Zdravim, dostal jsem se k problemum s XP security tools , nejspise sledovanim simpsnu na nejakem ruskem webu ( snotri nebo tak ), mea maxima culpa...pak to zustalo zaple a nabihalo to stale apod., pak to zkrz registry prestalo spoustet exe soubory, ale nastesti chromium slo, nicmene pomalu, tak jsem to nejak poresil...
Hledal jsem co s tim ostatni a nemel jsem zaden antivir, jen cistim ccleanerem a davam si pozor. Pak jsem nainstaloval Avast ( zrejme blbost ) a neco malo tam poresil (myslim ze presun nebo del. cdrom.sys), proces jsem zrusil i odstranil z registru hledanim ave.exe, ALE:
1. nevim ale zdali jsem v nejakem pripade nesmazal cely radek, jen misto smazani cesty k haveti, projizdim to ted malwarebytes a neco jsem opravil.
(edit: tady me napada, ze jsem daval i import ze zalohy registru a mazal jsem to v registru znova, tak snad jsem to timto nasel a tak tam neni prazdny radek, ale kdovi)
2. nevim zdali se nenakazil i avast, jednou delal i test po restartu, neco nasel a winy mi nastesti nabehly, chci to odinstalovat...a otestovat necim poradnym...
3. Nez se do toho vrhnu, chtel bych udelat maximum pro to, abych neriskoval, ze se mi system nerozjede, nebo prehazi mbr tabulku apod., jak jsem take v souvislosti s ave cetl a setkal jsem se s tim pri posledni infekci pred rokem
Takze prosim o radu, ci pomoc, zatim se zda ze nejedou nektere prohlizece, ale to bude asi tim ze par svchostu padlo...
mbam po me zada restart take, ale predtim potrebuji udelat misto a pro jistotu zalohovat spoustu dat, hlavne vypalit fotky, ze...snad nekde nechybi to cdrom.sys, nebo jak to bylo O:l
Peace
edit: ccleaner ted hlasi ze neni program regedit.exe v system32, ale to byl ten spatny, ktary jsem presunul, nebo tam patri nejaky?
take se mi opet zmenilo v prog. po spusteni spustit regedit32, tak jsem dal zas NE, muzu to smazat?je tam toho vic a zakazoval jsem ty spatne, ted maj ano zrejme jen ty co maj...
chtel bych take odstranit soubory softwaru, neco je v tom ad. system32, neco jako security myslim apod., ale nevim presne a nechci aby pak neco chybelo...diky
Logfile of random's system information tool 1.06 (written by random/random)
Run by jaa at 2010-04-29 18:24:33
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 358 MB (7%) free of 5 GB
Total RAM: 1007 MB (40% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:55, on 29.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
F:\f\opera964int\opera964int\op.com
C:\DOCUME~1\jaa\LOCALS~1\Temp\opera\opcache4\temporary_download\RSIT.exe
C:\Program Files\trend micro\jaa.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.play.cz/listen/listen.php?sh ... &stype=MP3
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{137156CD-7D39-464F-9647-67F9F9AA6D48}: NameServer = 195.146.100.100,195.146.100.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{137156CD-7D39-464F-9647-67F9F9AA6D48}: NameServer = 195.146.100.100,195.146.100.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{137156CD-7D39-464F-9647-67F9F9AA6D48}: NameServer = 195.146.100.100,195.146.100.5
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 4235 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-22 41368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-22 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2003-04-06 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2003-04-06 114688]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-04-14 2790472]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-03-30 1086856]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-03-30 437584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe [2002-12-25 159744]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iasmapDraw]
C:\Documents and Settings\jaa\Local Settings\Data aplikací\iasmapDraw\iasmapDraw.dll, DllInit []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PmProxy]
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe [2003-02-28 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-22 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xmlie64]
C:\Documents and Settings\jaa\Local Settings\Data aplikací\xmlie64\xmlie64.dll [2010-04-28 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^RAMASST.lnk]
C:\WINDOWS\system32\RAMASST.exe [2003-03-14 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jaa^Nabídka Start^Programy^Po spuštění^srvaju32.exe]
C:\Documents and Settings\jaa\Nabídka Start\Programy\Po spuštění\srvaju32.exe []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-06 315392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE"="C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE:*:Enabled:Microsoft® Motocross Madness 2"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"F:\blobby\volley.exe"="F:\blobby\volley.exe:*:Enabled:volley"
"C:\QIP Infium JadrisPack\infium.exe"="C:\QIP Infium JadrisPack\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-04-29 18:24:34 ----D---- C:\Program Files\trend micro
2010-04-29 18:24:33 ----D---- C:\rsit
2010-04-28 20:02:31 ----D---- C:\Documents and Settings\jaa\Data aplikací\Malwarebytes
2010-04-28 20:02:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-04-28 20:02:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-28 13:45:21 ----D---- C:\WINDOWS\pss
2010-04-28 12:12:47 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-04-28 12:12:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-04-28 10:46:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\avG
======List of files/folders modified in the last 1 months======
2010-04-29 18:24:34 ----RD---- C:\Program Files
2010-04-29 18:24:16 ----D---- C:\WINDOWS\Prefetch
2010-04-29 18:14:00 ----D---- C:\WINDOWS\system32\drivers
2010-04-29 17:58:28 ----D---- C:\WINDOWS\Temp
2010-04-29 17:12:45 ----D---- C:\WINDOWS\system32
2010-04-29 16:59:23 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-04-28 19:07:44 ----D---- C:\WINDOWS\system32\config
2010-04-28 17:56:58 ----D---- C:\WINDOWS\Help
2010-04-28 15:39:52 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-28 15:38:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-28 15:34:46 ----D---- C:\WINDOWS
2010-04-28 12:17:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-28 12:13:10 ----SHD---- C:\WINDOWS\Installer
2010-04-28 12:13:08 ----D---- C:\WINDOWS\WinSxS
2010-04-28 12:13:05 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-04-28 12:12:19 ----D---- C:\Program Files\Alwil Software
2010-04-28 12:10:17 ----D---- C:\Documents and Settings\jaa\Data aplikací\vlc
2010-04-28 10:46:25 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-04-14 09:34:40 ----D---- C:\Documents and Settings\jaa\Data aplikací\Facebook
2010-04-14 05:11:47 ----D---- C:\UK Bass Radio - 128k
2010-04-13 02:54:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-04-14 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-04-14 162768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-04-14 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2003-01-31 90416]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-04-14 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-04-14 100432]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-23 113504]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-23 78752]
R3 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011; C:\WINDOWS\system32\drivers\wA301a.sys [2003-04-23 33335]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-01-10 98912]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2002-12-12 99577]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-04-14 23376]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-09-25 140800]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-04-23 90907]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-01-28 541376]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2009-07-28 9856]
S3 wlluc48;Wireless LAN PC Card Driver; C:\WINDOWS\system32\DRIVERS\wlluc48.sys [2004-08-04 154624]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2003-03-13 49152]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-22 152984]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
opravuji problemy po ave.exe, bojim se zatim restartu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
opravuji problemy po ave.exe, bojim se zatim restartu
Naposledy upravil(a) cestmir dne 29 dub 2010 18:25, celkem upraveno 1 x.
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: opravuji problemy po ave.exe, bojim se zatim restartu
Zdravím 
Mohl bych vidět log z MBAM (smazané položky) 
Příště nedoporučuji mazat v MBAM bez předchozí kontroly logu.
Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
Mohl bych vidět log z MBAM (smazané položky) Příště nedoporučuji mazat v MBAM bez předchozí kontroly logu. Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
- Spusťte, poté do spodního políčka vložte následující skript.
Kód: Vybrat vše
netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT - Označte položku Pro všechny uživatele.
- Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
- Po dokončení, sem vložte logy OTL.Txt a Extras.txt
Re: opravuji problemy po ave.exe, bojim se zatim restartu
Zdravim a diky za pomoc.
Kdyz jsem dal smazat, tak se problem sam opravi s bad na good, ne? par jsem jich tam radeji nechal a zmenil v regeditu rucne...
Prvni byl:Malwarebytes' Anti-Malware 1.45
http://www.malwarebytes.org
Verze databáze: 4051
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
29.4.2010 17:52:15
mbam-log-2010-04-29 (17-52-15).txt
Typ skenu: Úplný sken (C:\|)
Skenované objekty: 126828
Uplynulý čas: 22 minuta(y), 45 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 1
Infikované datové položky registru: 4
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> No action taken.
Infikované datové položky registru:
Zdravim a DIKY ZA POMOC.
Prvni je Malwarebytes' Anti-Malware 1.45
http://www.malwarebytes.org
Verze databáze: 4047
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
29.4.2010 16:58:27
mbam-log-2010-04-29 (16-58-27).txt
Typ skenu: Rychlý sken
Skenované objekty: 101262
Uplynulý čas: 7 minuta(y), 5 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 1
Infikované datové položky registru: 10
Infikované složky: 0
Infikované soubory: 5
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> No action taken.
Infikované datové položky registru:
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\CustomizeSearch (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\WINDOWS\system32\config\systemprofile\wuaucldt.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\jaa\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.
C:\Documents and Settings\jaa\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\wuaucldt.exe (Trojan.Agent) -> No action taken.
druhy
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Kdyz jsem dal smazat, tak se problem sam opravi s bad na good, ne? par jsem jich tam radeji nechal a zmenil v regeditu rucne...
Prvni byl:Malwarebytes' Anti-Malware 1.45
http://www.malwarebytes.org
Verze databáze: 4051
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
29.4.2010 17:52:15
mbam-log-2010-04-29 (17-52-15).txt
Typ skenu: Úplný sken (C:\|)
Skenované objekty: 126828
Uplynulý čas: 22 minuta(y), 45 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 1
Infikované datové položky registru: 4
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> No action taken.
Infikované datové položky registru:
Zdravim a DIKY ZA POMOC.
Prvni je Malwarebytes' Anti-Malware 1.45
http://www.malwarebytes.org
Verze databáze: 4047
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
29.4.2010 16:58:27
mbam-log-2010-04-29 (16-58-27).txt
Typ skenu: Rychlý sken
Skenované objekty: 101262
Uplynulý čas: 7 minuta(y), 5 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 1
Infikované datové položky registru: 10
Infikované složky: 0
Infikované soubory: 5
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> No action taken.
Infikované datové položky registru:
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\CustomizeSearch (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\WINDOWS\system32\config\systemprofile\wuaucldt.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\jaa\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.
C:\Documents and Settings\jaa\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\wuaucldt.exe (Trojan.Agent) -> No action taken.
druhy
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: opravuji problemy po ave.exe, bojim se zatim restartu
Vše, co našel MBAM můžete smazat. Poté dejte log z OTL.
Re: opravuji problemy po ave.exe, bojim se zatim restartu
btw ten cdrom.sys tu nemm, asi jej bude treba nahrat zpet, ze? jak poznam ten pravy? asi jsou stejne a je to z xp instal, nebo je to prepsane driverama k notebooku? diky
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: opravuji problemy po ave.exe, bojim se zatim restartu
Já Vám ho později obnovím. Čekám na log z OTL.
Re: opravuji problemy po ave.exe, bojim se zatim restartu
ted se koukam v cc ze se zas dalo Ano ve spusteni postartu, jak jeto s tim, co jsem psal vyse? regedit ma byt jen jeden v adr. windows, ne?
muzu zrusit proces otl, nezaskrt jsem to a jede...a cekame..
muzu zrusit proces otl, nezaskrt jsem to a jede...a cekame..
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: opravuji problemy po ave.exe, bojim se zatim restartu
V tomto umístění to je vir, smažu ho přes OTL. OTL nechte běžet.
Re: opravuji problemy po ave.exe, bojim se zatim restartu
jo a jeste, uz tu mam asi hodinku okno ze svchost ukoncil atd., ale nechci dat ok, aby se to nerestartovalo, jako nekdy, kdyz ten proces zrusim...snad to nema vliv, avast se zda ze jede, net pres operuusb taky...
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: opravuji problemy po ave.exe, bojim se zatim restartu
Na nic neklikejte, počkám na ten log z OTL.
Re: opravuji problemy po ave.exe, bojim se zatim restartu
zatim bez tech 3 zaskrtnuti:
OTL logfile created on: 29.4.2010 20:13:39 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\jaa\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 007.00 Mb Total Physical Memory | 308.00 Mb Available Physical Memory | 31.00% Memory free
913.00 Mb Paging File | 252.00 Mb Available in Paging File | 28.00% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 4.88 Gb Total Space | 0.39 Gb Free Space | 7.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 9.77 Gb Total Space | 0.19 Gb Free Space | 1.96% Space Free | Partition Type: NTFS
Drive F: | 22.61 Gb Total Space | 0.08 Gb Free Space | 0.34% Space Free | Partition Type: NTFS
Drive G: | 976.13 Mb Total Space | 12.16 Mb Free Space | 1.25% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JAA-640B4911AAE
Current User Name: jaa
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.04.29 20:11:18 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jaa\Plocha\OTL.exe
PRC - [2010.04.14 18:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.03.30 00:46:02 | 001,086,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009.05.26 14:25:07 | 000,099,328 | ---- | M] (Opera Software) -- F:\f\opera964int\opera964int\op.com
PRC - [2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003.03.13 13:44:22 | 000,049,152 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
========== Modules (SafeList) ==========
MOD - [2010.04.29 20:11:18 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jaa\Plocha\OTL.exe
MOD - [2004.08.17 15:48:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2003.03.13 13:44:22 | 000,049,152 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
========== Driver Services (SafeList) ==========
DRV - [2010.04.14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.04.14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.04.14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.04.14 18:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.04.14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.04.14 18:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009.07.28 13:37:43 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004.08.04 00:31:28 | 000,154,624 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2003.04.23 03:10:12 | 000,033,335 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wa301a.sys -- ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55})
DRV - [2003.01.31 10:45:56 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2002.12.12 17:41:48 | 000,099,577 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.Google.com
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.Google.com/
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.play.cz/listen/listen.php?sh ... &stype=MP3
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.Google.com/
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2001.10.25 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm File not found
O9 - Extra 'Tools' menuitem : StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\jaa\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jaa\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - Unable to open key or key not present!
