Prosim o kontrolu PC, je pomale . dlho sa s nim nic nerobilo, vkladam log z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Kalypso real at 2012-04-23 09:51:07
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 774 MB (4%) free of 20 GB
Total RAM: 1022 MB (3% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:51:24, on 23.4.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SynTPE.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Opera\opera.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Documents and Settings\Kalypso real\Desktop\RSIT.exe
C:\Program Files\trend micro\Kalypso real.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2475029
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: MyAshampoo - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SynTPE.exe] C:\Program Files\SynTPE.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Previesť cieľ odkazu do formátu Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Previesť do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Pridať cieľ odkazu do existujúceho súboru PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Pridať do existujúceho súboru PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/syst ... ysinfo.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/KALYPS~1/LOCALS~1/Temp/msohtml1/01/clip_image001.gif
--
End of file - 7376 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08 202144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
MyAshampoo Toolbar - C:\Program Files\MyAshampoo\prxtbMyA2.dll [2011-05-09 176936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - C:\PROGRA~1\ICQTOO~1\toolbaru.dll []
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll []
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08 1619352]
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - MyAshampoo Toolbar - C:\Program Files\MyAshampoo\prxtbMyA2.dll [2011-05-09 176936]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPE.exe"=C:\Program Files\SynTPE.exe [2007-06-13 45056]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-10-13 17351304]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil11e_Plugin.exe [2011-11-24 247968]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-09-07 716800]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [2003-03-31 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trust Gaming mouse]
C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2006-03-10 35328]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run VNC Server.lnk]
C:\Program Files\RealVNC\VNC4\winvnc4.exe -noconsole []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Disabled:javaw"
"E:\EA GAMES\SteamApps\lestat_avandgard\counter-strike source\hl2.exe"="E:\EA GAMES\SteamApps\lestat_avandgard\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe"="C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad"
"E:\EA GAMES\SteamApps\lestat_avandgard\half-life 2 deathmatch\hl2.exe"="E:\EA GAMES\SteamApps\lestat_avandgard\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\wscntfy.exe"="C:\WINDOWS\system32\wscntfy.exe:*:Enabled:ENABLE"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\wuauclt.exe"="C:\WINDOWS\system32\wuauclt.exe:*:Enabled:ENABLE"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:ENABLE"
"E:\GAMESY\Launcher.exe"="E:\GAMESY\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.FPS1"=frapsvid.dll
"vidc.tscc"=tsccvid.dll
"msacm.lhacm"=lhacm.acm
"VIDC.ACDV"=ACDV.dll
======List of files/folders created in the last 1 month======
2012-04-11 18:11:17 ----D---- C:\WINDOWS\LastGood
======List of files/folders modified in the last 1 month======
2012-04-23 09:51:17 ----D---- C:\Program Files\trend micro
2012-04-23 09:51:14 ----D---- C:\WINDOWS\Prefetch
2012-04-23 09:41:21 ----D---- C:\Documents and Settings\Kalypso real\Application Data\Skype
2012-04-11 18:11:44 ----HD---- C:\WINDOWS\inf
2012-04-11 18:11:26 ----HD---- C:\WINDOWS\$hf_mig$
2012-04-11 18:11:25 ----D---- C:\WINDOWS
2012-04-05 11:49:23 ----D---- C:\WINDOWS\system32
2012-04-05 11:49:22 ----D---- C:\Program Files\Opera
2012-04-05 11:46:40 ----D---- C:\WINDOWS\temp
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-12-05 20640]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-07-15 721904]
R0 uagp35;Microsoft AGPv3.5 Filter; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R0 videX32;videX32; C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver; C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 11264]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-10-18 42496]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 LMImirr;LMImirr; C:\WINDOWS\system32\DRIVERS\LMImirr.sys [2007-01-27 8048]
S3 catchme;catchme; \??\C:\DOCUME~1\KALYPS~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 ZSMC303;A4 TECH PC Camera H; C:\WINDOWS\System32\Drivers\usbVM303.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2005-10-18 241152]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-04-05 63040]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-08-01 65536]
S3 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2007-07-16 99904]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Velmi pomale PC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Velmi pomale PC
Zdravim a pekny den preji 
Zda se mi to, nebo nepouzivate zadyn bezp. SW (antivir), pak se neni cemu divit ze tam mate docela solidni sbirku haveti
Uvolnete volne misto na disku alespon na 3 giga, system se dusi
Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
Zda se mi to, nebo nepouzivate zadyn bezp. SW (antivir), pak se neni cemu divit ze tam mate docela solidni sbirku haveti Uvolnete volne misto na disku alespon na 3 giga, system se dusi Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
- Zaskrtnete okenko Pro vsechny uzivatele
- Zaskrtnete okenko Kontrola na havet "LOP"
- Zaskrtnete okenko Kontrola na havet "Purity"
- Stari souboru zmente z 30 dnu na 7 dnu
- Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kód: Vybrat vše
CREATERESTOREPOINT netsvcs drivers32 savembr:0 /md5start atapi.sys autochk.exe cdrom.sys explorer.exe hal.dll scecli.dll svchost.exe tcpip.sys userinit.exe winlogon.exe /md5stop %systemroot%*.* /U /s %SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %systemroot%\system32\drivers\*.sys /3 %systemroot%\system32\*.* /3 %SYSTEMDRIVE%\*.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 %PROGRAMFILES%\Opera\opera.exe /md5 %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 %SystemDrive%\PhysicalMBR.bin /md5 *crack* /s *keygen* /s *loader* /s- Kliknete na tlacitko Run Scan
- Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.-
martinstriska
- Návštěvník
- Příspěvky: 4
- Registrován: 23 dub 2012 08:48
Re: Velmi pomale PC
OTL logfile created on: 24.4.2012 16:28:39 - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\Kalypso real\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy
1022,42 Mb Total Physical Memory | 411,54 Mb Available Physical Memory | 40,25% Memory free
2,40 Gb Paging File | 1,83 Gb Available in Paging File | 76,06% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 0,68 Gb Free Space | 3,46% Space Free | Partition Type: NTFS
Drive E: | 166,77 Gb Total Space | 137,74 Gb Free Space | 82,60% Space Free | Partition Type: NTFS
Computer Name: KALYPSO | User Name: Kalypso real | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2012.04.24 16:26:51 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kalypso real\Desktop\OTL.exe
PRC - [2012.03.05 16:04:30 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.06.13 06:15:34 | 000,045,056 | ---- | M] () -- C:\Program Files\SynTPE.exe
PRC - [2005.10.18 16:00:10 | 000,241,152 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
========== Modules (No Company Name) ==========
