2010.04.24 -
eSafe 7.0.17.0 2010.04.22 -
eTrust-Vet 35.2.7448 2010.04.24 -
F-Prot 4.5.1.85 2010.04.24 -
F-Secure 9.0.15370.0 2010.04.24 -
Fortinet 4.0.14.0 2010.04.21 -
GData 21 2010.04.24 -
Ikarus T3.1.1.80.0 2010.04.24 -
Jiangmin 13.0.900 2010.04.24 -
Kaspersky 7.0.0.125 2010.04.24 -
McAfee 5.400.0.1158 2010.04.24 -
McAfee-GW-Edition 6.8.5 2010.04.23 -
Microsoft 1.5703 2010.04.24 -
NOD32 5057 2010.04.24 -
Norman 6.04.11 2010.04.24 -
nProtect 2010-04-24.01 2010.04.24 -
Panda 10.0.2.7 2010.04.24 -
PCTools 7.0.3.5 2010.04.24 -
Prevx 3.0 2010.04.24 -
Rising 22.44.05.04 2010.04.24 -
Sophos 4.53.0 2010.04.24 -
Sunbelt 6217 2010.04.24 -
Symantec 20091.2.0.41 2010.04.24 -
TheHacker 6.5.2.0.268 2010.04.23 -
TrendMicro 9.120.0.1004 2010.04.24 -
VBA32 3.12.12.4 2010.04.23 -
ViRobot 2010.4.24.2293 2010.04.24 -
VirusBuster 5.0.27.0 2010.04.24 -
Rozšiřující informace
File size: 62976 bytes
MD5 : 1f4260cc5b42272d71f79e570a27a4fe
SHA1 : a80d103eecfe831b93c01f092abcddae90bccd6f
SHA256: b51c2a3ed3c309953d0ea45869c8e464c10f2533dade9e0286af674979098d1d
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xD7F2
timedatestamp.....: 0x480253AD (Sun Apr 13 20:40:45 2008)
machinetype.......: 0x14C (Intel I386)

( 11 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0xB336 0xB380 6.47 5a32f306185e1a4ad2cd99f78fd68f95
.rdata 0xB700 0x7CA 0x800 4.59 b065c91fa7f5b699dfa951ee12c50867
.data 0xBF00 0x50 0x80 2.98 3af530f8b58513e653816241f3fd659b
PAGE 0xBF80 0x101B 0x1080 6.05 3a567203d8c32be151bb69e1e2d2b354
PAGEHIT2 0xD000 0x65 0x80 4.39 52e50ac51e6ac2a003e6f84d722e794d
PAGEHITA 0xD080 0x196 0x200 5.48 9e26e56d44e1e2d1516ae69518e050c9
PAGETOSH 0xD280 0x218 0x280 5.60 15796fdd18f07fbca32fce140b5edff7
PAGE 0xD500 0x110 0x180 1.81 b9ffcbab85ed2ab7cfe06001fcc62b34
INIT 0xD680 0xCDE 0xD00 5.64 281ca5d003b86f3af422b4ab89db87e2
.rsrc 0xE380 0x3D8 0x400 3.32 7e2d33ab3e6191db9c89c25eb49d0126
.reloc 0xE780 0xE40 0xE80 6.59 52696ee940c55b8f96b1d57bd654d493

( 3 imports )