O32 - AutoRun File - [2009.07.22 00:27:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2010.04.29 20:11:11 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jaa\Plocha\OTL.exe
[2010.04.29 18:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.29 18:24:33 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.29 17:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaa\Plocha\How to remove ave.exe (ave.exe Removal) Malware Help. Org_files
[2010.04.28 20:02:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaa\Data aplikací\Malwarebytes
[2010.04.28 20:02:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.28 20:02:15 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.28 20:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.04.28 20:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.04.28 17:34:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\xmlie64
[2010.04.28 13:45:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.04.28 12:13:34 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.04.28 12:13:34 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.04.28 12:13:33 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.04.28 12:13:31 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.04.28 12:13:29 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.04.28 12:13:29 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.04.28 12:13:29 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.04.28 12:12:47 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.04.28 12:12:47 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010.04.28 12:12:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.04.28 10:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\avG
[2010.04.28 10:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\avG
[2010.04.04 10:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaa\Plocha\DCIM
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.04.29 20:11:18 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jaa\Plocha\OTL.exe
[2010.04.29 19:51:05 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\jaa\ntuser.dat
[2010.04.29 18:40:06 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ncmtro.sys
[2010.04.29 18:14:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ncikh.sys
[2010.04.29 17:02:22 | 000,176,758 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\How to remove ave.exe (ave.exe Removal) Malware Help. Org.htm
[2010.04.29 16:59:23 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\opsxds.sys
[2010.04.28 20:02:21 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.04.28 17:56:04 | 000,001,074 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_175539.reg
[2010.04.28 17:40:53 | 000,001,142 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_174046.reg
[2010.04.28 17:37:01 | 000,009,994 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\sWj5YKqA
[2010.04.28 17:37:01 | 000,009,994 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\sWj5YKqA
[2010.04.28 17:34:58 | 000,221,184 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\ave.exe
[2010.04.28 17:13:12 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\ACDSee 6.0.lnk
[2010.04.28 16:37:48 | 000,009,392 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\Nae6FtA
[2010.04.28 16:37:48 | 000,009,392 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\Nae6FtA
[2010.04.28 15:39:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.28 15:39:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.28 15:38:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\jaa\ntuser.ini
[2010.04.28 15:38:27 | 005,852,574 | ---- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\IconCache.db
[2010.04.28 15:26:32 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_152626.reg
[2010.04.28 15:15:20 | 000,009,400 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\1211944673
[2010.04.28 15:15:20 | 000,009,400 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\1211944673
[2010.04.28 15:02:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.28 13:53:34 | 000,000,412 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_135329.reg
[2010.04.28 12:13:35 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2010.04.28 12:13:30 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.04.27 04:47:12 | 001,948,086 | ---- | M] () -- C:\WINDOWS\ACD Wallpaper.bmp
[2010.04.25 09:14:52 | 000,000,045 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\stodolni128[1].aac.m3u
[2010.04.22 20:28:10 | 000,085,993 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\r145.rtf
[2010.04.19 09:27:56 | 000,000,383 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\Radio Stodolní.url
[2010.04.19 08:12:22 | 000,010,841 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\eatgreens.jpg
[2010.04.19 07:16:35 | 000,029,778 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\image027.jpg
[2010.04.19 07:16:29 | 000,034,877 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\image026.jpg
[2010.04.19 03:20:35 | 000,000,198 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3-256-ogg.pls
[2010.04.19 03:19:10 | 000,000,563 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3-192.asx
[2010.04.19 03:17:35 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3_lowmp3.m3u
[2010.04.19 03:17:24 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3_high.mp3 (1).m3u
[2010.04.19 03:16:17 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3_high.mp3.m3u
[2010.04.14 18:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010.04.14 18:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.04.14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.04.14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.04.14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.04.14 18:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.04.14 18:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.04.14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.04.14 18:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.04.14 09:33:08 | 000,166,075 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX3_resize.jpg
[2010.04.14 09:33:07 | 000,112,375 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX2_resize.jpg
[2010.04.14 09:33:06 | 000,129,003 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX1_resize.jpg
[2010.04.14 09:30:26 | 000,853,305 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX1.jpg
[2010.04.14 09:29:51 | 000,767,429 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX2.jpg
[2010.04.14 09:29:06 | 001,093,022 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX3.jpg
[2010.04.14 09:23:12 | 000,250,880 | ---- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.13 02:54:41 | 000,921,922 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.13 02:54:41 | 000,393,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.13 02:54:41 | 000,390,672 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.04.13 02:54:41 | 000,069,024 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.04.13 02:54:41 | 000,058,988 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.07 10:52:33 | 000,005,008 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\ml.rtf
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.04.29 18:40:06 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ncmtro.sys
[2010.04.29 18:14:00 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ncikh.sys
[2010.04.29 17:02:19 | 000,176,758 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\How to remove ave.exe (ave.exe Removal) Malware Help. Org.htm
[2010.04.29 16:59:23 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\opsxds.sys
[2010.04.28 20:02:21 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.04.28 17:55:41 | 000,001,074 | ---- | C] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_175539.reg
[2010.04.28 17:40:47 | 000,001,142 | ---- | C] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_174046.reg
[2010.04.28 17:34:58 | 000,009,994 | -HS- | C] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\sWj5YKqA
[2010.04.28 17:34:58 | 000,009,994 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\sWj5YKqA
[2010.04.28 15:26:28 | 000,000,578 | ---- | C] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_152626.reg
[2010.04.28 15:15:20 | 000,009,400 | -HS- | C] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\1211944673
[2010.04.28 15:15:20 | 000,009,400 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\1211944673
[2010.04.28 13:53:33 | 000,000,412 | ---- | C] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_135329.reg
[2010.04.28 13:37:46 | 000,221,184 | -HS- | C] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\ave.exe
[2010.04.28 13:37:46 | 000,009,392 | -HS- | C] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\Nae6FtA
[2010.04.28 12:13:35 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2010.04.28 10:44:43 | 000,009,392 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\Nae6FtA
[2010.04.27 17:37:54 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Data aplikací\wzmjhy.dat
[2010.04.25 09:14:51 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\stodolni128[1].aac.m3u
[2010.04.22 20:28:10 | 000,085,993 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\r145.rtf
[2010.04.19 09:27:56 | 000,000,383 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\Radio Stodolní.url
[2010.04.19 08:12:22 | 000,010,841 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\eatgreens.jpg
[2010.04.19 07:16:34 | 000,029,778 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\image027.jpg
[2010.04.19 07:16:29 | 000,034,877 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\image026.jpg
[2010.04.19 03:20:35 | 000,000,198 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\cro3-256-ogg.pls
[2010.04.19 03:19:10 | 000,000,563 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\cro3-192.asx
[2010.04.19 03:17:35 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\cro3_lowmp3.m3u
[2010.04.19 03:17:23 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\cro3_high.mp3 (1).m3u
[2010.04.14 09:33:07 | 000,166,075 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\dubFX3_resize.jpg
[2010.04.14 09:33:06 | 000,112,375 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\dubFX2_resize.jpg
[2010.04.14 09:33:05 | 000,129,003 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\dubFX1_resize.jpg
[2010.04.14 09:30:23 | 000,853,305 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\dubFX1.jpg
[2010.04.14 09:29:51 | 000,767,429 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\dubFX2.jpg
[2010.04.14 09:29:06 | 001,093,022 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\dubFX3.jpg
[2010.04.07 10:52:33 | 000,005,008 | ---- | C] () -- C:\Documents and Settings\jaa\Dokumenty\ml.rtf
[2010.02.05 05:57:00 | 000,000,737 | ---- | C] () -- C:\WINDOWS\XMLEditor3.INI
[2009.09.30 18:22:46 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.07.22 07:03:13 | 000,000,042 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2009.07.22 01:14:30 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004.08.17 15:49:10 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004.07.17 11:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002.03.21 14:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[1999.08.12 00:00:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1999.08.12 00:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1999.08.12 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1999.08.12 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
========== LOP Check ==========
[2009.07.28 13:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
[2010.04.28 12:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.04.28 10:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avG
[2009.11.09 05:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Boss Media
[2009.10.05 20:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.08.24 21:33:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2009.07.28 14:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\ACD Systems
[2010.04.14 09:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Facebook
[2009.07.27 20:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Foxit
[2009.07.22 07:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Opera
[2009.07.23 03:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\streamripper
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
< c:\windows\*.* /U >
[3 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009.07.28 14:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\ACD Systems
[2009.07.22 03:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Adobe
[2010.03.20 23:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\dvdcss
[2010.04.14 09:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Facebook
[2009.07.27 20:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Foxit
[2009.07.23 00:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Help
[2009.07.22 00:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Identities
[2009.07.22 03:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Macromedia
[2010.04.28 20:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Malwarebytes
[2009.10.23 02:09:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\jaa\Data aplikací\Microsoft
[2009.07.22 07:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Opera
[2009.07.23 03:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\streamripper
[2009.07.22 22:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Sun
[2010.04.28 12:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\vlc
[2009.07.29 09:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Winamp
[2009.07.24 07:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\WinRAR
< %APPDATA%\*.exe /s >
[2010.04.14 09:34:44 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Documents and Settings\jaa\Data aplikací\Facebook\uninstall.exe
[2009.07.22 03:18:27 | 001,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\jaa\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: CDROM.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.03 22:59:08 | 000,081,280 | ---- | M] (Microsoft Corporation) MD5=4AF58CA3425F28FC5E3DB47DC122F722 -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2001.10.25 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\drivers\tcpip.sys
< MD5 for: USERINIT.EXE >
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009.07.22 02:12:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.07.22 02:12:05 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.07.22 02:12:05 | 000,450,560 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
[2010.04.29 20:25:29 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\ibgeg.sys
[2010.04.29 18:14:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\ncikh.sys
[2010.04.29 18:40:06 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\ncmtro.sys
[2010.04.29 16:59:23 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\opsxds.sys
< %systemroot%\system32\*.* /3 >
[2010.04.28 12:13:30 | 000,002,553 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2010.04.28 15:02:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\jaa\Plocha\Zobrazit plochu.scf:SummaryInformation
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:63238B95
< End of report >
OTL Extras logfile created on: 29.4.2010 20:13:39 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\jaa\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 007.00 Mb Total Physical Memory | 308.00 Mb Available Physical Memory | 31.00% Memory free
913.00 Mb Paging File | 252.00 Mb Available in Paging File | 28.00% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 4.88 Gb Total Space | 0.39 Gb Free Space | 7.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 9.77 Gb Total Space | 0.19 Gb Free Space | 1.96% Space Free | Partition Type: NTFS
Drive F: | 22.61 Gb Total Space | 0.08 Gb Free Space | 0.34% Space Free | Partition Type: NTFS
Drive G: | 976.13 Mb Total Space | 12.16 Mb Free Space | 1.25% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JAA-640B4911AAE
Current User Name: jaa
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE" = C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE:*:Enabled:Microsoft® Motocross Madness 2 -- (Rainbow Multimedia Group, Inc)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"F:\blobby\volley.exe" = F:\blobby\volley.exe:*:Enabled:volley -- ()
"C:\QIP Infium JadrisPack\infium.exe" = C:\QIP Infium JadrisPack\infium.exe:*:Enabled:QIP Infium -- (QIP)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Nástroj pro odesílání služby Windows Live
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38A0BB97-772D-422E-BCCA-4BA2A5D81F42}" = ACDSee 6.0 PowerPack
"{4196D960-68B0-4BEB-B312-3C1B4654068D}" = Handy Recovery 4.0
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device Driver
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner (remove only)
"Duplicate Cleaner_is1" = Duplicate Cleaner 1.4.3
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"Foxit Reader" = Foxit Reader
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Motocross Madness 2" = Microsoft Motocross Madness 2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PPTView97" = Microsoft PowerPoint Viewer 97
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"QIP Infium JadrisPack 2.4.5 (9030)" = QIP Infium JadrisPack 2.4.5 (9030)
"Reflex" = Reflex
"Streamripper" = Streamripper (Remove only)
"VLC media player" = VLC media player 1.0.0
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18.3.2010 17:33:31 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace gta_sa.exe, verze 0.0.0.0, chybující modul gta_sa.exe,
verze 0.0.0.0, adresa chyby 0x000c9a8f.
Error - 18.3.2010 17:38:25 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace gta_sa.exe, verze 0.0.0.0, chybující modul gta_sa.exe,
verze 0.0.0.0, adresa chyby 0x000c7dad.
Error - 18.3.2010 17:38:35 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace gta_sa.exe, verze 0.0.0.0, chybující modul gta_sa.exe,
verze 0.0.0.0, adresa chyby 0x000c9a8f.
Error - 22.3.2010 7:19:36 | Computer Name = JAA-640B4911AAE | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace XLVIEW.EXE, verze 11.0.6412.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 22.3.2010 9:56:01 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.2180, chybující modul
mshtml.dll, verze 6.0.2900.2180, adresa chyby 0x00067bea.
Error - 23.3.2010 12:38:36 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace opera.exe, verze 9.64.10487.0, chybující modul
opera.dll, verze 9.64.10487.0, adresa chyby 0x0014b76a.
Error - 23.3.2010 13:16:48 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace xmledi~1.exe, verze 3.0.2.1, chybující modul xmledi~1.exe,
verze 3.0.2.1, adresa chyby 0x000138ba.
Error - 23.3.2010 13:17:25 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace xmledi~1.exe, verze 3.0.2.1, chybující modul xmledi~1.exe,
verze 3.0.2.1, adresa chyby 0x000138ba.
Error - 23.3.2010 13:18:20 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace xmledi~1.exe, verze 3.0.2.1, chybující modul xmledi~1.exe,
verze 3.0.2.1, adresa chyby 0x000138ba.
Error - 23.3.2010 13:23:16 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace xmledi~1.exe, verze 3.0.2.1, chybující modul xmledi~1.exe,
verze 3.0.2.1, adresa chyby 0x000138ba.
[ System Events ]
Error - 28.4.2010 9:40:58 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7031
Description = Služba Zařazování tisku byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.
Error - 28.4.2010 9:44:47 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7023
Description = Služba Prohledávání počítačů byla ukončena s následující chybou: %%1460
Error - 28.4.2010 9:50:48 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7031
Description = Služba Zařazování tisku byla nečekaně ukončena. Stalo se to 2 krát.
Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.
Error - 28.4.2010 15:09:03 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7034
Description = Služba avast! Antivirus byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 28.4.2010 15:09:03 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7034
Description = Služba avast! Mail Scanner byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 28.4.2010 15:09:03 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7034
Description = Služba avast! Web Scanner byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 28.4.2010 15:15:07 | Computer Name = JAA-640B4911AAE | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)
Error - 28.4.2010 15:15:07 | Computer Name = JAA-640B4911AAE | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.
Error - 29.4.2010 8:05:20 | Computer Name = JAA-640B4911AAE | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)
Error - 29.4.2010 8:05:20 | Computer Name = JAA-640B4911AAE | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.
< End of report >
OTL logfile created on: 29.4.2010 20:13:39 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\jaa\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 007.00 Mb Total Physical Memory | 308.00 Mb Available Physical Memory | 31.00% Memory free
913.00 Mb Paging File | 252.00 Mb Available in Paging File | 28.00% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 4.88 Gb Total Space | 0.39 Gb Free Space | 7.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 9.77 Gb Total Space | 0.19 Gb Free Space | 1.96% Space Free | Partition Type: NTFS
Drive F: | 22.61 Gb Total Space | 0.08 Gb Free Space | 0.34% Space Free | Partition Type: NTFS
Drive G: | 976.13 Mb Total Space | 12.16 Mb Free Space | 1.25% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JAA-640B4911AAE
Current User Name: jaa
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.04.29 20:11:18 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jaa\Plocha\OTL.exe
PRC - [2010.04.14 18:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.03.30 00:46:02 | 001,086,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009.05.26 14:25:07 | 000,099,328 | ---- | M] (Opera Software) -- F:\f\opera964int\opera964int\op.com
PRC - [2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003.03.13 13:44:22 | 000,049,152 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
========== Modules (SafeList) ==========
MOD - [2010.04.29 20:11:18 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jaa\Plocha\OTL.exe
MOD - [2004.08.17 15:48:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2003.03.13 13:44:22 | 000,049,152 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
========== Driver Services (SafeList) ==========
DRV - [2010.04.14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.04.14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.04.14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.04.14 18:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.04.14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.04.14 18:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009.07.28 13:37:43 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004.08.04 00:31:28 | 000,154,624 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2003.04.23 03:10:12 | 000,033,335 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wa301a.sys -- ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55})
DRV - [2003.01.31 10:45:56 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2002.12.12 17:41:48 | 000,099,577 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.Google.com
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.Google.com/
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.play.cz/listen/listen.php?sh ... &stype=MP3
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.Google.com/
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2001.10.25 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm File not found
O9 - Extra 'Tools' menuitem : StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\jaa\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jaa\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - Unable to open key or key not present!
O32 - AutoRun File - [2009.07.22 00:27:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2010.04.29 20:11:11 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jaa\Plocha\OTL.exe
[2010.04.29 18:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.29 18:24:33 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.29 17:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaa\Plocha\How to remove ave.exe (ave.exe Removal) Malware Help. Org_files
[2010.04.28 20:02:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaa\Data aplikací\Malwarebytes
[2010.04.28 20:02:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.28 20:02:15 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.28 20:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.04.28 20:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.04.28 17:34:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\xmlie64
[2010.04.28 13:45:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.04.28 12:13:34 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.04.28 12:13:34 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.04.28 12:13:33 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.04.28 12:13:31 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.04.28 12:13:29 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.04.28 12:13:29 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.04.28 12:13:29 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.04.28 12:12:47 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.04.28 12:12:47 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010.04.28 12:12:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.04.28 10:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\avG
[2010.04.28 10:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\avG
[2010.04.04 10:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaa\Plocha\DCIM
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.04.29 20:11:18 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jaa\Plocha\OTL.exe
[2010.04.29 19:51:05 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\jaa\ntuser.dat
[2010.04.29 18:40:06 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ncmtro.sys
[2010.04.29 18:14:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ncikh.sys
[2010.04.29 17:02:22 | 000,176,758 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\How to remove ave.exe (ave.exe Removal) Malware Help. Org.htm
[2010.04.29 16:59:23 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\opsxds.sys
[2010.04.28 20:02:21 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.04.28 17:56:04 | 000,001,074 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_175539.reg
[2010.04.28 17:40:53 | 000,001,142 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_174046.reg
[2010.04.28 17:37:01 | 000,009,994 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\sWj5YKqA
[2010.04.28 17:37:01 | 000,009,994 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\sWj5YKqA
[2010.04.28 17:34:58 | 000,221,184 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\ave.exe
[2010.04.28 17:13:12 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\ACDSee 6.0.lnk
[2010.04.28 16:37:48 | 000,009,392 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\Nae6FtA
[2010.04.28 16:37:48 | 000,009,392 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\Nae6FtA
[2010.04.28 15:39:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.28 15:39:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.28 15:38:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\jaa\ntuser.ini
[2010.04.28 15:38:27 | 005,852,574 | ---- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\IconCache.db
[2010.04.28 15:26:32 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_152626.reg
[2010.04.28 15:15:20 | 000,009,400 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\1211944673
[2010.04.28 15:15:20 | 000,009,400 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\1211944673
[2010.04.28 15:02:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.28 13:53:34 | 000,000,412 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_135329.reg
[2010.04.28 12:13:35 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2010.04.28 12:13:30 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.04.27 04:47:12 | 001,948,086 | ---- | M] () -- C:\WINDOWS\ACD Wallpaper.bmp
[2010.04.25 09:14:52 | 000,000,045 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\stodolni128[1].aac.m3u
[2010.04.22 20:28:10 | 000,085,993 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\r145.rtf
[2010.04.19 09:27:56 | 000,000,383 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\Radio Stodolní.url
[2010.04.19 08:12:22 | 000,010,841 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\eatgreens.jpg
[2010.04.19 07:16:35 | 000,029,778 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\image027.jpg
[2010.04.19 07:16:29 | 000,034,877 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\image026.jpg
[2010.04.19 03:20:35 | 000,000,198 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3-256-ogg.pls
[2010.04.19 03:19:10 | 000,000,563 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3-192.asx
[2010.04.19 03:17:35 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3_lowmp3.m3u
[2010.04.19 03:17:24 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3_high.mp3 (1).m3u
[2010.04.19 03:16:17 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3_high.mp3.m3u
[2010.04.14 18:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010.04.14 18:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.04.14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.04.14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.04.14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.04.14 18:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.04.14 18:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.04.14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.04.14 18:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.04.14 09:33:08 | 000,166,075 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX3_resize.jpg
[2010.04.14 09:33:07 | 000,112,375 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX2_resize.jpg
[2010.04.14 09:33:06 | 000,129,003 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX1_resize.jpg
[2010.04.14 09:30:26 | 000,853,305 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX1.jpg
[2010.04.14 09:29:51 | 000,767,429 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX2.jpg
[2010.04.14 09:29:06 | 001,093,022 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX3.jpg
[2010.04.14 09:23:12 | 000,250,880 | ---- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.13 02:54:41 | 000,921,922 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.13 02:54:41 | 000,393,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.13 02:54:41 | 000,390,672 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.04.13 02:54:41 | 000,069,024 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.04.13 02:54:41 | 000,058,988 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.07 10:52:33 | 000,005,008 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\ml.rtf
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.04.29 18:40:06 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ncmtro.sys
[2010.04.29 18:14:00 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ncikh.sys
[2010.04.29 17:02:19 | 000,176,758 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\How to remove ave.exe (ave.exe Removal) Malware Help. Org.htm
[2010.04.29 16:59:23 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\opsxds.sys
[2010.04.28 20:02:21 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.04.28 17:55:41 | 000,001,074 | ---- | C] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_175539.reg
[2010.04.28 17:40:47 | 000,001,142 | ---- | C] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_174046.reg
[2010.04.28 17:34:58 | 000,009,994 | -HS- | C] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\sWj5YKqA
[2010.04.28 17:34:58 | 000,009,994 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\sWj5YKqA
[2010.04.28 15:26:28 | 000,000,578 | ---- | C] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_152626.reg
[2010.04.28 15:15:20 | 000,009,400 | -HS- | C] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\1211944673
[2010.04.28 15:15:20 | 000,009,400 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\1211944673
[2010.04.28 13:53:33 | 000,000,412 | ---- | C] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_135329.reg
[2010.04.28 13:37:46 | 000,221,184 | -HS- | C] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\ave.exe
[2010.04.28 13:37:46 | 000,009,392 | -HS- | C] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\Nae6FtA
[2010.04.28 12:13:35 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2010.04.28 10:44:43 | 000,009,392 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\Nae6FtA
[2010.04.27 17:37:54 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Data aplikací\wzmjhy.dat
[2010.04.25 09:14:51 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\stodolni128[1].aac.m3u
[2010.04.22 20:28:10 | 000,085,993 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\r145.rtf
[2010.04.19 09:27:56 | 000,000,383 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\Radio Stodolní.url
[2010.04.19 08:12:22 | 000,010,841 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\eatgreens.jpg
[2010.04.19 07:16:34 | 000,029,778 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\image027.jpg
[2010.04.19 07:16:29 | 000,034,877 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\image026.jpg
[2010.04.19 03:20:35 | 000,000,198 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\cro3-256-ogg.pls
[2010.04.19 03:19:10 | 000,000,563 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\cro3-192.asx
[2010.04.19 03:17:35 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\cro3_lowmp3.m3u
[2010.04.19 03:17:23 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\cro3_high.mp3 (1).m3u
[2010.04.14 09:33:07 | 000,166,075 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\dubFX3_resize.jpg
[2010.04.14 09:33:06 | 000,112,375 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\dubFX2_resize.jpg
[2010.04.14 09:33:05 | 000,129,003 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\dubFX1_resize.jpg
[2010.04.14 09:30:23 | 000,853,305 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\dubFX1.jpg
[2010.04.14 09:29:51 | 000,767,429 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\dubFX2.jpg
[2010.04.14 09:29:06 | 001,093,022 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\dubFX3.jpg
[2010.04.07 10:52:33 | 000,005,008 | ---- | C] () -- C:\Documents and Settings\jaa\Dokumenty\ml.rtf
[2010.02.05 05:57:00 | 000,000,737 | ---- | C] () -- C:\WINDOWS\XMLEditor3.INI
[2009.09.30 18:22:46 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.07.22 07:03:13 | 000,000,042 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2009.07.22 01:14:30 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004.08.17 15:49:10 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004.07.17 11:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002.03.21 14:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[1999.08.12 00:00:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1999.08.12 00:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1999.08.12 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1999.08.12 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
========== LOP Check ==========
[2009.07.28 13:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
[2010.04.28 12:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.04.28 10:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avG
[2009.11.09 05:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Boss Media
[2009.10.05 20:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.08.24 21:33:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2009.07.28 14:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\ACD Systems
[2010.04.14 09:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Facebook
[2009.07.27 20:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Foxit
[2009.07.22 07:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Opera
[2009.07.23 03:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\streamripper
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
< c:\windows\*.* /U >
[3 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009.07.28 14:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\ACD Systems
[2009.07.22 03:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Adobe
[2010.03.20 23:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\dvdcss
[2010.04.14 09:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Facebook
[2009.07.27 20:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Foxit
[2009.07.23 00:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Help
[2009.07.22 00:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Identities
[2009.07.22 03:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Macromedia
[2010.04.28 20:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Malwarebytes
[2009.10.23 02:09:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\jaa\Data aplikací\Microsoft
[2009.07.22 07:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Opera
[2009.07.23 03:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\streamripper
[2009.07.22 22:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Sun
[2010.04.28 12:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\vlc
[2009.07.29 09:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Winamp
[2009.07.24 07:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\WinRAR
< %APPDATA%\*.exe /s >
[2010.04.14 09:34:44 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Documents and Settings\jaa\Data aplikací\Facebook\uninstall.exe
[2009.07.22 03:18:27 | 001,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\jaa\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: CDROM.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.03 22:59:08 | 000,081,280 | ---- | M] (Microsoft Corporation) MD5=4AF58CA3425F28FC5E3DB47DC122F722 -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2001.10.25 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\drivers\tcpip.sys
< MD5 for: USERINIT.EXE >
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009.07.22 02:12:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.07.22 02:12:05 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.07.22 02:12:05 | 000,450,560 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
[2010.04.29 20:25:29 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\ibgeg.sys
[2010.04.29 18:14:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\ncikh.sys
[2010.04.29 18:40:06 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\ncmtro.sys
[2010.04.29 16:59:23 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\opsxds.sys
< %systemroot%\system32\*.* /3 >
[2010.04.28 12:13:30 | 000,002,553 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2010.04.28 15:02:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\jaa\Plocha\Zobrazit plochu.scf:SummaryInformation
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:63238B95
< End of report >
OTL Extras logfile created on: 29.4.2010 20:13:39 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\jaa\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 007.00 Mb Total Physical Memory | 308.00 Mb Available Physical Memory | 31.00% Memory free
913.00 Mb Paging File | 252.00 Mb Available in Paging File | 28.00% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 4.88 Gb Total Space | 0.39 Gb Free Space | 7.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 9.77 Gb Total Space | 0.19 Gb Free Space | 1.96% Space Free | Partition Type: NTFS
Drive F: | 22.61 Gb Total Space | 0.08 Gb Free Space | 0.34% Space Free | Partition Type: NTFS
Drive G: | 976.13 Mb Total Space | 12.16 Mb Free Space | 1.25% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JAA-640B4911AAE
Current User Name: jaa
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE" = C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE:*:Enabled:Microsoft® Motocross Madness 2 -- (Rainbow Multimedia Group, Inc)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"F:\blobby\volley.exe" = F:\blobby\volley.exe:*:Enabled:volley -- ()
"C:\QIP Infium JadrisPack\infium.exe" = C:\QIP Infium JadrisPack\infium.exe:*:Enabled:QIP Infium -- (QIP)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Nástroj pro odesílání služby Windows Live
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38A0BB97-772D-422E-BCCA-4BA2A5D81F42}" = ACDSee 6.0 PowerPack
"{4196D960-68B0-4BEB-B312-3C1B4654068D}" = Handy Recovery 4.0
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device Driver
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner (remove only)
"Duplicate Cleaner_is1" = Duplicate Cleaner 1.4.3
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"Foxit Reader" = Foxit Reader
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Motocross Madness 2" = Microsoft Motocross Madness 2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PPTView97" = Microsoft PowerPoint Viewer 97
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"QIP Infium JadrisPack 2.4.5 (9030)" = QIP Infium JadrisPack 2.4.5 (9030)
"Reflex" = Reflex
"Streamripper" = Streamripper (Remove only)
"VLC media player" = VLC media player 1.0.0
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18.3.2010 17:33:31 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace gta_sa.exe, verze 0.0.0.0, chybující modul gta_sa.exe,
verze 0.0.0.0, adresa chyby 0x000c9a8f.
Error - 18.3.2010 17:38:25 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace gta_sa.exe, verze 0.0.0.0, chybující modul gta_sa.exe,
verze 0.0.0.0, adresa chyby 0x000c7dad.
Error - 18.3.2010 17:38:35 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace gta_sa.exe, verze 0.0.0.0, chybující modul gta_sa.exe,
verze 0.0.0.0, adresa chyby 0x000c9a8f.
Error - 22.3.2010 7:19:36 | Computer Name = JAA-640B4911AAE | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace XLVIEW.EXE, verze 11.0.6412.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 22.3.2010 9:56:01 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.2180, chybující modul
mshtml.dll, verze 6.0.2900.2180, adresa chyby 0x00067bea.
Error - 23.3.2010 12:38:36 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace opera.exe, verze 9.64.10487.0, chybující modul
opera.dll, verze 9.64.10487.0, adresa chyby 0x0014b76a.
Error - 23.3.2010 13:16:48 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace xmledi~1.exe, verze 3.0.2.1, chybující modul xmledi~1.exe,
verze 3.0.2.1, adresa chyby 0x000138ba.
Error - 23.3.2010 13:17:25 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace xmledi~1.exe, verze 3.0.2.1, chybující modul xmledi~1.exe,
verze 3.0.2.1, adresa chyby 0x000138ba.
Error - 23.3.2010 13:18:20 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace xmledi~1.exe, verze 3.0.2.1, chybující modul xmledi~1.exe,
verze 3.0.2.1, adresa chyby 0x000138ba.
Error - 23.3.2010 13:23:16 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace xmledi~1.exe, verze 3.0.2.1, chybující modul xmledi~1.exe,
verze 3.0.2.1, adresa chyby 0x000138ba.
[ System Events ]
Error - 28.4.2010 9:40:58 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7031
Description = Služba Zařazování tisku byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.
Error - 28.4.2010 9:44:47 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7023
Description = Služba Prohledávání počítačů byla ukončena s následující chybou: %%1460
Error - 28.4.2010 9:50:48 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7031
Description = Služba Zařazování tisku byla nečekaně ukončena. Stalo se to 2 krát.
Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.
Error - 28.4.2010 15:09:03 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7034
Description = Služba avast! Antivirus byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 28.4.2010 15:09:03 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7034
Description = Služba avast! Mail Scanner byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 28.4.2010 15:09:03 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7034
Description = Služba avast! Web Scanner byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 28.4.2010 15:15:07 | Computer Name = JAA-640B4911AAE | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)
Error - 28.4.2010 15:15:07 | Computer Name = JAA-640B4911AAE | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.
Error - 29.4.2010 8:05:20 | Computer Name = JAA-640B4911AAE | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)
Error - 29.4.2010 8:05:20 | Computer Name = JAA-640B4911AAE | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.
< End of report >
Re: opravuji problemy po ave.exe, bojim se zatim restartu
otl se zavrelo a hodilo dalsi dva logy, to uz jsou i se zaskrtnutim, nebo to mam udelat znova?diky
OTL Extras logfile created on: 29.4.2010 20:13:39 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\jaa\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 007.00 Mb Total Physical Memory | 308.00 Mb Available Physical Memory | 31.00% Memory free
913.00 Mb Paging File | 252.00 Mb Available in Paging File | 28.00% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 4.88 Gb Total Space | 0.39 Gb Free Space | 7.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 9.77 Gb Total Space | 0.19 Gb Free Space | 1.96% Space Free | Partition Type: NTFS
Drive F: | 22.61 Gb Total Space | 0.08 Gb Free Space | 0.34% Space Free | Partition Type: NTFS
Drive G: | 976.13 Mb Total Space | 12.16 Mb Free Space | 1.25% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JAA-640B4911AAE
Current User Name: jaa
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE" = C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE:*:Enabled:Microsoft® Motocross Madness 2 -- (Rainbow Multimedia Group, Inc)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"F:\blobby\volley.exe" = F:\blobby\volley.exe:*:Enabled:volley -- ()
"C:\QIP Infium JadrisPack\infium.exe" = C:\QIP Infium JadrisPack\infium.exe:*:Enabled:QIP Infium -- (QIP)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Nástroj pro odesílání služby Windows Live
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38A0BB97-772D-422E-BCCA-4BA2A5D81F42}" = ACDSee 6.0 PowerPack
"{4196D960-68B0-4BEB-B312-3C1B4654068D}" = Handy Recovery 4.0
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device Driver
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner (remove only)
"Duplicate Cleaner_is1" = Duplicate Cleaner 1.4.3
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"Foxit Reader" = Foxit Reader
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Motocross Madness 2" = Microsoft Motocross Madness 2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PPTView97" = Microsoft PowerPoint Viewer 97
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"QIP Infium JadrisPack 2.4.5 (9030)" = QIP Infium JadrisPack 2.4.5 (9030)
"Reflex" = Reflex
"Streamripper" = Streamripper (Remove only)
"VLC media player" = VLC media player 1.0.0
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18.3.2010 17:33:31 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace gta_sa.exe, verze 0.0.0.0, chybující modul gta_sa.exe,
verze 0.0.0.0, adresa chyby 0x000c9a8f.
Error - 18.3.2010 17:38:25 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace gta_sa.exe, verze 0.0.0.0, chybující modul gta_sa.exe,
verze 0.0.0.0, adresa chyby 0x000c7dad.
Error - 18.3.2010 17:38:35 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace gta_sa.exe, verze 0.0.0.0, chybující modul gta_sa.exe,
verze 0.0.0.0, adresa chyby 0x000c9a8f.
Error - 22.3.2010 7:19:36 | Computer Name = JAA-640B4911AAE | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace XLVIEW.EXE, verze 11.0.6412.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 22.3.2010 9:56:01 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.2180, chybující modul
mshtml.dll, verze 6.0.2900.2180, adresa chyby 0x00067bea.
Error - 23.3.2010 12:38:36 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace opera.exe, verze 9.64.10487.0, chybující modul
opera.dll, verze 9.64.10487.0, adresa chyby 0x0014b76a.
Error - 23.3.2010 13:16:48 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace xmledi~1.exe, verze 3.0.2.1, chybující modul xmledi~1.exe,
verze 3.0.2.1, adresa chyby 0x000138ba.
Error - 23.3.2010 13:17:25 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace xmledi~1.exe, verze 3.0.2.1, chybující modul xmledi~1.exe,
verze 3.0.2.1, adresa chyby 0x000138ba.
Error - 23.3.2010 13:18:20 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace xmledi~1.exe, verze 3.0.2.1, chybující modul xmledi~1.exe,
verze 3.0.2.1, adresa chyby 0x000138ba.
Error - 23.3.2010 13:23:16 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace xmledi~1.exe, verze 3.0.2.1, chybující modul xmledi~1.exe,
verze 3.0.2.1, adresa chyby 0x000138ba.
[ System Events ]
Error - 28.4.2010 9:40:58 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7031
Description = Služba Zařazování tisku byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.
Error - 28.4.2010 9:44:47 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7023
Description = Služba Prohledávání počítačů byla ukončena s následující chybou: %%1460
Error - 28.4.2010 9:50:48 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7031
Description = Služba Zařazování tisku byla nečekaně ukončena. Stalo se to 2 krát.
Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.
Error - 28.4.2010 15:09:03 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7034
Description = Služba avast! Antivirus byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 28.4.2010 15:09:03 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7034
Description = Služba avast! Mail Scanner byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 28.4.2010 15:09:03 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7034
Description = Služba avast! Web Scanner byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 28.4.2010 15:15:07 | Computer Name = JAA-640B4911AAE | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)
Error - 28.4.2010 15:15:07 | Computer Name = JAA-640B4911AAE | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.
Error - 29.4.2010 8:05:20 | Computer Name = JAA-640B4911AAE | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)
Error - 29.4.2010 8:05:20 | Computer Name = JAA-640B4911AAE | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.
< End of report >
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE" = C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE:*:Enabled:Microsoft® Motocross Madness 2 -- (Rainbow Multimedia Group, Inc)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"F:\blobby\volley.exe" = F:\blobby\volley.exe:*:Enabled:volley -- ()
"C:\QIP Infium JadrisPack\infium.exe" = C:\QIP Infium JadrisPack\infium.exe:*:Enabled:QIP Infium -- (QIP)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Nástroj pro odesílání služby Windows Live
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38A0BB97-772D-422E-BCCA-4BA2A5D81F42}" = ACDSee 6.0 PowerPack
"{4196D960-68B0-4BEB-B312-3C1B4654068D}" = Handy Recovery 4.0
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device Driver
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner (remove only)
"Duplicate Cleaner_is1" = Duplicate Cleaner 1.4.3
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"Foxit Reader" = Foxit Reader
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Motocross Madness 2" = Microsoft Motocross Madness 2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PPTView97" = Microsoft PowerPoint Viewer 97
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"QIP Infium JadrisPack 2.4.5 (9030)" = QIP Infium JadrisPack 2.4.5 (9030)
"Reflex" = Reflex
"Streamripper" = Streamripper (Remove only)
"VLC media player" = VLC media player 1.0.0
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18.3.2010 17:33:31 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace gta_sa.exe, verze 0.0.0.0, chybující modul gta_sa.exe,
verze 0.0.0.0, adresa chyby 0x000c9a8f.
Error - 18.3.2010 17:38:25 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace gta_sa.exe, verze 0.0.0.0, chybující modul gta_sa.exe,
verze 0.0.0.0, adresa chyby 0x000c7dad.
Error - 18.3.2010 17:38:35 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace gta_sa.exe, verze 0.0.0.0, chybující modul gta_sa.exe,
verze 0.0.0.0, adresa chyby 0x000c9a8f.
Error - 22.3.2010 7:19:36 | Computer Name = JAA-640B4911AAE | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace XLVIEW.EXE, verze 11.0.6412.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 22.3.2010 9:56:01 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.2180, chybující modul
mshtml.dll, verze 6.0.2900.2180, adresa chyby 0x00067bea.
Error - 23.3.2010 12:38:36 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace opera.exe, verze 9.64.10487.0, chybující modul
opera.dll, verze 9.64.10487.0, adresa chyby 0x0014b76a.
Error - 23.3.2010 13:16:48 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace xmledi~1.exe, verze 3.0.2.1, chybující modul xmledi~1.exe,
verze 3.0.2.1, adresa chyby 0x000138ba.
Error - 23.3.2010 13:17:25 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace xmledi~1.exe, verze 3.0.2.1, chybující modul xmledi~1.exe,
verze 3.0.2.1, adresa chyby 0x000138ba.
Error - 23.3.2010 13:18:20 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace xmledi~1.exe, verze 3.0.2.1, chybující modul xmledi~1.exe,
verze 3.0.2.1, adresa chyby 0x000138ba.
Error - 23.3.2010 13:23:16 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace xmledi~1.exe, verze 3.0.2.1, chybující modul xmledi~1.exe,
verze 3.0.2.1, adresa chyby 0x000138ba.
[ System Events ]
Error - 28.4.2010 9:40:58 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7031
Description = Služba Zařazování tisku byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.
Error - 28.4.2010 9:44:47 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7023
Description = Služba Prohledávání počítačů byla ukončena s následující chybou: %%1460
Error - 28.4.2010 9:50:48 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7031
Description = Služba Zařazování tisku byla nečekaně ukončena. Stalo se to 2 krát.
Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.
Error - 28.4.2010 15:09:03 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7034
Description = Služba avast! Antivirus byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 28.4.2010 15:09:03 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7034
Description = Služba avast! Mail Scanner byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 28.4.2010 15:09:03 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7034
Description = Služba avast! Web Scanner byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 28.4.2010 15:15:07 | Computer Name = JAA-640B4911AAE | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)
Error - 28.4.2010 15:15:07 | Computer Name = JAA-640B4911AAE | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.
Error - 29.4.2010 8:05:20 | Computer Name = JAA-640B4911AAE | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)
Error - 29.4.2010 8:05:20 | Computer Name = JAA-640B4911AAE | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.
< End of report >
OTL Extras logfile created on: 29.4.2010 20:13:39 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\jaa\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 007.00 Mb Total Physical Memory | 308.00 Mb Available Physical Memory | 31.00% Memory free
913.00 Mb Paging File | 252.00 Mb Available in Paging File | 28.00% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 4.88 Gb Total Space | 0.39 Gb Free Space | 7.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 9.77 Gb Total Space | 0.19 Gb Free Space | 1.96% Space Free | Partition Type: NTFS
Drive F: | 22.61 Gb Total Space | 0.08 Gb Free Space | 0.34% Space Free | Partition Type: NTFS
Drive G: | 976.13 Mb Total Space | 12.16 Mb Free Space | 1.25% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JAA-640B4911AAE
Current User Name: jaa
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE" = C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE:*:Enabled:Microsoft® Motocross Madness 2 -- (Rainbow Multimedia Group, Inc)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"F:\blobby\volley.exe" = F:\blobby\volley.exe:*:Enabled:volley -- ()
"C:\QIP Infium JadrisPack\infium.exe" = C:\QIP Infium JadrisPack\infium.exe:*:Enabled:QIP Infium -- (QIP)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Nástroj pro odesílání služby Windows Live
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38A0BB97-772D-422E-BCCA-4BA2A5D81F42}" = ACDSee 6.0 PowerPack
"{4196D960-68B0-4BEB-B312-3C1B4654068D}" = Handy Recovery 4.0
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device Driver
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner (remove only)
"Duplicate Cleaner_is1" = Duplicate Cleaner 1.4.3
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"Foxit Reader" = Foxit Reader
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Motocross Madness 2" = Microsoft Motocross Madness 2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PPTView97" = Microsoft PowerPoint Viewer 97
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"QIP Infium JadrisPack 2.4.5 (9030)" = QIP Infium JadrisPack 2.4.5 (9030)
"Reflex" = Reflex
"Streamripper" = Streamripper (Remove only)
"VLC media player" = VLC media player 1.0.0
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18.3.2010 17:33:31 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace gta_sa.exe, verze 0.0.0.0, chybující modul gta_sa.exe,
verze 0.0.0.0, adresa chyby 0x000c9a8f.
Error - 18.3.2010 17:38:25 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace gta_sa.exe, verze 0.0.0.0, chybující modul gta_sa.exe,
verze 0.0.0.0, adresa chyby 0x000c7dad.
Error - 18.3.2010 17:38:35 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace gta_sa.exe, verze 0.0.0.0, chybující modul gta_sa.exe,
verze 0.0.0.0, adresa chyby 0x000c9a8f.
Error - 22.3.2010 7:19:36 | Computer Name = JAA-640B4911AAE | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace XLVIEW.EXE, verze 11.0.6412.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 22.3.2010 9:56:01 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.2180, chybující modul
mshtml.dll, verze 6.0.2900.2180, adresa chyby 0x00067bea.
Error - 23.3.2010 12:38:36 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace opera.exe, verze 9.64.10487.0, chybující modul
opera.dll, verze 9.64.10487.0, adresa chyby 0x0014b76a.
Error - 23.3.2010 13:16:48 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace xmledi~1.exe, verze 3.0.2.1, chybující modul xmledi~1.exe,
verze 3.0.2.1, adresa chyby 0x000138ba.
Error - 23.3.2010 13:17:25 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace xmledi~1.exe, verze 3.0.2.1, chybující modul xmledi~1.exe,
verze 3.0.2.1, adresa chyby 0x000138ba.
Error - 23.3.2010 13:18:20 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace xmledi~1.exe, verze 3.0.2.1, chybující modul xmledi~1.exe,
verze 3.0.2.1, adresa chyby 0x000138ba.
Error - 23.3.2010 13:23:16 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace xmledi~1.exe, verze 3.0.2.1, chybující modul xmledi~1.exe,
verze 3.0.2.1, adresa chyby 0x000138ba.
[ System Events ]
Error - 28.4.2010 9:40:58 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7031
Description = Služba Zařazování tisku byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.
Error - 28.4.2010 9:44:47 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7023
Description = Služba Prohledávání počítačů byla ukončena s následující chybou: %%1460
Error - 28.4.2010 9:50:48 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7031
Description = Služba Zařazování tisku byla nečekaně ukončena. Stalo se to 2 krát.
Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.
Error - 28.4.2010 15:09:03 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7034
Description = Služba avast! Antivirus byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 28.4.2010 15:09:03 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7034
Description = Služba avast! Mail Scanner byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 28.4.2010 15:09:03 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7034
Description = Služba avast! Web Scanner byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 28.4.2010 15:15:07 | Computer Name = JAA-640B4911AAE | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)
Error - 28.4.2010 15:15:07 | Computer Name = JAA-640B4911AAE | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.
Error - 29.4.2010 8:05:20 | Computer Name = JAA-640B4911AAE | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)
Error - 29.4.2010 8:05:20 | Computer Name = JAA-640B4911AAE | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.
< End of report >
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE" = C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE:*:Enabled:Microsoft® Motocross Madness 2 -- (Rainbow Multimedia Group, Inc)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"F:\blobby\volley.exe" = F:\blobby\volley.exe:*:Enabled:volley -- ()
"C:\QIP Infium JadrisPack\infium.exe" = C:\QIP Infium JadrisPack\infium.exe:*:Enabled:QIP Infium -- (QIP)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Nástroj pro odesílání služby Windows Live
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38A0BB97-772D-422E-BCCA-4BA2A5D81F42}" = ACDSee 6.0 PowerPack
"{4196D960-68B0-4BEB-B312-3C1B4654068D}" = Handy Recovery 4.0
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device Driver
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner (remove only)
"Duplicate Cleaner_is1" = Duplicate Cleaner 1.4.3
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"Foxit Reader" = Foxit Reader
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Motocross Madness 2" = Microsoft Motocross Madness 2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PPTView97" = Microsoft PowerPoint Viewer 97
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"QIP Infium JadrisPack 2.4.5 (9030)" = QIP Infium JadrisPack 2.4.5 (9030)
"Reflex" = Reflex
"Streamripper" = Streamripper (Remove only)
"VLC media player" = VLC media player 1.0.0
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18.3.2010 17:33:31 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace gta_sa.exe, verze 0.0.0.0, chybující modul gta_sa.exe,
verze 0.0.0.0, adresa chyby 0x000c9a8f.
Error - 18.3.2010 17:38:25 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace gta_sa.exe, verze 0.0.0.0, chybující modul gta_sa.exe,
verze 0.0.0.0, adresa chyby 0x000c7dad.
Error - 18.3.2010 17:38:35 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace gta_sa.exe, verze 0.0.0.0, chybující modul gta_sa.exe,
verze 0.0.0.0, adresa chyby 0x000c9a8f.
Error - 22.3.2010 7:19:36 | Computer Name = JAA-640B4911AAE | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace XLVIEW.EXE, verze 11.0.6412.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 22.3.2010 9:56:01 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.2180, chybující modul
mshtml.dll, verze 6.0.2900.2180, adresa chyby 0x00067bea.
Error - 23.3.2010 12:38:36 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace opera.exe, verze 9.64.10487.0, chybující modul
opera.dll, verze 9.64.10487.0, adresa chyby 0x0014b76a.
Error - 23.3.2010 13:16:48 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace xmledi~1.exe, verze 3.0.2.1, chybující modul xmledi~1.exe,
verze 3.0.2.1, adresa chyby 0x000138ba.
Error - 23.3.2010 13:17:25 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace xmledi~1.exe, verze 3.0.2.1, chybující modul xmledi~1.exe,
verze 3.0.2.1, adresa chyby 0x000138ba.
Error - 23.3.2010 13:18:20 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace xmledi~1.exe, verze 3.0.2.1, chybující modul xmledi~1.exe,
verze 3.0.2.1, adresa chyby 0x000138ba.
Error - 23.3.2010 13:23:16 | Computer Name = JAA-640B4911AAE | Source = Application Error | ID = 1000
Description = Chybující aplikace xmledi~1.exe, verze 3.0.2.1, chybující modul xmledi~1.exe,
verze 3.0.2.1, adresa chyby 0x000138ba.
[ System Events ]
Error - 28.4.2010 9:40:58 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7031
Description = Služba Zařazování tisku byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.
Error - 28.4.2010 9:44:47 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7023
Description = Služba Prohledávání počítačů byla ukončena s následující chybou: %%1460
Error - 28.4.2010 9:50:48 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7031
Description = Služba Zařazování tisku byla nečekaně ukončena. Stalo se to 2 krát.
Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.
Error - 28.4.2010 15:09:03 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7034
Description = Služba avast! Antivirus byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 28.4.2010 15:09:03 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7034
Description = Služba avast! Mail Scanner byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 28.4.2010 15:09:03 | Computer Name = JAA-640B4911AAE | Source = Service Control Manager | ID = 7034
Description = Služba avast! Web Scanner byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 28.4.2010 15:15:07 | Computer Name = JAA-640B4911AAE | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)
Error - 28.4.2010 15:15:07 | Computer Name = JAA-640B4911AAE | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.
Error - 29.4.2010 8:05:20 | Computer Name = JAA-640B4911AAE | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)
Error - 29.4.2010 8:05:20 | Computer Name = JAA-640B4911AAE | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.
< End of report >
Re: opravuji problemy po ave.exe, bojim se zatim restartu
OTL logfile created on: 29.4.2010 20:13:39 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\jaa\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 007.00 Mb Total Physical Memory | 308.00 Mb Available Physical Memory | 31.00% Memory free
913.00 Mb Paging File | 252.00 Mb Available in Paging File | 28.00% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 4.88 Gb Total Space | 0.39 Gb Free Space | 7.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 9.77 Gb Total Space | 0.19 Gb Free Space | 1.96% Space Free | Partition Type: NTFS
Drive F: | 22.61 Gb Total Space | 0.08 Gb Free Space | 0.34% Space Free | Partition Type: NTFS
Drive G: | 976.13 Mb Total Space | 12.16 Mb Free Space | 1.25% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JAA-640B4911AAE
Current User Name: jaa
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.04.29 20:11:18 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jaa\Plocha\OTL.exe
PRC - [2010.04.14 18:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.03.30 00:46:02 | 001,086,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009.05.26 14:25:07 | 000,099,328 | ---- | M] (Opera Software) -- F:\f\opera964int\opera964int\op.com
PRC - [2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003.03.13 13:44:22 | 000,049,152 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
========== Modules (SafeList) ==========
MOD - [2010.04.29 20:11:18 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jaa\Plocha\OTL.exe
MOD - [2004.08.17 15:48:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2003.03.13 13:44:22 | 000,049,152 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
========== Driver Services (SafeList) ==========
DRV - [2010.04.14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.04.14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.04.14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.04.14 18:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.04.14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.04.14 18:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009.07.28 13:37:43 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004.08.04 00:31:28 | 000,154,624 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2003.04.23 03:10:12 | 000,033,335 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wa301a.sys -- ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55})
DRV - [2003.01.31 10:45:56 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2002.12.12 17:41:48 | 000,099,577 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.Google.com
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.Google.com/
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.play.cz/listen/listen.php?sh ... &stype=MP3
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.Google.com/
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2001.10.25 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm File not found
O9 - Extra 'Tools' menuitem : StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\jaa\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jaa\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - Unable to open key or key not present!