MOD - [2012.04.24 16:16:08 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2011.10.28 11:48:31 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011.10.28 11:35:09 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011.10.28 11:34:59 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011.10.28 11:34:40 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011.10.28 11:32:16 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011.10.28 11:31:50 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2008.04.14 02:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008.04.14 02:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007.06.13 06:15:34 | 000,045,056 | ---- | M] () -- C:\Program Files\SynTPE.exe
MOD - [2006.12.06 19:13:54 | 000,315,392 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2006.12.03 15:53:06 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006.10.22 13:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2001.07.31 12:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.24 16:16:08 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2005.10.18 16:00:10 | 000,241,152 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2002.08.01 11:22:40 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbVM303.sys -- (ZSMC303)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\KALYPS~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2009.07.15 11:36:52 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007.07.16 18:08:04 | 000,022,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2006.02.23 05:39:06 | 000,011,264 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt)
DRV - [2006.02.23 05:38:32 | 000,009,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2005.10.19 18:00:00 | 000,011,264 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2005.10.18 16:01:38 | 000,011,008 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2005.08.11 15:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2004.10.27 16:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2475029
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT2475029
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
O1 HOSTS File: ([2011.05.24 12:48:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\Toolbar\ShellBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-299502267-484763869-682003330-1004..\Run: [SynTPE.exe] C:\Program Files\SynTPE.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-484763869-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-484763869-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-484763869-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-299502267-484763869-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML File not found
O8 - Extra context menu item: Previesť cieľ odkazu do formátu Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Previesť do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Pridať cieľ odkazu do existujúceho súboru PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Pridať do existujúceho súboru PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} http://everquest2.station.sony.com/syst ... ysinfo.cab (SOESysInfo Control)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A6C00A8-9CED-4C2B-B820-A756E0213F19}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/KALYPS~1/LOCALS~1/Temp/msohtml1/01/clip_image001.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Kalypso real\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kalypso real\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.03.11 11:59:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.03.11 11:59:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.CSW -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1056
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2012.04.24 16:26:37 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kalypso real\Desktop\OTL.exe
[2012.04.24 16:16:08 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2011.06.27 14:29:41 | 003,081,354 | ---- | C] (Autodesk) -- C:\Program Files\MGControl65.EXE
[2011.01.16 16:32:46 | 038,808,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\FileFormatConverters.exe
========== Files - Modified Within 7 Days ==========
[2012.04.24 16:30:36 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.04.24 16:28:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.04.24 16:26:51 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kalypso real\Desktop\OTL.exe
[2012.04.24 16:25:42 | 008,072,280 | ---- | M] () -- C:\WINDOWS\System32\lg.dat
[2012.04.24 16:16:59 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.04.24 16:16:59 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.04.24 16:16:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.04.24 16:16:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.04.24 16:15:30 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.04.24 16:15:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.04.24 16:15:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.04.23 09:50:57 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Kalypso real\Desktop\RSIT.exe
========== Files Created - No Company Name ==========
[2012.04.24 16:30:36 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.04.24 16:16:09 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.04.23 09:50:56 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Kalypso real\Desktop\RSIT.exe
[2012.02.16 21:15:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.05.24 12:40:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.05.24 12:40:48 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.03.14 11:49:13 | 068,138,099 | ---- | C] () -- C:\Program Files\Zoner Photo Studio Professional 12 (Sestavení 5) (12.0.1.5) CZ+KEY.rar
========== LOP Check ==========
[2009.06.04 09:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2011.11.26 12:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2007.03.29 09:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blueberry
[2007.01.29 14:43:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009.07.15 13:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012.01.05 17:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2012.01.05 17:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009.06.04 13:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2007.03.31 11:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.06.04 10:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2007.03.11 12:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\1.0.0.0
[2007.09.14 18:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ACD Systems
[2011.11.26 12:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Ashampoo
[2007.03.29 09:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Blueberry
[2011.11.10 12:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Canon
[2011.11.10 12:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Canon Easy-WebPrint EX
[2007.03.11 12:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\CÍGLER SOFTWARE, a.s
[2009.07.21 10:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\DAEMON Tools Lite
[2007.04.21 09:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ICQ
[2008.04.23 12:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ICQ Toolbar
[2006.12.16 19:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ICQLite
[2007.06.06 11:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\MSNInstaller
[2006.12.15 18:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Opera
[2011.03.23 11:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\PDF reDirect
[2012.04.24 16:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\PriceGong
[2007.04.09 19:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\SecondLife
[2009.12.17 10:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Softland
[2009.07.15 09:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\TeamViewer
[2012.02.07 13:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\The Bat!
[2011.03.14 11:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Zoner
[2009.12.17 10:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
========== Purity Check ==========
========== Custom Scans ==========
< >
< >
< MD5 for: ATAPI.SYS >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.11.02 15:25:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.11.02 15:25:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008.04.14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2006.02.28 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
< MD5 for: CDROM.SYS >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2010.11.02 15:25:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2010.11.02 15:25:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006.02.28 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 13:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 12:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2006.02.28 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
< MD5 for: HAL.DLL >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2010.11.02 15:25:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2010.11.02 15:25:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2006.02.28 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
< MD5 for: SCECLI.DLL >
[2006.02.28 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SVCHOST.EXE >
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006.02.28 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TCPIP.SYS >
[2006.04.20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.02.28 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2006.02.28 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2006.02.28 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< >
< %systemroot%*.* /U /s >
[16 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[13 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\108d8644578af5af4333f94264679a7b\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\108d8644578af5af4333f94264679a7b\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\1cd27d58453bc45b72c3cf357ec8c6ce\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\1cd27d58453bc45b72c3cf357ec8c6ce\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\2dc74abc95c4d6cd6ee5e1abe0e7e256\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\2dc74abc95c4d6cd6ee5e1abe0e7e256\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\38f47e51c38a7a0ebc9c39dca1edd5a6\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\38f47e51c38a7a0ebc9c39dca1edd5a6\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\c96fd9999dc8f96af6e0c593767c2c72\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\c96fd9999dc8f96af6e0c593767c2c72\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\ce3980e828a48318d40932bc7ed338ad\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\ce3980e828a48318d40932bc7ed338ad\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\ce5f0506e9ad054a6cd4c2a90b207e10\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\ce5f0506e9ad054a6cd4c2a90b207e10\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\d6d7b1f3cb291e4c7336512a511a9e58\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\d6d7b1f3cb291e4c7336512a511a9e58\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\daa4daae7e044164b6b67fd9bfc0934f\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\daa4daae7e044164b6b67fd9bfc0934f\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\dd1d31f82e16f1dce87e833fd358b78e\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\dd1d31f82e16f1dce87e833fd358b78e\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
[2007.09.11 10:37:37 | 014,548,240 | ---- | M] (InstallShield Software Corporation) -- C:\freedwgviewer.exe
[2007.10.03 11:23:54 | 010,656,216 | ---- | M] () -- C:\JoostSetup-Beta-1.0.exe
< %ALLUSERSPROFILE%\Application Data\*. >
[2012.01.11 09:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007.01.18 11:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2011.11.26 12:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2007.03.29 09:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blueberry
[2007.01.29 14:43:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2006.12.18 21:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009.07.15 13:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012.01.05 17:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2012.01.05 17:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009.06.04 13:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011.11.29 11:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009.06.04 09:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.01.05 17:23:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011.10.28 11:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011.07.11 11:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2007.03.31 11:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011.01.16 16:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009.06.04 10:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009.11.18 22:57:54 | 000,046,496 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\9.2\ARM\Elevator.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\22621\AcrobatUpdater.exe
[2012.01.03 09:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\22621\AdobeARM.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\22621\AdobeARMHelper.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\22621\ReaderUpdater.exe
[2011.06.06 22:45:23 | 001,560,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1029-7B44-AA1000000001}\setup.exe
[2005.03.08 20:16:10 | 000,023,040 | ---- | M] (CANON INC.) -- C:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\Cnmvsa.exe
[2005.08.26 07:00:00 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\helpkicker.exe
[2011.11.28 12:40:40 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
< %APPDATA%\*. >
[2007.03.11 12:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\1.0.0.0
[2007.09.14 18:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ACD Systems
[2012.01.05 17:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Adobe
[2006.12.16 00:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\AdobeUM
[2006.12.15 17:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Ahead
[2011.11.26 12:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Ashampoo
[2007.03.29 09:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Blueberry
[2011.11.10 12:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Canon
[2011.11.10 12:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Canon Easy-WebPrint EX
[2007.03.11 12:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\CÍGLER SOFTWARE, a.s
[2009.07.21 10:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\DAEMON Tools Lite
[2007.07.10 20:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\dvdcss
[2011.05.24 11:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Google
[2007.01.31 11:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Help
[2007.04.21 09:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ICQ
[2008.04.23 12:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ICQ Toolbar
[2006.12.16 19:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ICQLite
[2006.01.01 01:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Identities
[2007.10.03 11:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Joost
[2007.05.31 08:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Lavasoft
[2006.12.15 20:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Macromedia
[2009.06.04 13:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Malwarebytes
[2012.01.05 12:25:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Kalypso real\Application Data\Microsoft
[2007.04.21 09:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Mozilla
[2007.06.06 11:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\MSNInstaller
[2006.12.15 18:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Opera
[2011.03.23 11:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\PDF reDirect
[2012.04.24 16:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\PriceGong
[2007.04.09 19:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\SecondLife
[2012.04.24 16:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Skype
[2011.07.11 11:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\skypePM
[2009.12.17 10:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Softland
[2007.01.26 13:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Sun
[2007.07.10 11:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\teamspeak2
[2009.07.15 09:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\TeamViewer
[2012.02.07 13:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\The Bat!
[2010.02.05 12:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\U3
[2007.06.15 22:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Ventrilo
[2007.04.13 19:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\vlc
[2011.03.14 11:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Zoner
< %APPDATA%\*.exe /s >
[2007.05.04 20:45:10 | 000,846,312 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Kalypso real\Application Data\MSNInstaller\msnauins.exe
[2006.08.15 11:15:04 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Kalypso real\Application Data\U3\temp\cleanup.exe
[2006.10.04 14:21:22 | 003,072,000 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\Kalypso real\Application Data\U3\temp\Launchpad Removal.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2012.04.24 16:28:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.07.15 11:36:52 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
[2006.01.01 02:12:07 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006.01.01 02:12:07 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.01.01 02:12:07 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2012.04.24 16:16:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerApp.exe
[2012.04.24 16:16:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
[2012.04.24 16:35:51 | 008,079,252 | ---- | M] () -- C:\WINDOWS\system32\lg.dat
[2012.04.24 16:15:30 | 000,088,566 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
[2012.04.24 16:16:59 | 000,072,332 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2012.04.24 16:16:59 | 000,444,456 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2012.04.24 16:16:59 | 000,526,818 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2012.04.24 16:15:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
< %SYSTEMDRIVE%\*.exe >
[2007.09.11 10:37:37 | 014,548,240 | ---- | M] (InstallShield Software Corporation) -- C:\freedwgviewer.exe
[2007.10.03 11:23:54 | 010,656,216 | ---- | M] () -- C:\JoostSetup-Beta-1.0.exe
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"SynTPE.exe" = C:\Program Files\SynTPE.exe -- [2007.06.13 06:15:34 | 000,045,056 | ---- | M] ()
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2011.10.13 09:27:14 | 017,351,304 | R--- | M] (Skype Technologies S.A.)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008.04.14 02:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2008.04.14 02:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\Program Files\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
[2012.03.05 16:04:30 | 000,949,104 | ---- | M] (Opera Software) MD5=CC7001E619906A0FF78C162A0A39D5B7 -- C:\Program Files\Opera\opera.exe
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.04.24 16:30:36 | 000,000,512 | ---- | M] () MD5=FBAF3C2CBF18FF8643C54C5601C5097A -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2009.06.04 10:12:38 | 000,000,478 | ---- | M] () -- \Documents and Settings\Administrator\Recent\Crack.lnk
[2012.04.24 16:26:12 | 000,001,079 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Application Data\MyAshampoo\Rss\http___crackle_com_rss_media_sxsw_featured_rss.xml
< *keygen* /s >
< *loader* /s >
[2012.04.24 16:16:10 | 000,000,412 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Temporary Internet Files\Content.IE5\F4OXHDB7\AdLoader[1].html
[2012.01.05 12:15:34 | 000,000,723 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Temporary Internet Files\Content.IE5\F4OXHDB7\downloaderror[1].js
[2012.04.24 16:16:10 | 000,000,652 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Temporary Internet Files\Content.IE5\FKWJXXHS\AdLoader[1].htm
[2012.01.05 12:15:32 | 000,007,900 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Temporary Internet Files\Content.IE5\FKWJXXHS\bundleloader[1].js
[2012.03.27 16:12:45 | 000,010,364 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Temporary Internet Files\Content.IE5\YDQ3CF41\AdLoader-31f86c1d55aec17be3f2a203a8e4fb19.min[2].js
[2012.01.05 12:15:34 | 000,001,174 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Temporary Internet Files\Content.IE5\YDQ3CF41\downloader[1].js
[2005.06.07 13:25:46 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2006.02.28 14:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2008.04.14 02:11:52 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.13 20:31:43 | 000,230,400 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.13 20:31:44 | 000,278,016 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 02:11:52 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2008.04.14 02:11:52 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dllcache\dmloader.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 353 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\Kalypso real\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy
1022,42 Mb Total Physical Memory | 411,54 Mb Available Physical Memory | 40,25% Memory free
2,40 Gb Paging File | 1,83 Gb Available in Paging File | 76,06% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 0,68 Gb Free Space | 3,46% Space Free | Partition Type: NTFS
Drive E: | 166,77 Gb Total Space | 137,74 Gb Free Space | 82,60% Space Free | Partition Type: NTFS
Computer Name: KALYPSO | User Name: Kalypso real | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2012.04.24 16:26:51 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kalypso real\Desktop\OTL.exe
PRC - [2012.03.05 16:04:30 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.06.13 06:15:34 | 000,045,056 | ---- | M] () -- C:\Program Files\SynTPE.exe
PRC - [2005.10.18 16:00:10 | 000,241,152 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
========== Modules (No Company Name) ==========
MOD - [2012.04.24 16:16:08 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2011.10.28 11:48:31 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011.10.28 11:35:09 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011.10.28 11:34:59 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011.10.28 11:34:40 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011.10.28 11:32:16 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011.10.28 11:31:50 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2008.04.14 02:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008.04.14 02:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007.06.13 06:15:34 | 000,045,056 | ---- | M] () -- C:\Program Files\SynTPE.exe
MOD - [2006.12.06 19:13:54 | 000,315,392 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2006.12.03 15:53:06 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006.10.22 13:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2001.07.31 12:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.24 16:16:08 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2005.10.18 16:00:10 | 000,241,152 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2002.08.01 11:22:40 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbVM303.sys -- (ZSMC303)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\KALYPS~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2009.07.15 11:36:52 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007.07.16 18:08:04 | 000,022,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2006.02.23 05:39:06 | 000,011,264 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt)
DRV - [2006.02.23 05:38:32 | 000,009,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2005.10.19 18:00:00 | 000,011,264 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2005.10.18 16:01:38 | 000,011,008 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2005.08.11 15:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2004.10.27 16:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2475029
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT2475029
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
O1 HOSTS File: ([2011.05.24 12:48:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\Toolbar\ShellBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-299502267-484763869-682003330-1004..\Run: [SynTPE.exe] C:\Program Files\SynTPE.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-484763869-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-484763869-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-484763869-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-299502267-484763869-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML File not found
O8 - Extra context menu item: Previesť cieľ odkazu do formátu Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Previesť do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Pridať cieľ odkazu do existujúceho súboru PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Pridať do existujúceho súboru PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} http://everquest2.station.sony.com/syst ... ysinfo.cab (SOESysInfo Control)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A6C00A8-9CED-4C2B-B820-A756E0213F19}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/KALYPS~1/LOCALS~1/Temp/msohtml1/01/clip_image001.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Kalypso real\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kalypso real\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.03.11 11:59:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.03.11 11:59:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.CSW -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1056
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2012.04.24 16:26:37 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kalypso real\Desktop\OTL.exe
[2012.04.24 16:16:08 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2011.06.27 14:29:41 | 003,081,354 | ---- | C] (Autodesk) -- C:\Program Files\MGControl65.EXE
[2011.01.16 16:32:46 | 038,808,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\FileFormatConverters.exe
========== Files - Modified Within 7 Days ==========
[2012.04.24 16:30:36 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.04.24 16:28:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.04.24 16:26:51 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kalypso real\Desktop\OTL.exe
[2012.04.24 16:25:42 | 008,072,280 | ---- | M] () -- C:\WINDOWS\System32\lg.dat
[2012.04.24 16:16:59 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.04.24 16:16:59 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.04.24 16:16:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.04.24 16:16:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.04.24 16:15:30 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.04.24 16:15:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.04.24 16:15:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.04.23 09:50:57 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Kalypso real\Desktop\RSIT.exe
========== Files Created - No Company Name ==========
[2012.04.24 16:30:36 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.04.24 16:16:09 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.04.23 09:50:56 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Kalypso real\Desktop\RSIT.exe
[2012.02.16 21:15:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.05.24 12:40:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.05.24 12:40:48 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.03.14 11:49:13 | 068,138,099 | ---- | C] () -- C:\Program Files\Zoner Photo Studio Professional 12 (Sestavení 5) (12.0.1.5) CZ+KEY.rar
========== LOP Check ==========
[2009.06.04 09:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2011.11.26 12:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2007.03.29 09:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blueberry
[2007.01.29 14:43:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009.07.15 13:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012.01.05 17:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2012.01.05 17:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009.06.04 13:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2007.03.31 11:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.06.04 10:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2007.03.11 12:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\1.0.0.0
[2007.09.14 18:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ACD Systems
[2011.11.26 12:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Ashampoo
[2007.03.29 09:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Blueberry
[2011.11.10 12:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Canon
[2011.11.10 12:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Canon Easy-WebPrint EX
[2007.03.11 12:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\CÍGLER SOFTWARE, a.s
[2009.07.21 10:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\DAEMON Tools Lite
[2007.04.21 09:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ICQ
[2008.04.23 12:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ICQ Toolbar
[2006.12.16 19:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ICQLite
[2007.06.06 11:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\MSNInstaller
[2006.12.15 18:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Opera
[2011.03.23 11:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\PDF reDirect
[2012.04.24 16:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\PriceGong
[2007.04.09 19:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\SecondLife
[2009.12.17 10:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Softland
[2009.07.15 09:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\TeamViewer
[2012.02.07 13:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\The Bat!
[2011.03.14 11:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Zoner
[2009.12.17 10:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
========== Purity Check ==========
========== Custom Scans ==========
< >
< >
< MD5 for: ATAPI.SYS >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.11.02 15:25:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.11.02 15:25:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008.04.14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2006.02.28 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
< MD5 for: CDROM.SYS >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2010.11.02 15:25:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2010.11.02 15:25:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006.02.28 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 13:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 12:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2006.02.28 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
< MD5 for: HAL.DLL >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2010.11.02 15:25:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2010.11.02 15:25:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2006.02.28 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
< MD5 for: SCECLI.DLL >
[2006.02.28 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SVCHOST.EXE >
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006.02.28 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TCPIP.SYS >
[2006.04.20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.02.28 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2006.02.28 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2006.02.28 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< >
< %systemroot%*.* /U /s >
[16 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[13 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\108d8644578af5af4333f94264679a7b\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\108d8644578af5af4333f94264679a7b\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\1cd27d58453bc45b72c3cf357ec8c6ce\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\1cd27d58453bc45b72c3cf357ec8c6ce\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\2dc74abc95c4d6cd6ee5e1abe0e7e256\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\2dc74abc95c4d6cd6ee5e1abe0e7e256\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\38f47e51c38a7a0ebc9c39dca1edd5a6\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\38f47e51c38a7a0ebc9c39dca1edd5a6\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\c96fd9999dc8f96af6e0c593767c2c72\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\c96fd9999dc8f96af6e0c593767c2c72\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\ce3980e828a48318d40932bc7ed338ad\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\ce3980e828a48318d40932bc7ed338ad\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\ce5f0506e9ad054a6cd4c2a90b207e10\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\ce5f0506e9ad054a6cd4c2a90b207e10\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\d6d7b1f3cb291e4c7336512a511a9e58\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\d6d7b1f3cb291e4c7336512a511a9e58\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\daa4daae7e044164b6b67fd9bfc0934f\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\daa4daae7e044164b6b67fd9bfc0934f\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\dd1d31f82e16f1dce87e833fd358b78e\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\dd1d31f82e16f1dce87e833fd358b78e\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
[2007.09.11 10:37:37 | 014,548,240 | ---- | M] (InstallShield Software Corporation) -- C:\freedwgviewer.exe
[2007.10.03 11:23:54 | 010,656,216 | ---- | M] () -- C:\JoostSetup-Beta-1.0.exe
< %ALLUSERSPROFILE%\Application Data\*. >
[2012.01.11 09:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007.01.18 11:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2011.11.26 12:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2007.03.29 09:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blueberry
[2007.01.29 14:43:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2006.12.18 21:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009.07.15 13:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012.01.05 17:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2012.01.05 17:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009.06.04 13:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011.11.29 11:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009.06.04 09:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.01.05 17:23:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011.10.28 11:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011.07.11 11:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2007.03.31 11:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011.01.16 16:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009.06.04 10:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009.11.18 22:57:54 | 000,046,496 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\9.2\ARM\Elevator.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\22621\AcrobatUpdater.exe
[2012.01.03 09:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\22621\AdobeARM.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\22621\AdobeARMHelper.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\22621\ReaderUpdater.exe
[2011.06.06 22:45:23 | 001,560,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1029-7B44-AA1000000001}\setup.exe
[2005.03.08 20:16:10 | 000,023,040 | ---- | M] (CANON INC.) -- C:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\Cnmvsa.exe
[2005.08.26 07:00:00 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\helpkicker.exe
[2011.11.28 12:40:40 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
< %APPDATA%\*. >
[2007.03.11 12:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\1.0.0.0
[2007.09.14 18:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ACD Systems
[2012.01.05 17:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Adobe
[2006.12.16 00:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\AdobeUM
[2006.12.15 17:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Ahead
[2011.11.26 12:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Ashampoo
[2007.03.29 09:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Blueberry
[2011.11.10 12:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Canon
[2011.11.10 12:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Canon Easy-WebPrint EX
[2007.03.11 12:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\CÍGLER SOFTWARE, a.s
[2009.07.21 10:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\DAEMON Tools Lite
[2007.07.10 20:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\dvdcss
[2011.05.24 11:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Google
[2007.01.31 11:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Help
[2007.04.21 09:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ICQ
[2008.04.23 12:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ICQ Toolbar
[2006.12.16 19:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ICQLite
[2006.01.01 01:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Identities
[2007.10.03 11:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Joost
[2007.05.31 08:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Lavasoft
[2006.12.15 20:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Macromedia
[2009.06.04 13:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Malwarebytes
[2012.01.05 12:25:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Kalypso real\Application Data\Microsoft
[2007.04.21 09:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Mozilla
[2007.06.06 11:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\MSNInstaller
[2006.12.15 18:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Opera
[2011.03.23 11:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\PDF reDirect
[2012.04.24 16:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\PriceGong
[2007.04.09 19:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\SecondLife
[2012.04.24 16:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Skype
[2011.07.11 11:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\skypePM
[2009.12.17 10:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Softland
[2007.01.26 13:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Sun
[2007.07.10 11:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\teamspeak2
[2009.07.15 09:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\TeamViewer
[2012.02.07 13:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\The Bat!
[2010.02.05 12:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\U3
[2007.06.15 22:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Ventrilo
[2007.04.13 19:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\vlc
[2011.03.14 11:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Zoner
< %APPDATA%\*.exe /s >
[2007.05.04 20:45:10 | 000,846,312 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Kalypso real\Application Data\MSNInstaller\msnauins.exe
[2006.08.15 11:15:04 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Kalypso real\Application Data\U3\temp\cleanup.exe
[2006.10.04 14:21:22 | 003,072,000 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\Kalypso real\Application Data\U3\temp\Launchpad Removal.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2012.04.24 16:28:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.07.15 11:36:52 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
[2006.01.01 02:12:07 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006.01.01 02:12:07 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.01.01 02:12:07 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2012.04.24 16:16:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerApp.exe
[2012.04.24 16:16:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
[2012.04.24 16:35:51 | 008,079,252 | ---- | M] () -- C:\WINDOWS\system32\lg.dat
[2012.04.24 16:15:30 | 000,088,566 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
[2012.04.24 16:16:59 | 000,072,332 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2012.04.24 16:16:59 | 000,444,456 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2012.04.24 16:16:59 | 000,526,818 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2012.04.24 16:15:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
< %SYSTEMDRIVE%\*.exe >
[2007.09.11 10:37:37 | 014,548,240 | ---- | M] (InstallShield Software Corporation) -- C:\freedwgviewer.exe
[2007.10.03 11:23:54 | 010,656,216 | ---- | M] () -- C:\JoostSetup-Beta-1.0.exe
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"SynTPE.exe" = C:\Program Files\SynTPE.exe -- [2007.06.13 06:15:34 | 000,045,056 | ---- | M] ()
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2011.10.13 09:27:14 | 017,351,304 | R--- | M] (Skype Technologies S.A.)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008.04.14 02:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2008.04.14 02:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\Program Files\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
[2012.03.05 16:04:30 | 000,949,104 | ---- | M] (Opera Software) MD5=CC7001E619906A0FF78C162A0A39D5B7 -- C:\Program Files\Opera\opera.exe
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.04.24 16:30:36 | 000,000,512 | ---- | M] () MD5=FBAF3C2CBF18FF8643C54C5601C5097A -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2009.06.04 10:12:38 | 000,000,478 | ---- | M] () -- \Documents and Settings\Administrator\Recent\Crack.lnk
[2012.04.24 16:26:12 | 000,001,079 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Application Data\MyAshampoo\Rss\http___crackle_com_rss_media_sxsw_featured_rss.xml
< *keygen* /s >
< *loader* /s >
[2012.04.24 16:16:10 | 000,000,412 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Temporary Internet Files\Content.IE5\F4OXHDB7\AdLoader[1].html
[2012.01.05 12:15:34 | 000,000,723 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Temporary Internet Files\Content.IE5\F4OXHDB7\downloaderror[1].js
[2012.04.24 16:16:10 | 000,000,652 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Temporary Internet Files\Content.IE5\FKWJXXHS\AdLoader[1].htm
[2012.01.05 12:15:32 | 000,007,900 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Temporary Internet Files\Content.IE5\FKWJXXHS\bundleloader[1].js
[2012.03.27 16:12:45 | 000,010,364 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Temporary Internet Files\Content.IE5\YDQ3CF41\AdLoader-31f86c1d55aec17be3f2a203a8e4fb19.min[2].js
[2012.01.05 12:15:34 | 000,001,174 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Temporary Internet Files\Content.IE5\YDQ3CF41\downloader[1].js
[2005.06.07 13:25:46 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2006.02.28 14:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2008.04.14 02:11:52 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.13 20:31:43 | 000,230,400 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.13 20:31:44 | 000,278,016 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 02:11:52 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2008.04.14 02:11:52 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dllcache\dmloader.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 353 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >
-
martinstriska
- Návštěvník
- Příspěvky: 4
- Registrován: 23 dub 2012 08:48
Re: Velmi pomale PC
OTL logfile created on: 24.4.2012 16:28:39 - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\Kalypso real\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy
1022,42 Mb Total Physical Memory | 411,54 Mb Available Physical Memory | 40,25% Memory free
2,40 Gb Paging File | 1,83 Gb Available in Paging File | 76,06% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 0,68 Gb Free Space | 3,46% Space Free | Partition Type: NTFS
Drive E: | 166,77 Gb Total Space | 137,74 Gb Free Space | 82,60% Space Free | Partition Type: NTFS
Computer Name: KALYPSO | User Name: Kalypso real | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2012.04.24 16:26:51 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kalypso real\Desktop\OTL.exe
PRC - [2012.03.05 16:04:30 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.06.13 06:15:34 | 000,045,056 | ---- | M] () -- C:\Program Files\SynTPE.exe
PRC - [2005.10.18 16:00:10 | 000,241,152 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
========== Modules (No Company Name) ==========
MOD - [2012.04.24 16:16:08 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2011.10.28 11:48:31 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011.10.28 11:35:09 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011.10.28 11:34:59 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011.10.28 11:34:40 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011.10.28 11:32:16 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011.10.28 11:31:50 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2008.04.14 02:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008.04.14 02:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007.06.13 06:15:34 | 000,045,056 | ---- | M] () -- C:\Program Files\SynTPE.exe
MOD - [2006.12.06 19:13:54 | 000,315,392 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2006.12.03 15:53:06 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006.10.22 13:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2001.07.31 12:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.24 16:16:08 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2005.10.18 16:00:10 | 000,241,152 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2002.08.01 11:22:40 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbVM303.sys -- (ZSMC303)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\KALYPS~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2009.07.15 11:36:52 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007.07.16 18:08:04 | 000,022,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2006.02.23 05:39:06 | 000,011,264 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt)
DRV - [2006.02.23 05:38:32 | 000,009,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2005.10.19 18:00:00 | 000,011,264 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2005.10.18 16:01:38 | 000,011,008 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2005.08.11 15:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2004.10.27 16:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2475029
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT2475029
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
O1 HOSTS File: ([2011.05.24 12:48:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\Toolbar\ShellBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-299502267-484763869-682003330-1004..\Run: [SynTPE.exe] C:\Program Files\SynTPE.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-484763869-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-484763869-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-484763869-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-299502267-484763869-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML File not found
O8 - Extra context menu item: Previesť cieľ odkazu do formátu Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Previesť do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Pridať cieľ odkazu do existujúceho súboru PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Pridať do existujúceho súboru PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} http://everquest2.station.sony.com/syst ... ysinfo.cab (SOESysInfo Control)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A6C00A8-9CED-4C2B-B820-A756E0213F19}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/KALYPS~1/LOCALS~1/Temp/msohtml1/01/clip_image001.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Kalypso real\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kalypso real\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.03.11 11:59:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.03.11 11:59:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.CSW -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1056
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2012.04.24 16:26:37 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kalypso real\Desktop\OTL.exe
[2012.04.24 16:16:08 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2011.06.27 14:29:41 | 003,081,354 | ---- | C] (Autodesk) -- C:\Program Files\MGControl65.EXE
[2011.01.16 16:32:46 | 038,808,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\FileFormatConverters.exe
========== Files - Modified Within 7 Days ==========
[2012.04.24 16:30:36 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.04.24 16:28:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.04.24 16:26:51 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kalypso real\Desktop\OTL.exe
[2012.04.24 16:25:42 | 008,072,280 | ---- | M] () -- C:\WINDOWS\System32\lg.dat
[2012.04.24 16:16:59 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.04.24 16:16:59 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.04.24 16:16:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.04.24 16:16:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.04.24 16:15:30 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.04.24 16:15:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.04.24 16:15:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.04.23 09:50:57 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Kalypso real\Desktop\RSIT.exe
========== Files Created - No Company Name ==========
[2012.04.24 16:30:36 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.04.24 16:16:09 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.04.23 09:50:56 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Kalypso real\Desktop\RSIT.exe
[2012.02.16 21:15:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.05.24 12:40:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.05.24 12:40:48 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.03.14 11:49:13 | 068,138,099 | ---- | C] () -- C:\Program Files\Zoner Photo Studio Professional 12 (Sestavení 5) (12.0.1.5) CZ+KEY.rar
========== LOP Check ==========
[2009.06.04 09:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2011.11.26 12:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2007.03.29 09:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blueberry
[2007.01.29 14:43:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009.07.15 13:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012.01.05 17:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2012.01.05 17:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009.06.04 13:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2007.03.31 11:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.06.04 10:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2007.03.11 12:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\1.0.0.0
[2007.09.14 18:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ACD Systems
[2011.11.26 12:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Ashampoo
[2007.03.29 09:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Blueberry
[2011.11.10 12:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Canon
[2011.11.10 12:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Canon Easy-WebPrint EX
[2007.03.11 12:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\CÍGLER SOFTWARE, a.s
[2009.07.21 10:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\DAEMON Tools Lite
[2007.04.21 09:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ICQ
[2008.04.23 12:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ICQ Toolbar
[2006.12.16 19:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ICQLite
[2007.06.06 11:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\MSNInstaller
[2006.12.15 18:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Opera
[2011.03.23 11:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\PDF reDirect
[2012.04.24 16:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\PriceGong
[2007.04.09 19:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\SecondLife
[2009.12.17 10:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Softland
[2009.07.15 09:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\TeamViewer
[2012.02.07 13:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\The Bat!
[2011.03.14 11:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Zoner
[2009.12.17 10:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
========== Purity Check ==========
========== Custom Scans ==========
< >
< >
< MD5 for: ATAPI.SYS >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.11.02 15:25:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.11.02 15:25:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008.04.14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2006.02.28 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
< MD5 for: CDROM.SYS >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2010.11.02 15:25:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2010.11.02 15:25:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006.02.28 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 13:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 12:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2006.02.28 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
< MD5 for: HAL.DLL >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2010.11.02 15:25:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2010.11.02 15:25:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2006.02.28 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
< MD5 for: SCECLI.DLL >
[2006.02.28 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SVCHOST.EXE >
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006.02.28 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TCPIP.SYS >
[2006.04.20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.02.28 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2006.02.28 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2006.02.28 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< >
< %systemroot%*.* /U /s >
[16 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[13 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\108d8644578af5af4333f94264679a7b\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\108d8644578af5af4333f94264679a7b\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\1cd27d58453bc45b72c3cf357ec8c6ce\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\1cd27d58453bc45b72c3cf357ec8c6ce\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\2dc74abc95c4d6cd6ee5e1abe0e7e256\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\2dc74abc95c4d6cd6ee5e1abe0e7e256\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\38f47e51c38a7a0ebc9c39dca1edd5a6\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\38f47e51c38a7a0ebc9c39dca1edd5a6\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\c96fd9999dc8f96af6e0c593767c2c72\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\c96fd9999dc8f96af6e0c593767c2c72\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\ce3980e828a48318d40932bc7ed338ad\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\ce3980e828a48318d40932bc7ed338ad\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\ce5f0506e9ad054a6cd4c2a90b207e10\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\ce5f0506e9ad054a6cd4c2a90b207e10\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\d6d7b1f3cb291e4c7336512a511a9e58\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\d6d7b1f3cb291e4c7336512a511a9e58\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\daa4daae7e044164b6b67fd9bfc0934f\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\daa4daae7e044164b6b67fd9bfc0934f\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\dd1d31f82e16f1dce87e833fd358b78e\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\dd1d31f82e16f1dce87e833fd358b78e\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
[2007.09.11 10:37:37 | 014,548,240 | ---- | M] (InstallShield Software Corporation) -- C:\freedwgviewer.exe
[2007.10.03 11:23:54 | 010,656,216 | ---- | M] () -- C:\JoostSetup-Beta-1.0.exe
< %ALLUSERSPROFILE%\Application Data\*. >
[2012.01.11 09:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007.01.18 11:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2011.11.26 12:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2007.03.29 09:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blueberry
[2007.01.29 14:43:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2006.12.18 21:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009.07.15 13:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012.01.05 17:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2012.01.05 17:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009.06.04 13:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011.11.29 11:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009.06.04 09:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.01.05 17:23:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011.10.28 11:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011.07.11 11:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2007.03.31 11:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011.01.16 16:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009.06.04 10:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009.11.18 22:57:54 | 000,046,496 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\9.2\ARM\Elevator.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\22621\AcrobatUpdater.exe
[2012.01.03 09:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\22621\AdobeARM.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\22621\AdobeARMHelper.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\22621\ReaderUpdater.exe
[2011.06.06 22:45:23 | 001,560,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1029-7B44-AA1000000001}\setup.exe
[2005.03.08 20:16:10 | 000,023,040 | ---- | M] (CANON INC.) -- C:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\Cnmvsa.exe
[2005.08.26 07:00:00 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\helpkicker.exe
[2011.11.28 12:40:40 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
< %APPDATA%\*. >
[2007.03.11 12:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\1.0.0.0
[2007.09.14 18:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ACD Systems
[2012.01.05 17:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Adobe
[2006.12.16 00:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\AdobeUM
[2006.12.15 17:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Ahead
[2011.11.26 12:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Ashampoo
[2007.03.29 09:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Blueberry
[2011.11.10 12:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Canon
[2011.11.10 12:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Canon Easy-WebPrint EX
[2007.03.11 12:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\CÍGLER SOFTWARE, a.s
[2009.07.21 10:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\DAEMON Tools Lite
[2007.07.10 20:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\dvdcss
[2011.05.24 11:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Google
[2007.01.31 11:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Help
[2007.04.21 09:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ICQ
[2008.04.23 12:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ICQ Toolbar
[2006.12.16 19:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ICQLite
[2006.01.01 01:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Identities
[2007.10.03 11:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Joost
[2007.05.31 08:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Lavasoft
[2006.12.15 20:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Macromedia
[2009.06.04 13:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Malwarebytes
[2012.01.05 12:25:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Kalypso real\Application Data\Microsoft
[2007.04.21 09:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Mozilla
[2007.06.06 11:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\MSNInstaller
[2006.12.15 18:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Opera
[2011.03.23 11:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\PDF reDirect
[2012.04.24 16:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\PriceGong
[2007.04.09 19:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\SecondLife
[2012.04.24 16:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Skype
[2011.07.11 11:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\skypePM
[2009.12.17 10:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Softland
[2007.01.26 13:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Sun
[2007.07.10 11:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\teamspeak2
[2009.07.15 09:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\TeamViewer
[2012.02.07 13:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\The Bat!