> classpnp.sys: ClassGetVpb, ClassDisableMediaChangeDetection, ClassFindModePage, ClassSpinDownPowerHandler, ClassInitialize, ClassDeleteSrbLookasideList, ClassGetDriverExtension, ClassInitializeSrbLookasideList, ClassQueryTimeOutRegistryValue, ClassReadDriveCapacity, ClassInitializeMediaChangeDetection, ClassGetDeviceParameter, ClassSetDeviceParameter, ClassResetMediaChangeTimer, ClassScanForSpecial, ClassReleaseQueue, ClassBuildRequest, ClassSplitRequest, ClassClaimDevice, ClassCreateDeviceObject, ClassUpdateInformationInRegistry, ClassInterpretSenseInfo, ClassEnableMediaChangeDetection, ClassIoComplete, ClassSendSrbAsynchronous, ClassSendSrbSynchronous, ClassSendDeviceIoControlSynchronous, ClassAsynchronousCompletion, ClassSendStartUnit, ClassAcquireRemoveLockEx, ClassReleaseRemoveLock, ClassCompleteRequest, ClassDeviceControl
> hal.dll: KfRaiseIrql, KfAcquireSpinLock, KfReleaseSpinLock, KeGetCurrentIrql, KeRaiseIrqlToDpcLevel, KfLowerIrql
> ntoskrnl.exe: IoSetHardErrorOrVerifyDevice, _allshr, MmLockPagableDataSection, KeDelayExecutionThread, _allmul, IoSetDeviceInterfaceState, IoRegisterDeviceInterface, RtlGetVersion, KeInitializeSpinLock, MmUnlockPagableImageSection, RtlFreeUnicodeString, IoSetStartIoAttributes, strchr, memmove, _allshl, IoFreeWorkItem, IoReportTargetDeviceChangeAsynchronous, KeReleaseMutex, _aullshr, KeTickCount, ZwCreateKey, KeBugCheckEx, IoGetAttachedDeviceReference, ObfDereferenceObject, IoGetDriverObjectExtension, sprintf, IoAttachDeviceToDeviceStack, IoDeleteDevice, KeInitializeMutex, KeSetEvent, KeClearEvent, IoReuseIrp, KeInitializeEvent, IofCompleteRequest, KeEnterCriticalRegion, KeWaitForSingleObject, KeLeaveCriticalRegion, IoStartPacket, IoAllocateWorkItem, IoQueueWorkItem, RtlWriteRegistryValue, IoOpenDeviceRegistryKey, RtlQueryRegistryValues, ZwClose, swprintf, IoCreateSymbolicLink, IoDeleteSymbolicLink, IoAllocateIrp, IoAllocateMdl, MmBuildMdlForNonPagedPool, IoFreeMdl, IoFreeIrp, ExAllocatePoolWithTag, IoBuildAsynchronousFsdRequest, ExFreePoolWithTag, IofCallDriver, IoGetConfigurationInformation, IoWMIRegistrationControl, RtlInitUnicodeString, WmiQueryTraceInformation, WmiTraceMessage, IoAllocateDriverObjectExtension, IoStartNextPacket

( 0 exports )
TrID : File type identification
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 1536:WxY6E/OU1rQzm/P174HlqV17EjmwzYVmcsdR:Wj/U1rQ6F74HQV7YYVmcsdR
sigcheck: publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: SCSI CD-ROM Driver
original name: cdrom.sys
internal name: cdrom.sys
file version.: 5.1.2600.5512 (xpsp.080413-2108)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
packers (Kaspersky): PE_Patch
RDS : NSRL Reference Data Set
-

OK jdu na další.....spywaretols

Ecinazuz · #29 Příspěvek od **Ecinazuz** » 24 dub 2010 21:02

fixnuto toto:

DAFT Log saved on 2010-04-24 21:59:42
-----------------------------------------------------------------------
.chm - chm.file - shell\open\command - "%SYSTEMROOT%\hh.exe" %1

opraveno v OTL:
========== FILES ==========
File\Folder C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ave.exe not found.

OTL by OldTimer - Version 3.2.2.0 log created on 04242010_220510

Ecinazuz · #30 Příspěvek od **Ecinazuz** » 24 dub 2010 21:12

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-24 22:08:51
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\agayqfog.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

---- EOF - GMER 1.0.15 ----

tvoří se další sken- ten dlouhý...vidíš něco????

VIRY.CZ

XP internet security- hází varovné hlášky- prosím o kontrolu

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont