OTL logfile created on: 7.11.2012 11:55:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jirka\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
511,48 Mb Total Physical Memory | 132,67 Mb Available Physical Memory | 25,94% Memory free
1,22 Gb Paging File | 0,91 Gb Available in Paging File | 74,55% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 13,56 Gb Free Space | 46,29% Space Free | Partition Type: NTFS
Drive D: | 45,23 Gb Total Space | 19,53 Gb Free Space | 43,19% Space Free | Partition Type: NTFS
Computer Name: COMPUTER | User Name: Jirka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.11.07 11:51:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jirka\Plocha\OTL.exe
PRC - [2012.10.24 08:04:59 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.09.04 19:59:54 | 000,069,632 | ---- | M] () -- C:\Program Files\LifeView DTV\RemoteControl.exe
========== Modules (No Company Name) ==========
MOD - [2012.10.24 08:04:57 | 000,460,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.96\ppgooglenaclpluginchrome.dll
MOD - [2012.10.24 08:04:55 | 012,435,992 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.96\PepperFlash\pepflashplayer.dll
MOD - [2012.10.24 08:04:54 | 004,005,912 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.96\pdf.dll
MOD - [2012.10.24 08:03:25 | 000,156,712 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.96\avutil-51.dll
MOD - [2012.10.24 08:03:24 | 000,275,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.96\avformat-54.dll
MOD - [2012.10.24 08:03:23 | 002,168,360 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.96\avcodec-54.dll
MOD - [2008.04.14 07:51:48 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.01.11 10:19:40 | 000,090,112 | ---- | M] () -- C:\Program Files\LifeView DTV\LVDevMan.dll
MOD - [2006.09.04 19:59:54 | 000,069,632 | ---- | M] () -- C:\Program Files\LifeView DTV\RemoteControl.exe
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.11.05 08:17:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.11.28 18:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.11.28 18:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008.04.14 08:40:52 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007.01.31 12:47:02 | 000,834,816 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVHybrid.sys -- (AVHybrid)
DRV - [2004.03.08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003.12.23 18:33:00 | 000,316,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce)
DRV - [2003.12.23 18:33:00 | 000,040,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax)
DRV - [2003.03.19 15:51:00 | 000,018,688 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2002.11.27 20:52:00 | 000,080,896 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.com/results.aspx?q={ ... rer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-57989841-515967899-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ie
IE - HKU\S-1-5-21-57989841-515967899-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.com
IE - HKU\S-1-5-21-57989841-515967899-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.seznam.cz/
IE - HKU\S-1-5-21-57989841-515967899-1177238915-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-57989841-515967899-1177238915-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-57989841-515967899-1177238915-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={searchT ... PB_enCZ353
IE - HKU\S-1-5-21-57989841-515967899-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "
http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons:
wrc@avast.com:6.0.1367
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\
wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.07 08:47:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.04 21:18:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.04 18:01:56 | 000,000,000 | ---D | M]
[2009.11.15 15:10:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jirka\Data aplikací\Mozilla\Extensions
[2012.11.05 11:42:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\nwa4dkd5.default\extensions
[2011.03.11 15:35:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\nwa4dkd5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.10.30 16:00:29 | 000,672,576 | ---- | M] () (No name found) -- C:\Documents and Settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\nwa4dkd5.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi
[2012.11.04 21:18:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.11.07 08:47:41 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.10.03 18:25:08 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.23 16:36:33 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
========== Chrome ==========
CHR - homepage:
http://www.seznam.cz/
CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url =
http://websearch.ask.com/redirect?clien ... earchTerms}
CHR - default_search_provider: suggest_url =
http://ss.websearch.ask.com/query?qsrc= ... earchTerms}
CHR - homepage:
http://www.seznam.cz/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Jirka\Local Settings\Data aplikac\u00ED\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: QuickTime Plug-in 7.0.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.0.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.0.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.0.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.0.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.0.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.0.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Jirka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Documents and Settings\Jirka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Jirka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012.11.06 13:22:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-57989841-515967899-1177238915-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-57989841-515967899-1177238915-1003\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DTVRemote] C:\Program Files\LifeView DTV\RemoteControl.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57989841-515967899-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/pub/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78E0B08A-3CF4-4565-AF3C-53DFDDB13D31}: DhcpNameServer = 192.168.11.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jirka\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jirka\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.11.12 10:14:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\Pvmjpg21.dll (Pegasus Imaging Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2012.11.07 11:51:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jirka\Plocha\OTL.exe
[2012.11.07 09:30:53 | 004,997,488 | ---- | C] (Swearware) -- C:\Documents and Settings\Jirka\Plocha\ComboFix.exe
[2012.11.07 08:49:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.11.07 08:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.11.07 08:21:52 | 000,329,088 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jirka\Plocha\aswclear.exe
[2012.11.06 13:28:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER(2)
[2012.11.06 13:25:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012.11.06 13:09:57 | 000,000,000 | ---D | C] -- C:\cmdcons(3)
[2012.11.06 11:44:44 | 000,000,000 | ---D | C] -- C:\cmdcons(2)
[2012.11.06 11:38:25 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012.11.06 11:24:35 | 000,000,000 | ---D | C] -- C:\ComboFix(2)
[2012.11.06 09:45:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.06 09:41:08 | 000,000,000 | ---D | C] -- C:\## aswSnx private storage
[2012.11.06 09:38:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012.11.05 11:38:08 | 000,000,000 | ---D | C] -- C:\_OTM
[2012.11.05 11:34:50 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jirka\Plocha\OTM.exe
[2012.11.05 08:14:48 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.11.05 08:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jirka\Data aplikací\Malwarebytes
[2012.11.05 08:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2012.11.05 07:52:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2012.11.04 19:29:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012.11.04 18:12:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jirka\Local Settings\Data aplikací\APN
[2012.11.04 18:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jirka\Local Settings\Data aplikací\AskToolbar
[2012.11.04 12:59:41 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.11.04 12:59:25 | 000,000,000 | ---D | C] -- C:\rsit
[2012.11.04 12:53:05 | 000,275,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012.11.04 12:53:05 | 000,017,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012.10.30 18:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Microsoft Silverlight
[2012.10.30 18:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.10.30 17:05:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Chrome
[2012.10.19 10:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jirka\Plocha\jizerka
[2009.11.29 17:39:38 | 000,005,936 | ---- | C] (MCCI) -- C:\Documents and Settings\Jirka\mqdmwhnt.sys
[2009.11.29 17:39:37 | 000,079,328 | ---- | C] (MCCI) -- C:\Documents and Settings\Jirka\mqdmserd.sys
[2009.11.29 17:39:36 | 000,092,064 | ---- | C] (MCCI) -- C:\Documents and Settings\Jirka\mqdmmdm.sys
[2009.11.29 17:39:36 | 000,009,232 | ---- | C] (MCCI) -- C:\Documents and Settings\Jirka\mqdmmdfl.sys
[2009.11.29 17:39:36 | 000,004,048 | ---- | C] (MCCI) -- C:\Documents and Settings\Jirka\mqdmcr.sys
[2009.11.29 17:39:35 | 000,066,656 | ---- | C] (MCCI) -- C:\Documents and Settings\Jirka\mqdmbus.sys
[2009.11.29 17:39:35 | 000,006,208 | ---- | C] (MCCI) -- C:\Documents and Settings\Jirka\mqdmcmnt.sys
[2009.11.29 17:39:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Jirka\usbsermptxp.sys
[2009.11.29 17:39:34 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Jirka\usbsermpt.sys
========== Files - Modified Within 30 Days ==========
[2012.11.07 11:56:56 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.11.07 11:52:37 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Jirka\Plocha\SystemLook.exe
[2012.11.07 11:51:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jirka\Plocha\OTL.exe
[2012.11.07 08:50:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.11.07 08:50:15 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.07 08:42:05 | 000,002,504 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.11.06 13:22:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.11.06 13:03:44 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.11.06 13:00:53 | 000,000,229 | ---- | M] () -- C:\Boot.bak
[2012.11.06 09:36:55 | 004,997,488 | ---- | M] (Swearware) -- C:\Documents and Settings\Jirka\Plocha\ComboFix.exe
[2012.11.05 11:34:30 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jirka\Plocha\OTM.exe
[2012.11.05 08:17:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.11.04 21:41:48 | 000,540,977 | ---- | M] () -- C:\Documents and Settings\Jirka\Plocha\adwcleaner.exe
[2012.11.04 14:18:47 | 000,329,088 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jirka\Plocha\aswclear.exe
[2012.11.04 12:58:51 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Jirka\Plocha\RSIT.exe
[2012.11.04 12:51:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.10.30 18:08:39 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012.10.30 17:39:57 | 096,814,416 | ---- | M] () -- C:\Documents and Settings\Jirka\Plocha\avast_free_antivirus_setup.exe
[2012.10.30 17:06:01 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\Jirka\Plocha\Google Chrome.lnk
[2012.10.30 15:49:46 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.10.30 15:49:46 | 000,429,172 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2012.10.30 15:49:46 | 000,078,278 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2012.10.30 15:49:46 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.10.12 09:51:18 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.10.12 09:51:18 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.10.12 08:06:51 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
========== Files Created - No Company Name ==========
[2012.11.07 11:56:56 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.11.07 11:52:54 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Jirka\Plocha\SystemLook.exe
[2012.11.07 08:50:15 | 536,399,872 | -HS- | C] () -- C:\hiberfil.sys
[2012.11.06 11:44:49 | 000,000,229 | ---- | C] () -- C:\Boot.bak
[2012.11.06 10:11:23 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2012.11.04 21:42:18 | 000,540,977 | ---- | C] () -- C:\Documents and Settings\Jirka\Plocha\adwcleaner.exe
[2012.11.04 21:12:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.11.04 12:58:43 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Jirka\Plocha\RSIT.exe
[2012.10.30 18:08:39 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012.10.30 17:38:07 | 096,814,416 | ---- | C] () -- C:\Documents and Settings\Jirka\Plocha\avast_free_antivirus_setup.exe
[2012.10.30 17:06:01 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\Jirka\Plocha\Google Chrome.lnk
[2012.02.23 16:22:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010.09.15 08:03:08 | 000,002,346 | ---- | C] () -- C:\Documents and Settings\Jirka\Data aplikací\mdbu.bin
[2009.11.29 17:39:35 | 000,009,913 | ---- | C] () -- C:\Documents and Settings\Jirka\MCCI_MDM.INF
[2009.11.29 17:39:35 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Jirka\USB_MOT_BRIT.INF
[2009.11.29 17:39:35 | 000,006,989 | ---- | C] () -- C:\Documents and Settings\Jirka\MCCI_BUS.INF
[2009.11.29 17:39:35 | 000,004,477 | ---- | C] () -- C:\Documents and Settings\Jirka\MCCI_SDM.INF
[2009.11.29 17:39:34 | 000,007,201 | ---- | C] () -- C:\Documents and Settings\Jirka\USBMOT2000.INF
[2009.11.29 17:39:34 | 000,006,141 | ---- | C] () -- C:\Documents and Settings\Jirka\USBMOT2000XP.INF
[2009.11.29 17:39:34 | 000,005,960 | ---- | C] () -- C:\Documents and Settings\Jirka\USB_MOT_A1000.INF
[2009.11.29 17:39:34 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Jirka\USB_CMCS_2000.INF
[2009.11.16 22:35:28 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Jirka\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.13 17:55:17 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
========== ZeroAccess Check ==========
[2010.12.13 21:21:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009.09.25 06:37:33 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 07:52:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.11.07 08:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2009.11.29 15:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ashampoo
[2010.09.15 08:29:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2010.09.15 21:35:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJEGV
[2010.09.16 08:46:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJScan
[2009.11.29 15:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\page
[2009.11.29 15:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Ashampoo
[2010.09.16 08:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Canon
[2010.09.15 08:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Canon Easy-WebPrint EX
[2009.11.15 15:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\GHISLER
[2011.10.26 10:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Happy Foto
[2009.12.26 11:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\OLYMPUS
[2009.12.06 22:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\OpenOffice.org
[2011.10.26 09:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\XnView
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009.11.12 10:12:37 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2009.11.12 10:19:55 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
< >
< MD5 for: AGP440.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 07:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 07:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\dllcache\autochk.exe
< MD5 for: CDROM.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2008.04.14 07:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 07:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 07:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 07:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.13 23:01:30 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 06:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2008.04.14 07:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 07:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008.04.14 07:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 07:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2008.04.14 07:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 07:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.13 23:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008.04.14 07:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 07:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< >
< %systemroot%*.* /U /s >
[20 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[4 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\IP1500\*.tmp files -> C:\WINDOWS\IP1500\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009.11.15 15:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Adobe
[2009.11.25 10:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Apple Computer
[2009.11.29 15:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Ashampoo