O32 - AutoRun File - [2009.07.22 00:27:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2010.04.29 20:11:11 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jaa\Plocha\OTL.exe
[2010.04.29 18:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.29 18:24:33 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.29 17:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaa\Plocha\How to remove ave.exe (ave.exe Removal) Malware Help. Org_files
[2010.04.28 20:02:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaa\Data aplikací\Malwarebytes
[2010.04.28 20:02:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.28 20:02:15 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.28 20:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.04.28 20:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.04.28 17:34:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\xmlie64
[2010.04.28 13:45:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.04.28 12:13:34 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.04.28 12:13:34 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.04.28 12:13:33 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.04.28 12:13:31 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.04.28 12:13:29 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.04.28 12:13:29 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.04.28 12:13:29 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.04.28 12:12:47 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.04.28 12:12:47 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010.04.28 12:12:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.04.28 10:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\avG
[2010.04.28 10:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\avG
[2010.04.04 10:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaa\Plocha\DCIM
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.04.29 20:11:18 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jaa\Plocha\OTL.exe
[2010.04.29 19:51:05 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\jaa\ntuser.dat
[2010.04.29 18:40:06 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ncmtro.sys
[2010.04.29 18:14:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ncikh.sys
[2010.04.29 17:02:22 | 000,176,758 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\How to remove ave.exe (ave.exe Removal) Malware Help. Org.htm
[2010.04.29 16:59:23 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\opsxds.sys
[2010.04.28 20:02:21 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.04.28 17:56:04 | 000,001,074 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_175539.reg
[2010.04.28 17:40:53 | 000,001,142 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_174046.reg
[2010.04.28 17:37:01 | 000,009,994 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\sWj5YKqA
[2010.04.28 17:37:01 | 000,009,994 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\sWj5YKqA
[2010.04.28 17:34:58 | 000,221,184 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\ave.exe
[2010.04.28 17:13:12 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\ACDSee 6.0.lnk
[2010.04.28 16:37:48 | 000,009,392 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\Nae6FtA
[2010.04.28 16:37:48 | 000,009,392 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\Nae6FtA
[2010.04.28 15:39:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.28 15:39:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.28 15:38:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\jaa\ntuser.ini
[2010.04.28 15:38:27 | 005,852,574 | ---- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\IconCache.db
[2010.04.28 15:26:32 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_152626.reg
[2010.04.28 15:15:20 | 000,009,400 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\1211944673
[2010.04.28 15:15:20 | 000,009,400 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\1211944673
[2010.04.28 15:02:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.28 13:53:34 | 000,000,412 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_135329.reg
[2010.04.28 12:13:35 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2010.04.28 12:13:30 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.04.27 04:47:12 | 001,948,086 | ---- | M] () -- C:\WINDOWS\ACD Wallpaper.bmp
[2010.04.25 09:14:52 | 000,000,045 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\stodolni128[1].aac.m3u
[2010.04.22 20:28:10 | 000,085,993 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\r145.rtf
[2010.04.19 09:27:56 | 000,000,383 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\Radio Stodolní.url
[2010.04.19 08:12:22 | 000,010,841 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\eatgreens.jpg
[2010.04.19 07:16:35 | 000,029,778 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\image027.jpg
[2010.04.19 07:16:29 | 000,034,877 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\image026.jpg
[2010.04.19 03:20:35 | 000,000,198 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3-256-ogg.pls
[2010.04.19 03:19:10 | 000,000,563 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3-192.asx
[2010.04.19 03:17:35 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3_lowmp3.m3u
[2010.04.19 03:17:24 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3_high.mp3 (1).m3u
[2010.04.19 03:16:17 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3_high.mp3.m3u
[2010.04.14 18:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010.04.14 18:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.04.14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.04.14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.04.14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.04.14 18:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.04.14 18:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.04.14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.04.14 18:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.04.14 09:33:08 | 000,166,075 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX3_resize.jpg
[2010.04.14 09:33:07 | 000,112,375 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX2_resize.jpg
[2010.04.14 09:33:06 | 000,129,003 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX1_resize.jpg
[2010.04.14 09:30:26 | 000,853,305 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX1.jpg
[2010.04.14 09:29:51 | 000,767,429 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX2.jpg
[2010.04.14 09:29:06 | 001,093,022 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX3.jpg
[2010.04.14 09:23:12 | 000,250,880 | ---- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.13 02:54:41 | 000,921,922 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.13 02:54:41 | 000,393,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.13 02:54:41 | 000,390,672 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.04.13 02:54:41 | 000,069,024 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.04.13 02:54:41 | 000,058,988 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.07 10:52:33 | 000,005,008 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\ml.rtf
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.04.29 18:40:06 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ncmtro.sys
[2010.04.29 18:14:00 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ncikh.sys
[2010.04.29 17:02:19 | 000,176,758 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\How to remove ave.exe (ave.exe Removal) Malware Help. Org.htm
[2010.04.29 16:59:23 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\opsxds.sys
[2010.04.28 20:02:21 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.04.28 17:55:41 | 000,001,074 | ---- | C] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_175539.reg
[2010.04.28 17:40:47 | 000,001,142 | ---- | C] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_174046.reg
[2010.04.28 17:34:58 | 000,009,994 | -HS- | C] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\sWj5YKqA
[2010.04.28 17:34:58 | 000,009,994 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\sWj5YKqA
[2010.04.28 15:26:28 | 000,000,578 | ---- | C] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_152626.reg
[2010.04.28 15:15:20 | 000,009,400 | -HS- | C] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\1211944673
[2010.04.28 15:15:20 | 000,009,400 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\1211944673
[2010.04.28 13:53:33 | 000,000,412 | ---- | C] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_135329.reg
[2010.04.28 13:37:46 | 000,221,184 | -HS- | C] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\ave.exe
[2010.04.28 13:37:46 | 000,009,392 | -HS- | C] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\Nae6FtA
[2010.04.28 12:13:35 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2010.04.28 10:44:43 | 000,009,392 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\Nae6FtA
[2010.04.27 17:37:54 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Data aplikací\wzmjhy.dat
[2010.04.25 09:14:51 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\stodolni128[1].aac.m3u
[2010.04.22 20:28:10 | 000,085,993 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\r145.rtf
[2010.04.19 09:27:56 | 000,000,383 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\Radio Stodolní.url
[2010.04.19 08:12:22 | 000,010,841 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\eatgreens.jpg
[2010.04.19 07:16:34 | 000,029,778 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\image027.jpg
[2010.04.19 07:16:29 | 000,034,877 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\image026.jpg
[2010.04.19 03:20:35 | 000,000,198 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\cro3-256-ogg.pls
[2010.04.19 03:19:10 | 000,000,563 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\cro3-192.asx
[2010.04.19 03:17:35 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\cro3_lowmp3.m3u
[2010.04.19 03:17:23 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\cro3_high.mp3 (1).m3u
[2010.04.14 09:33:07 | 000,166,075 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\dubFX3_resize.jpg
[2010.04.14 09:33:06 | 000,112,375 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\dubFX2_resize.jpg
[2010.04.14 09:33:05 | 000,129,003 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\dubFX1_resize.jpg
[2010.04.14 09:30:23 | 000,853,305 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\dubFX1.jpg
[2010.04.14 09:29:51 | 000,767,429 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\dubFX2.jpg
[2010.04.14 09:29:06 | 001,093,022 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\dubFX3.jpg
[2010.04.07 10:52:33 | 000,005,008 | ---- | C] () -- C:\Documents and Settings\jaa\Dokumenty\ml.rtf
[2010.02.05 05:57:00 | 000,000,737 | ---- | C] () -- C:\WINDOWS\XMLEditor3.INI
[2009.09.30 18:22:46 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.07.22 07:03:13 | 000,000,042 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2009.07.22 01:14:30 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004.08.17 15:49:10 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004.07.17 11:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002.03.21 14:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[1999.08.12 00:00:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1999.08.12 00:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1999.08.12 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1999.08.12 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
========== LOP Check ==========
[2009.07.28 13:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
[2010.04.28 12:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.04.28 10:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avG
[2009.11.09 05:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Boss Media
[2009.10.05 20:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.08.24 21:33:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2009.07.28 14:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\ACD Systems
[2010.04.14 09:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Facebook
[2009.07.27 20:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Foxit
[2009.07.22 07:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Opera
[2009.07.23 03:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\streamripper
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
< c:\windows\*.* /U >
[3 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009.07.28 14:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\ACD Systems
[2009.07.22 03:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Adobe
[2010.03.20 23:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\dvdcss
[2010.04.14 09:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Facebook
[2009.07.27 20:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Foxit
[2009.07.23 00:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Help
[2009.07.22 00:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Identities
[2009.07.22 03:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Macromedia
[2010.04.28 20:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Malwarebytes
[2009.10.23 02:09:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\jaa\Data aplikací\Microsoft
[2009.07.22 07:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Opera
[2009.07.23 03:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\streamripper
[2009.07.22 22:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Sun
[2010.04.28 12:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\vlc
[2009.07.29 09:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Winamp
[2009.07.24 07:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\WinRAR
< %APPDATA%\*.exe /s >
[2010.04.14 09:34:44 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Documents and Settings\jaa\Data aplikací\Facebook\uninstall.exe
[2009.07.22 03:18:27 | 001,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\jaa\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: CDROM.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.03 22:59:08 | 000,081,280 | ---- | M] (Microsoft Corporation) MD5=4AF58CA3425F28FC5E3DB47DC122F722 -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2001.10.25 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\drivers\tcpip.sys
< MD5 for: USERINIT.EXE >
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009.07.22 02:12:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.07.22 02:12:05 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.07.22 02:12:05 | 000,450,560 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
[2010.04.29 20:25:29 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\ibgeg.sys
[2010.04.29 18:14:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\ncikh.sys
[2010.04.29 18:40:06 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\ncmtro.sys
[2010.04.29 16:59:23 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\opsxds.sys
< %systemroot%\system32\*.* /3 >
[2010.04.28 12:13:30 | 000,002,553 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2010.04.28 15:02:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\jaa\Plocha\Zobrazit plochu.scf:SummaryInformation
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:63238B95
< End of report >
[2010.04.29 20:26:07 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\jaa\ntuser.dat.LOG
[2010.04.29 20:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Plocha
[2010.04.29 20:25:29 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ibgeg.sys
[2010.04.29 20:11:18 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jaa\Plocha\OTL.exe
[2010.04.29 20:05:56 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\jaa\Recent
[2010.04.29 19:51:05 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\jaa\ntuser.dat
[2010.04.29 18:40:06 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ncmtro.sys
[2010.04.29 18:24:55 | 000,000,000 | ---D | M] -- C:\Program Files\trend micro
[2010.04.29 18:14:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ncikh.sys
[2010.04.29 18:10:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\jaa\Cookies
[2010.04.29 17:02:22 | 000,176,758 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\How to remove ave.exe (ave.exe Removal) Malware Help. Org.htm
[2010.04.29 16:59:23 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\opsxds.sys
[2010.04.29 16:58:53 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\jaa\Data aplikací
[2010.04.28 20:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Malwarebytes
[2010.04.28 20:02:23 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.04.28 20:02:21 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.04.28 20:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Plocha
[2010.04.28 20:02:15 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Data aplikací
[2010.04.28 20:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.04.28 17:56:04 | 000,001,074 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_175539.reg
[2010.04.28 17:55:42 | 000,000,000 | R--D | M] -- C:\Documents and Settings\jaa\Dokumenty
[2010.04.28 17:40:53 | 000,001,142 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_174046.reg
[2010.04.28 17:37:01 | 000,009,994 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\sWj5YKqA
[2010.04.28 17:37:01 | 000,009,994 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\sWj5YKqA
[2010.04.28 17:34:58 | 000,221,184 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\ave.exe
[2010.04.28 17:34:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jaa\Šablony
[2010.04.28 17:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\xmlie64
[2010.04.28 17:13:12 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\ACDSee 6.0.lnk
[2010.04.28 16:37:48 | 000,009,392 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\Nae6FtA
[2010.04.28 16:37:48 | 000,009,392 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\Nae6FtA
[2010.04.28 15:39:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.28 15:39:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.28 15:38:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\jaa\ntuser.ini
[2010.04.28 15:38:27 | 005,852,574 | ---- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\IconCache.db
[2010.04.28 15:26:32 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_152626.reg
[2010.04.28 15:15:20 | 000,009,400 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\1211944673
[2010.04.28 15:15:20 | 000,009,400 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\1211944673
[2010.04.28 15:02:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.28 13:53:34 | 000,000,412 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_135329.reg
[2010.04.28 12:13:35 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2010.04.28 12:13:30 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.04.28 12:13:05 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Microsoft Shared
[2010.04.28 12:12:19 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2010.04.28 12:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.04.28 12:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\vlc
[2010.04.28 10:46:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Data aplikací\Microsoft
[2010.04.28 10:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\Microsoft
[2010.04.28 10:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\avG
[2010.04.28 10:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avG
[2010.04.27 17:37:54 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\NetworkService\Data aplikací\wzmjhy.dat
[2010.04.27 04:47:12 | 001,948,086 | ---- | M] () -- C:\WINDOWS\ACD Wallpaper.bmp
[2010.04.25 09:14:52 | 000,000,045 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\stodolni128[1].aac.m3u
[2010.04.22 20:28:10 | 000,085,993 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\r145.rtf
[2010.04.19 09:27:56 | 000,000,383 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\Radio Stodolní.url
[2010.04.19 08:12:22 | 000,010,841 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\eatgreens.jpg
[2010.04.19 07:16:35 | 000,029,778 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\image027.jpg
[2010.04.19 07:16:29 | 000,034,877 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\image026.jpg
[2010.04.19 03:20:35 | 000,000,198 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3-256-ogg.pls
[2010.04.19 03:19:10 | 000,000,563 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3-192.asx
[2010.04.19 03:17:35 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3_lowmp3.m3u
[2010.04.19 03:17:24 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3_high.mp3 (1).m3u
[2010.04.19 03:16:17 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3_high.mp3.m3u
[2010.04.14 18:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010.04.14 18:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.04.14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.04.14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.04.14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.04.14 18:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.04.14 18:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.04.14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.04.14 18:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.04.14 09:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Facebook
[2010.04.14 09:33:08 | 000,166,075 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX3_resize.jpg
[2010.04.14 09:33:07 | 000,112,375 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX2_resize.jpg
[2010.04.14 09:33:06 | 000,129,003 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX1_resize.jpg
[2010.04.14 09:30:26 | 000,853,305 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX1.jpg
[2010.04.14 09:29:51 | 000,767,429 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX2.jpg
[2010.04.14 09:29:06 | 001,093,022 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX3.jpg
[2010.04.14 09:23:12 | 000,250,880 | ---- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.13 02:54:41 | 000,921,922 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.13 02:54:41 | 000,393,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.13 02:54:41 | 000,390,672 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.04.13 02:54:41 | 000,069,024 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.04.13 02:54:41 | 000,058,988 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.07 10:52:33 | 000,005,008 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\ml.rtf
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.04.29 20:25:29 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ibgeg.sys
[2010.04.29 20:11:18 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jaa\Plocha\OTL.exe
[2010.04.29 19:51:05 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\jaa\ntuser.dat
[2010.04.29 18:40:06 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ncmtro.sys
[2010.04.29 18:14:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ncikh.sys
[2010.04.29 17:02:22 | 000,176,758 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\How to remove ave.exe (ave.exe Removal) Malware Help. Org.htm
[2010.04.29 16:59:23 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\opsxds.sys
[2010.04.28 20:02:21 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.04.28 17:56:04 | 000,001,074 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_175539.reg
[2010.04.28 17:40:53 | 000,001,142 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_174046.reg
[2010.04.28 17:37:01 | 000,009,994 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\sWj5YKqA
[2010.04.28 17:37:01 | 000,009,994 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\sWj5YKqA
[2010.04.28 17:34:58 | 000,221,184 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\ave.exe
[2010.04.28 17:13:12 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\ACDSee 6.0.lnk
[2010.04.28 16:37:48 | 000,009,392 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\Nae6FtA
[2010.04.28 16:37:48 | 000,009,392 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\Nae6FtA
[2010.04.28 15:39:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.28 15:39:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.28 15:38:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\jaa\ntuser.ini
[2010.04.28 15:38:27 | 005,852,574 | ---- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\IconCache.db
[2010.04.28 15:26:32 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_152626.reg
[2010.04.28 15:15:20 | 000,009,400 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\1211944673
[2010.04.28 15:15:20 | 000,009,400 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\1211944673
[2010.04.28 15:02:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.28 13:53:34 | 000,000,412 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_135329.reg
[2010.04.28 12:13:35 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2010.04.28 12:13:30 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.04.27 04:47:12 | 001,948,086 | ---- | M] () -- C:\WINDOWS\ACD Wallpaper.bmp
[2010.04.25 09:14:52 | 000,000,045 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\stodolni128[1].aac.m3u
[2010.04.22 20:28:10 | 000,085,993 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\r145.rtf
[2010.04.19 09:27:56 | 000,000,383 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\Radio Stodolní.url
[2010.04.19 08:12:22 | 000,010,841 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\eatgreens.jpg
[2010.04.19 07:16:35 | 000,029,778 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\image027.jpg
[2010.04.19 07:16:29 | 000,034,877 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\image026.jpg
[2010.04.19 03:20:35 | 000,000,198 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3-256-ogg.pls
[2010.04.19 03:19:10 | 000,000,563 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3-192.asx
[2010.04.19 03:17:35 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3_lowmp3.m3u
[2010.04.19 03:17:24 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3_high.mp3 (1).m3u
[2010.04.19 03:16:17 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3_high.mp3.m3u
[2010.04.14 18:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010.04.14 18:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.04.14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.04.14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.04.14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.04.14 18:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.04.14 18:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.04.14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.04.14 18:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.04.14 09:33:08 | 000,166,075 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX3_resize.jpg
[2010.04.14 09:33:07 | 000,112,375 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX2_resize.jpg
[2010.04.14 09:33:06 | 000,129,003 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX1_resize.jpg
[2010.04.14 09:30:26 | 000,853,305 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX1.jpg
[2010.04.14 09:29:51 | 000,767,429 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX2.jpg
[2010.04.14 09:29:06 | 001,093,022 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX3.jpg
[2010.04.14 09:23:12 | 000,250,880 | ---- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.13 02:54:41 | 000,921,922 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.13 02:54:41 | 000,393,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.13 02:54:41 | 000,390,672 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.04.13 02:54:41 | 000,069,024 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.04.13 02:54:41 | 000,058,988 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.07 10:52:33 | 000,005,008 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\ml.rtf
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\jaa\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 007.00 Mb Total Physical Memory | 308.00 Mb Available Physical Memory | 31.00% Memory free
913.00 Mb Paging File | 252.00 Mb Available in Paging File | 28.00% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 4.88 Gb Total Space | 0.39 Gb Free Space | 7.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 9.77 Gb Total Space | 0.19 Gb Free Space | 1.96% Space Free | Partition Type: NTFS
Drive F: | 22.61 Gb Total Space | 0.08 Gb Free Space | 0.34% Space Free | Partition Type: NTFS
Drive G: | 976.13 Mb Total Space | 12.16 Mb Free Space | 1.25% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JAA-640B4911AAE
Current User Name: jaa
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.04.29 20:11:18 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jaa\Plocha\OTL.exe
PRC - [2010.04.14 18:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.03.30 00:46:02 | 001,086,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009.05.26 14:25:07 | 000,099,328 | ---- | M] (Opera Software) -- F:\f\opera964int\opera964int\op.com
PRC - [2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003.03.13 13:44:22 | 000,049,152 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
========== Modules (SafeList) ==========
MOD - [2010.04.29 20:11:18 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jaa\Plocha\OTL.exe
MOD - [2004.08.17 15:48:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2003.03.13 13:44:22 | 000,049,152 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
========== Driver Services (SafeList) ==========
DRV - [2010.04.14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.04.14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.04.14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.04.14 18:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.04.14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.04.14 18:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009.07.28 13:37:43 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004.08.04 00:31:28 | 000,154,624 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2003.04.23 03:10:12 | 000,033,335 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wa301a.sys -- ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55})
DRV - [2003.01.31 10:45:56 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2002.12.12 17:41:48 | 000,099,577 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.Google.com
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.Google.com/
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.play.cz/listen/listen.php?sh ... &stype=MP3
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.Google.com/
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/
IE - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2001.10.25 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm File not found
O9 - Extra 'Tools' menuitem : StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\jaa\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jaa\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - Unable to open key or key not present!
O32 - AutoRun File - [2009.07.22 00:27:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2010.04.29 20:11:11 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jaa\Plocha\OTL.exe
[2010.04.29 18:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.29 18:24:33 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.29 17:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaa\Plocha\How to remove ave.exe (ave.exe Removal) Malware Help. Org_files
[2010.04.28 20:02:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaa\Data aplikací\Malwarebytes
[2010.04.28 20:02:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.28 20:02:15 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.28 20:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.04.28 20:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.04.28 17:34:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\xmlie64
[2010.04.28 13:45:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.04.28 12:13:34 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.04.28 12:13:34 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.04.28 12:13:33 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.04.28 12:13:31 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.04.28 12:13:29 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.04.28 12:13:29 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.04.28 12:13:29 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.04.28 12:12:47 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.04.28 12:12:47 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010.04.28 12:12:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.04.28 10:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\avG
[2010.04.28 10:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\avG
[2010.04.04 10:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaa\Plocha\DCIM
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.04.29 20:11:18 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jaa\Plocha\OTL.exe
[2010.04.29 19:51:05 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\jaa\ntuser.dat
[2010.04.29 18:40:06 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ncmtro.sys
[2010.04.29 18:14:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ncikh.sys
[2010.04.29 17:02:22 | 000,176,758 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\How to remove ave.exe (ave.exe Removal) Malware Help. Org.htm
[2010.04.29 16:59:23 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\opsxds.sys
[2010.04.28 20:02:21 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.04.28 17:56:04 | 000,001,074 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_175539.reg
[2010.04.28 17:40:53 | 000,001,142 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_174046.reg
[2010.04.28 17:37:01 | 000,009,994 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\sWj5YKqA
[2010.04.28 17:37:01 | 000,009,994 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\sWj5YKqA
[2010.04.28 17:34:58 | 000,221,184 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\ave.exe
[2010.04.28 17:13:12 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\ACDSee 6.0.lnk
[2010.04.28 16:37:48 | 000,009,392 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\Nae6FtA
[2010.04.28 16:37:48 | 000,009,392 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\Nae6FtA
[2010.04.28 15:39:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.28 15:39:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.28 15:38:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\jaa\ntuser.ini
[2010.04.28 15:38:27 | 005,852,574 | ---- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\IconCache.db
[2010.04.28 15:26:32 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_152626.reg
[2010.04.28 15:15:20 | 000,009,400 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\1211944673
[2010.04.28 15:15:20 | 000,009,400 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\1211944673
[2010.04.28 15:02:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.28 13:53:34 | 000,000,412 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_135329.reg
[2010.04.28 12:13:35 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2010.04.28 12:13:30 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.04.27 04:47:12 | 001,948,086 | ---- | M] () -- C:\WINDOWS\ACD Wallpaper.bmp
[2010.04.25 09:14:52 | 000,000,045 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\stodolni128[1].aac.m3u
[2010.04.22 20:28:10 | 000,085,993 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\r145.rtf
[2010.04.19 09:27:56 | 000,000,383 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\Radio Stodolní.url
[2010.04.19 08:12:22 | 000,010,841 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\eatgreens.jpg
[2010.04.19 07:16:35 | 000,029,778 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\image027.jpg
[2010.04.19 07:16:29 | 000,034,877 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\image026.jpg
[2010.04.19 03:20:35 | 000,000,198 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3-256-ogg.pls
[2010.04.19 03:19:10 | 000,000,563 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3-192.asx
[2010.04.19 03:17:35 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3_lowmp3.m3u
[2010.04.19 03:17:24 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3_high.mp3 (1).m3u
[2010.04.19 03:16:17 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3_high.mp3.m3u
[2010.04.14 18:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010.04.14 18:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.04.14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.04.14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.04.14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.04.14 18:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.04.14 18:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.04.14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.04.14 18:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.04.14 09:33:08 | 000,166,075 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX3_resize.jpg
[2010.04.14 09:33:07 | 000,112,375 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX2_resize.jpg
[2010.04.14 09:33:06 | 000,129,003 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX1_resize.jpg
[2010.04.14 09:30:26 | 000,853,305 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX1.jpg
[2010.04.14 09:29:51 | 000,767,429 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX2.jpg
[2010.04.14 09:29:06 | 001,093,022 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX3.jpg
[2010.04.14 09:23:12 | 000,250,880 | ---- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.13 02:54:41 | 000,921,922 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.13 02:54:41 | 000,393,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.13 02:54:41 | 000,390,672 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.04.13 02:54:41 | 000,069,024 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.04.13 02:54:41 | 000,058,988 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.07 10:52:33 | 000,005,008 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\ml.rtf
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.04.29 18:40:06 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ncmtro.sys
[2010.04.29 18:14:00 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ncikh.sys
[2010.04.29 17:02:19 | 000,176,758 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\How to remove ave.exe (ave.exe Removal) Malware Help. Org.htm
[2010.04.29 16:59:23 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\opsxds.sys
[2010.04.28 20:02:21 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.04.28 17:55:41 | 000,001,074 | ---- | C] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_175539.reg
[2010.04.28 17:40:47 | 000,001,142 | ---- | C] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_174046.reg
[2010.04.28 17:34:58 | 000,009,994 | -HS- | C] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\sWj5YKqA
[2010.04.28 17:34:58 | 000,009,994 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\sWj5YKqA
[2010.04.28 15:26:28 | 000,000,578 | ---- | C] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_152626.reg
[2010.04.28 15:15:20 | 000,009,400 | -HS- | C] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\1211944673
[2010.04.28 15:15:20 | 000,009,400 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\1211944673
[2010.04.28 13:53:33 | 000,000,412 | ---- | C] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_135329.reg
[2010.04.28 13:37:46 | 000,221,184 | -HS- | C] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\ave.exe
[2010.04.28 13:37:46 | 000,009,392 | -HS- | C] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\Nae6FtA
[2010.04.28 12:13:35 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2010.04.28 10:44:43 | 000,009,392 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\Nae6FtA
[2010.04.27 17:37:54 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Data aplikací\wzmjhy.dat
[2010.04.25 09:14:51 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\stodolni128[1].aac.m3u
[2010.04.22 20:28:10 | 000,085,993 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\r145.rtf
[2010.04.19 09:27:56 | 000,000,383 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\Radio Stodolní.url
[2010.04.19 08:12:22 | 000,010,841 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\eatgreens.jpg
[2010.04.19 07:16:34 | 000,029,778 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\image027.jpg
[2010.04.19 07:16:29 | 000,034,877 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\image026.jpg
[2010.04.19 03:20:35 | 000,000,198 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\cro3-256-ogg.pls
[2010.04.19 03:19:10 | 000,000,563 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\cro3-192.asx
[2010.04.19 03:17:35 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\cro3_lowmp3.m3u
[2010.04.19 03:17:23 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\cro3_high.mp3 (1).m3u
[2010.04.14 09:33:07 | 000,166,075 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\dubFX3_resize.jpg
[2010.04.14 09:33:06 | 000,112,375 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\dubFX2_resize.jpg
[2010.04.14 09:33:05 | 000,129,003 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\dubFX1_resize.jpg
[2010.04.14 09:30:23 | 000,853,305 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\dubFX1.jpg
[2010.04.14 09:29:51 | 000,767,429 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\dubFX2.jpg
[2010.04.14 09:29:06 | 001,093,022 | ---- | C] () -- C:\Documents and Settings\jaa\Plocha\dubFX3.jpg
[2010.04.07 10:52:33 | 000,005,008 | ---- | C] () -- C:\Documents and Settings\jaa\Dokumenty\ml.rtf
[2010.02.05 05:57:00 | 000,000,737 | ---- | C] () -- C:\WINDOWS\XMLEditor3.INI
[2009.09.30 18:22:46 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.07.22 07:03:13 | 000,000,042 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2009.07.22 01:14:30 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004.08.17 15:49:10 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004.07.17 11:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002.03.21 14:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[1999.08.12 00:00:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1999.08.12 00:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1999.08.12 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1999.08.12 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
========== LOP Check ==========
[2009.07.28 13:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
[2010.04.28 12:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.04.28 10:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avG
[2009.11.09 05:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Boss Media
[2009.10.05 20:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.08.24 21:33:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2009.07.28 14:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\ACD Systems
[2010.04.14 09:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Facebook
[2009.07.27 20:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Foxit
[2009.07.22 07:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Opera
[2009.07.23 03:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\streamripper
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
< c:\windows\*.* /U >
[3 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009.07.28 14:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\ACD Systems
[2009.07.22 03:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Adobe
[2010.03.20 23:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\dvdcss
[2010.04.14 09:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Facebook
[2009.07.27 20:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Foxit
[2009.07.23 00:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Help
[2009.07.22 00:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Identities
[2009.07.22 03:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Macromedia
[2010.04.28 20:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Malwarebytes
[2009.10.23 02:09:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\jaa\Data aplikací\Microsoft
[2009.07.22 07:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Opera
[2009.07.23 03:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\streamripper
[2009.07.22 22:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Sun
[2010.04.28 12:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\vlc
[2009.07.29 09:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Winamp
[2009.07.24 07:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\WinRAR
< %APPDATA%\*.exe /s >
[2010.04.14 09:34:44 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Documents and Settings\jaa\Data aplikací\Facebook\uninstall.exe
[2009.07.22 03:18:27 | 001,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\jaa\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: CDROM.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.03 22:59:08 | 000,081,280 | ---- | M] (Microsoft Corporation) MD5=4AF58CA3425F28FC5E3DB47DC122F722 -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2001.10.25 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\drivers\tcpip.sys
< MD5 for: USERINIT.EXE >
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009.07.22 02:12:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.07.22 02:12:05 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.07.22 02:12:05 | 000,450,560 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
[2010.04.29 20:25:29 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\ibgeg.sys
[2010.04.29 18:14:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\ncikh.sys
[2010.04.29 18:40:06 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\ncmtro.sys
[2010.04.29 16:59:23 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\opsxds.sys
< %systemroot%\system32\*.* /3 >
[2010.04.28 12:13:30 | 000,002,553 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2010.04.28 15:02:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\jaa\Plocha\Zobrazit plochu.scf:SummaryInformation
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:63238B95
< End of report >
[2010.04.29 20:26:07 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\jaa\ntuser.dat.LOG
[2010.04.29 20:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Plocha
[2010.04.29 20:25:29 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ibgeg.sys
[2010.04.29 20:11:18 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jaa\Plocha\OTL.exe
[2010.04.29 20:05:56 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\jaa\Recent
[2010.04.29 19:51:05 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\jaa\ntuser.dat
[2010.04.29 18:40:06 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ncmtro.sys
[2010.04.29 18:24:55 | 000,000,000 | ---D | M] -- C:\Program Files\trend micro
[2010.04.29 18:14:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ncikh.sys
[2010.04.29 18:10:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\jaa\Cookies
[2010.04.29 17:02:22 | 000,176,758 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\How to remove ave.exe (ave.exe Removal) Malware Help. Org.htm
[2010.04.29 16:59:23 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\opsxds.sys
[2010.04.29 16:58:53 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\jaa\Data aplikací
[2010.04.28 20:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Malwarebytes
[2010.04.28 20:02:23 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.04.28 20:02:21 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.04.28 20:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Plocha
[2010.04.28 20:02:15 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Data aplikací
[2010.04.28 20:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.04.28 17:56:04 | 000,001,074 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_175539.reg
[2010.04.28 17:55:42 | 000,000,000 | R--D | M] -- C:\Documents and Settings\jaa\Dokumenty
[2010.04.28 17:40:53 | 000,001,142 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_174046.reg
[2010.04.28 17:37:01 | 000,009,994 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\sWj5YKqA
[2010.04.28 17:37:01 | 000,009,994 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\sWj5YKqA
[2010.04.28 17:34:58 | 000,221,184 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\ave.exe
[2010.04.28 17:34:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jaa\Šablony
[2010.04.28 17:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\xmlie64
[2010.04.28 17:13:12 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\ACDSee 6.0.lnk
[2010.04.28 16:37:48 | 000,009,392 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\Nae6FtA
[2010.04.28 16:37:48 | 000,009,392 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\Nae6FtA
[2010.04.28 15:39:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.28 15:39:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.28 15:38:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\jaa\ntuser.ini
[2010.04.28 15:38:27 | 005,852,574 | ---- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\IconCache.db
[2010.04.28 15:26:32 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_152626.reg
[2010.04.28 15:15:20 | 000,009,400 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\1211944673
[2010.04.28 15:15:20 | 000,009,400 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\1211944673
[2010.04.28 15:02:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.28 13:53:34 | 000,000,412 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_135329.reg
[2010.04.28 12:13:35 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2010.04.28 12:13:30 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.04.28 12:13:05 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Microsoft Shared
[2010.04.28 12:12:19 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2010.04.28 12:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.04.28 12:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\vlc
[2010.04.28 10:46:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Data aplikací\Microsoft
[2010.04.28 10:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\Microsoft
[2010.04.28 10:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\avG
[2010.04.28 10:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avG
[2010.04.27 17:37:54 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\NetworkService\Data aplikací\wzmjhy.dat
[2010.04.27 04:47:12 | 001,948,086 | ---- | M] () -- C:\WINDOWS\ACD Wallpaper.bmp
[2010.04.25 09:14:52 | 000,000,045 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\stodolni128[1].aac.m3u
[2010.04.22 20:28:10 | 000,085,993 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\r145.rtf
[2010.04.19 09:27:56 | 000,000,383 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\Radio Stodolní.url
[2010.04.19 08:12:22 | 000,010,841 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\eatgreens.jpg
[2010.04.19 07:16:35 | 000,029,778 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\image027.jpg
[2010.04.19 07:16:29 | 000,034,877 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\image026.jpg
[2010.04.19 03:20:35 | 000,000,198 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3-256-ogg.pls
[2010.04.19 03:19:10 | 000,000,563 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3-192.asx
[2010.04.19 03:17:35 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3_lowmp3.m3u
[2010.04.19 03:17:24 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3_high.mp3 (1).m3u
[2010.04.19 03:16:17 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3_high.mp3.m3u
[2010.04.14 18:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010.04.14 18:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.04.14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.04.14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.04.14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.04.14 18:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.04.14 18:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.04.14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.04.14 18:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.04.14 09:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Facebook
[2010.04.14 09:33:08 | 000,166,075 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX3_resize.jpg
[2010.04.14 09:33:07 | 000,112,375 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX2_resize.jpg
[2010.04.14 09:33:06 | 000,129,003 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX1_resize.jpg
[2010.04.14 09:30:26 | 000,853,305 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX1.jpg
[2010.04.14 09:29:51 | 000,767,429 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX2.jpg
[2010.04.14 09:29:06 | 001,093,022 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX3.jpg
[2010.04.14 09:23:12 | 000,250,880 | ---- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.13 02:54:41 | 000,921,922 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.13 02:54:41 | 000,393,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.13 02:54:41 | 000,390,672 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.04.13 02:54:41 | 000,069,024 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.04.13 02:54:41 | 000,058,988 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.07 10:52:33 | 000,005,008 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\ml.rtf
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.04.29 20:25:29 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ibgeg.sys
[2010.04.29 20:11:18 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jaa\Plocha\OTL.exe
[2010.04.29 19:51:05 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\jaa\ntuser.dat
[2010.04.29 18:40:06 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ncmtro.sys
[2010.04.29 18:14:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ncikh.sys
[2010.04.29 17:02:22 | 000,176,758 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\How to remove ave.exe (ave.exe Removal) Malware Help. Org.htm
[2010.04.29 16:59:23 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\opsxds.sys
[2010.04.28 20:02:21 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.04.28 17:56:04 | 000,001,074 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_175539.reg
[2010.04.28 17:40:53 | 000,001,142 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_174046.reg
[2010.04.28 17:37:01 | 000,009,994 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\sWj5YKqA
[2010.04.28 17:37:01 | 000,009,994 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\sWj5YKqA
[2010.04.28 17:34:58 | 000,221,184 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\ave.exe
[2010.04.28 17:13:12 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\ACDSee 6.0.lnk
[2010.04.28 16:37:48 | 000,009,392 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\Nae6FtA
[2010.04.28 16:37:48 | 000,009,392 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\Nae6FtA
[2010.04.28 15:39:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.28 15:39:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.28 15:38:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\jaa\ntuser.ini
[2010.04.28 15:38:27 | 005,852,574 | ---- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\IconCache.db
[2010.04.28 15:26:32 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_152626.reg
[2010.04.28 15:15:20 | 000,009,400 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\1211944673
[2010.04.28 15:15:20 | 000,009,400 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\1211944673
[2010.04.28 15:02:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.28 13:53:34 | 000,000,412 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\cc_20100428_135329.reg
[2010.04.28 12:13:35 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2010.04.28 12:13:30 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.04.27 04:47:12 | 001,948,086 | ---- | M] () -- C:\WINDOWS\ACD Wallpaper.bmp
[2010.04.25 09:14:52 | 000,000,045 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\stodolni128[1].aac.m3u
[2010.04.22 20:28:10 | 000,085,993 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\r145.rtf
[2010.04.19 09:27:56 | 000,000,383 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\Radio Stodolní.url
[2010.04.19 08:12:22 | 000,010,841 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\eatgreens.jpg
[2010.04.19 07:16:35 | 000,029,778 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\image027.jpg
[2010.04.19 07:16:29 | 000,034,877 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\image026.jpg
[2010.04.19 03:20:35 | 000,000,198 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3-256-ogg.pls
[2010.04.19 03:19:10 | 000,000,563 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3-192.asx
[2010.04.19 03:17:35 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3_lowmp3.m3u
[2010.04.19 03:17:24 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3_high.mp3 (1).m3u
[2010.04.19 03:16:17 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\cro3_high.mp3.m3u
[2010.04.14 18:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010.04.14 18:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.04.14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.04.14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.04.14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.04.14 18:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.04.14 18:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.04.14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.04.14 18:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.04.14 09:33:08 | 000,166,075 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX3_resize.jpg
[2010.04.14 09:33:07 | 000,112,375 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX2_resize.jpg
[2010.04.14 09:33:06 | 000,129,003 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX1_resize.jpg
[2010.04.14 09:30:26 | 000,853,305 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX1.jpg
[2010.04.14 09:29:51 | 000,767,429 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX2.jpg
[2010.04.14 09:29:06 | 001,093,022 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\dubFX3.jpg
[2010.04.14 09:23:12 | 000,250,880 | ---- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.13 02:54:41 | 000,921,922 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.13 02:54:41 | 000,393,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.13 02:54:41 | 000,390,672 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.04.13 02:54:41 | 000,069,024 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.04.13 02:54:41 | 000,058,988 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.07 10:52:33 | 000,005,008 | ---- | M] () -- C:\Documents and Settings\jaa\Dokumenty\ml.rtf
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
Re: opravuji problemy po ave.exe, bojim se zatim restartu
========== LOP Check ==========
[2009.07.28 13:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
[2010.04.28 12:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.04.28 10:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avG
[2009.11.09 05:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Boss Media
[2009.10.05 20:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.08.24 21:33:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2009.07.28 14:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\ACD Systems
[2010.04.14 09:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Facebook
[2009.07.27 20:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Foxit
[2009.07.22 07:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Opera
[2009.07.23 03:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\streamripper
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
< c:\windows\*.* /U >
[3 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009.07.28 14:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\ACD Systems
[2009.07.22 03:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Adobe
[2010.03.20 23:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\dvdcss
[2010.04.14 09:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Facebook
[2009.07.27 20:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Foxit
[2009.07.23 00:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Help
[2009.07.22 00:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Identities
[2009.07.22 03:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Macromedia
[2010.04.28 20:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Malwarebytes
[2009.10.23 02:09:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\jaa\Data aplikací\Microsoft
[2009.07.22 07:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Opera
[2009.07.23 03:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\streamripper
[2009.07.22 22:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Sun
[2010.04.28 12:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\vlc
[2009.07.29 09:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Winamp
[2009.07.24 07:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\WinRAR
< %APPDATA%\*.exe /s >
[2010.04.14 09:34:44 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Documents and Settings\jaa\Data aplikací\Facebook\uninstall.exe
[2009.07.22 03:18:27 | 001,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\jaa\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: CDROM.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.03 22:59:08 | 000,081,280 | ---- | M] (Microsoft Corporation) MD5=4AF58CA3425F28FC5E3DB47DC122F722 -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2001.10.25 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\drivers\tcpip.sys
< MD5 for: USERINIT.EXE >
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009.07.22 02:12:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.07.22 02:12:05 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.07.22 02:12:05 | 000,450,560 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
[2010.04.29 20:25:29 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\ibgeg.sys
[2010.04.29 18:14:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\ncikh.sys
[2010.04.29 18:40:06 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\ncmtro.sys
[2010.04.29 16:59:23 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\opsxds.sys
< %systemroot%\system32\*.* /3 >
[2010.04.28 12:13:30 | 000,002,553 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2010.04.28 15:02:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\QIP Infium JadrisPack\infium.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\jaa\Plocha\Zobrazit plochu.scf:SummaryInformation
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:63238B95
< End of report >
[2009.07.28 13:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
[2010.04.28 12:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.04.28 10:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avG
[2009.11.09 05:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Boss Media
[2009.10.05 20:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.08.24 21:33:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2009.07.28 14:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\ACD Systems
[2010.04.14 09:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Facebook
[2009.07.27 20:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Foxit
[2009.07.22 07:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Opera
[2009.07.23 03:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\streamripper
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
< c:\windows\*.* /U >
[3 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009.07.28 14:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\ACD Systems
[2009.07.22 03:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Adobe
[2010.03.20 23:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\dvdcss
[2010.04.14 09:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Facebook
[2009.07.27 20:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Foxit
[2009.07.23 00:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Help
[2009.07.22 00:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Identities
[2009.07.22 03:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Macromedia
[2010.04.28 20:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Malwarebytes
[2009.10.23 02:09:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\jaa\Data aplikací\Microsoft
[2009.07.22 07:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Opera
[2009.07.23 03:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\streamripper
[2009.07.22 22:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Sun
[2010.04.28 12:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\vlc
[2009.07.29 09:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\Winamp
[2009.07.24 07:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaa\Data aplikací\WinRAR
< %APPDATA%\*.exe /s >
[2010.04.14 09:34:44 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Documents and Settings\jaa\Data aplikací\Facebook\uninstall.exe
[2009.07.22 03:18:27 | 001,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\jaa\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: CDROM.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.03 22:59:08 | 000,081,280 | ---- | M] (Microsoft Corporation) MD5=4AF58CA3425F28FC5E3DB47DC122F722 -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2001.10.25 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\drivers\tcpip.sys
< MD5 for: USERINIT.EXE >
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009.07.22 02:12:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.07.22 02:12:05 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.07.22 02:12:05 | 000,450,560 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
[2010.04.29 20:25:29 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\ibgeg.sys
[2010.04.29 18:14:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\ncikh.sys
[2010.04.29 18:40:06 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\ncmtro.sys
[2010.04.29 16:59:23 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\opsxds.sys
< %systemroot%\system32\*.* /3 >
[2010.04.28 12:13:30 | 000,002,553 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2010.04.28 15:02:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\QIP Infium JadrisPack\infium.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\jaa\Plocha\Zobrazit plochu.scf:SummaryInformation
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:63238B95
< End of report >
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: opravuji problemy po ave.exe, bojim se zatim restartu
Spusťte OTL a do spodního okna vložte následující skript.
Kód: Vybrat vše
:OTL
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O9 - Extra Button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm File not found
O9 - Extra 'Tools' menuitem : StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O32 - Unable to open key or key not present!
O37 - HKU\S-1-5-21-1801674531-854245398-1343024091-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2010.04.29 17:02:22 | 000,176,758 | ---- | M] () -- C:\Documents and Settings\jaa\Plocha\How to remove ave.exe (ave.exe Removal) Malware Help. Org.htm
[2010.04.28 17:37:01 | 000,009,994 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\sWj5YKqA
[2010.04.28 17:37:01 | 000,009,994 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\sWj5YKqA
[2010.04.28 17:34:58 | 000,221,184 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\ave.exe
[2010.04.28 16:37:48 | 000,009,392 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\Nae6FtA
[2010.04.28 16:37:48 | 000,009,392 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\Nae6FtA
[2010.04.28 15:15:20 | 000,009,400 | -HS- | M] () -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\1211944673
[2010.04.28 15:15:20 | 000,009,400 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\1211944673
[2010.04.27 17:37:54 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Data aplikací\wzmjhy.dat
@Alternate Data Stream - 88 bytes -> C:\QIP Infium JadrisPack\infium.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\jaa\Plocha\Zobrazit plochu.scf:SummaryInformation
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:63238B95
[2010.04.29 20:25:29 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\ibgeg.sys
[2010.04.29 18:14:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\ncikh.sys
[2010.04.29 18:40:06 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\ncmtro.sys
[2010.04.29 16:59:23 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\opsxds.sys
[2010.04.28 17:34:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaa\Local Settings\Data aplikací\xmlie64
:Commands
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]
Přispějete na provoz fóra?