[2010.09.16 08:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Canon
[2010.09.15 08:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Canon Easy-WebPrint EX
[2009.11.12 15:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\ESTsoft
[2009.11.15 15:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\GHISLER
[2009.11.12 15:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Google
[2011.10.26 10:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Happy Foto
[2009.11.22 13:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Help
[2009.11.12 10:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Identities
[2009.11.15 15:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Macromedia
[2012.11.05 08:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Malwarebytes
[2012.01.03 12:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Media Player Classic
[2010.12.09 11:55:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Jirka\Data aplikací\Microsoft
[2009.11.15 15:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Mozilla
[2009.11.29 13:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Nero
[2009.12.26 11:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\OLYMPUS
[2009.12.06 22:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\OpenOffice.org
[2010.06.29 19:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Sun
[2011.10.26 09:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\XnView
< %APPDATA%\*.exe /s >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2002.01.01 02:37:29 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2002.01.01 02:37:29 | 001,093,632 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2002.01.01 02:37:29 | 000,487,424 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
[2012.11.05 08:17:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
< %systemroot%\system32\*.* /3 >
[2012.11.07 08:42:05 | 000,002,504 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2012.11.06 13:03:44 | 000,000,664 | ---- | M] () -- C:\WINDOWS\system32\d3d9caps.dat
[2012.11.04 18:02:27 | 000,004,078 | ---- | M] () -- C:\WINDOWS\system32\jupdate-1.7.0_09-b05.log
[2012.11.04 20:56:59 | 000,005,120 | -HS- | M] () -- C:\WINDOWS\system32\Thumbs.db
[2012.11.04 12:51:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 07:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< >
< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.11.07 11:56:56 | 000,000,512 | ---- | M] () MD5=C809170658D30C30185FD0E87F7A9DE4 -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2010.02.21 09:13:28 | 001,058,916 | ---- | M] () -- \Documents and Settings\Jirka\Local Settings\Data aplikací\MyAshampoo\Rss\http___crackle_com_rss_media_sxsw_featured_rss.xml
[2010.02.21 09:13:29 | 000,011,388 | ---- | M] () -- \Documents and Settings\Jirka\Local Settings\Data aplikací\MyAshampoo\Rss\http___crackle_com_rss_media_sxsw_featured_rss_structured.xml
[2012.06.19 10:47:37 | 144,618,012 | ---- | M] () -- \Documents and Settings\Jirka\Plocha\WGA crack.zip
[2010.05.27 09:23:26 | 000,000,819 | ---- | M] () -- \Documents and Settings\Jirka\Recent\WGA crack.lnk
< *keygen* /s >
< *loader* /s >
[2001.01.16 06:55:36 | 000,053,248 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7Debug\coloader.dll
[2001.01.16 04:22:34 | 000,002,560 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7Debug\coloader.tlb
[2008.10.05 14:17:34 | 000,006,308 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.py
[2008.10.04 23:00:58 | 000,015,872 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2008.10.05 15:02:04 | 000,000,171 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2008.10.04 16:50:10 | 000,021,504 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2008.10.04 22:22:34 | 000,003,871 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\java\unoloader.jar
[2006.04.18 05:51:06 | 000,007,944 | ---- | M] () -- \USB-Digital-TV-Receiver\bda_loader_225.cat
[2006.04.11 07:12:58 | 000,001,533 | ---- | M] () -- \USB-Digital-TV-Receiver\BDA_Loader_225.inf
[2006.04.11 07:32:26 | 000,018,816 | ---- | M] () -- \USB-Digital-TV-Receiver\BDA_Loader_225.sys
[2008.04.14 07:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2008.04.14 07:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dllcache\dmloader.dll
< *minodlogin* /s >
< *tnod* /s >
< *AutoKMS* /s >
< *activator* /s >
< *serial* /s >
[2004.08.17 15:44:16 | 000,030,301 | ---- | M] () -- \cmdcons(2)\SERIAL.SY_
[2004.08.17 15:44:16 | 000,030,301 | ---- | M] () -- \cmdcons(3)\SERIAL.SY_
[2012.03.29 06:01:00 | 000,413,696 | ---- | M] () -- \Program Files\Microsoft Silverlight\4.1.10329.0\System.Runtime.Serialization.dll
[2012.10.30 18:16:07 | 001,186,816 | ---- | M] () -- \Program Files\Microsoft Silverlight\4.1.10329.0\System.Runtime.Serialization.ni.dll
[2010.04.07 23:48:30 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2012.06.19 09:52:09 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010.12.19 18:12:56 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2012.05.20 08:17:44 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll
[2012.05.20 08:22:37 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a644ec04e18202b60f9d828bc207972b\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2008.07.25 07:08:04 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010.04.07 23:48:30 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2001.10.25 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2001.10.25 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[2001.10.25 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2001.10.25 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2008.04.14 06:51:10 | 000,064,256 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys
< *w7lxe* /s >
< End of report >
Kolegu jeste napadlo toto
Udelejte to opet v nouzovem rezimu
Přispějete na provoz fóra?