[2010.02.05 12:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\U3
[2007.06.15 22:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Ventrilo
[2007.04.13 19:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\vlc
[2011.03.14 11:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Zoner
< %APPDATA%\*.exe /s >
[2007.05.04 20:45:10 | 000,846,312 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Kalypso real\Application Data\MSNInstaller\msnauins.exe
[2006.08.15 11:15:04 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Kalypso real\Application Data\U3\temp\cleanup.exe
[2006.10.04 14:21:22 | 003,072,000 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\Kalypso real\Application Data\U3\temp\Launchpad Removal.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2012.04.24 16:28:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.07.15 11:36:52 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
[2006.01.01 02:12:07 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006.01.01 02:12:07 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.01.01 02:12:07 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2012.04.24 16:16:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerApp.exe
[2012.04.24 16:16:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
[2012.04.24 16:35:51 | 008,079,252 | ---- | M] () -- C:\WINDOWS\system32\lg.dat
[2012.04.24 16:15:30 | 000,088,566 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
[2012.04.24 16:16:59 | 000,072,332 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2012.04.24 16:16:59 | 000,444,456 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2012.04.24 16:16:59 | 000,526,818 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2012.04.24 16:15:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
< %SYSTEMDRIVE%\*.exe >
[2007.09.11 10:37:37 | 014,548,240 | ---- | M] (InstallShield Software Corporation) -- C:\freedwgviewer.exe
[2007.10.03 11:23:54 | 010,656,216 | ---- | M] () -- C:\JoostSetup-Beta-1.0.exe
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"SynTPE.exe" = C:\Program Files\SynTPE.exe -- [2007.06.13 06:15:34 | 000,045,056 | ---- | M] ()
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2011.10.13 09:27:14 | 017,351,304 | R--- | M] (Skype Technologies S.A.)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008.04.14 02:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2008.04.14 02:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\Program Files\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
[2012.03.05 16:04:30 | 000,949,104 | ---- | M] (Opera Software) MD5=CC7001E619906A0FF78C162A0A39D5B7 -- C:\Program Files\Opera\opera.exe
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.04.24 16:30:36 | 000,000,512 | ---- | M] () MD5=FBAF3C2CBF18FF8643C54C5601C5097A -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2009.06.04 10:12:38 | 000,000,478 | ---- | M] () -- \Documents and Settings\Administrator\Recent\Crack.lnk
[2012.04.24 16:26:12 | 000,001,079 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Application Data\MyAshampoo\Rss\http___crackle_com_rss_media_sxsw_featured_rss.xml
< *keygen* /s >
< *loader* /s >
[2012.04.24 16:16:10 | 000,000,412 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Temporary Internet Files\Content.IE5\F4OXHDB7\AdLoader[1].html
[2012.01.05 12:15:34 | 000,000,723 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Temporary Internet Files\Content.IE5\F4OXHDB7\downloaderror[1].js
[2012.04.24 16:16:10 | 000,000,652 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Temporary Internet Files\Content.IE5\FKWJXXHS\AdLoader[1].htm
[2012.01.05 12:15:32 | 000,007,900 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Temporary Internet Files\Content.IE5\FKWJXXHS\bundleloader[1].js
[2012.03.27 16:12:45 | 000,010,364 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Temporary Internet Files\Content.IE5\YDQ3CF41\AdLoader-31f86c1d55aec17be3f2a203a8e4fb19.min[2].js
[2012.01.05 12:15:34 | 000,001,174 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Temporary Internet Files\Content.IE5\YDQ3CF41\downloader[1].js
[2005.06.07 13:25:46 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2006.02.28 14:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2008.04.14 02:11:52 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.13 20:31:43 | 000,230,400 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.13 20:31:44 | 000,278,016 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 02:11:52 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2008.04.14 02:11:52 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dllcache\dmloader.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 353 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\Kalypso real\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy
1022,42 Mb Total Physical Memory | 411,54 Mb Available Physical Memory | 40,25% Memory free
2,40 Gb Paging File | 1,83 Gb Available in Paging File | 76,06% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 0,68 Gb Free Space | 3,46% Space Free | Partition Type: NTFS
Drive E: | 166,77 Gb Total Space | 137,74 Gb Free Space | 82,60% Space Free | Partition Type: NTFS
Computer Name: KALYPSO | User Name: Kalypso real | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2012.04.24 16:26:51 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kalypso real\Desktop\OTL.exe
PRC - [2012.03.05 16:04:30 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.06.13 06:15:34 | 000,045,056 | ---- | M] () -- C:\Program Files\SynTPE.exe
PRC - [2005.10.18 16:00:10 | 000,241,152 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
========== Modules (No Company Name) ==========
MOD - [2012.04.24 16:16:08 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2011.10.28 11:48:31 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011.10.28 11:35:09 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011.10.28 11:34:59 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011.10.28 11:34:40 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011.10.28 11:32:16 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011.10.28 11:31:50 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2008.04.14 02:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008.04.14 02:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007.06.13 06:15:34 | 000,045,056 | ---- | M] () -- C:\Program Files\SynTPE.exe
MOD - [2006.12.06 19:13:54 | 000,315,392 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2006.12.03 15:53:06 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006.10.22 13:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2001.07.31 12:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.24 16:16:08 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2005.10.18 16:00:10 | 000,241,152 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2002.08.01 11:22:40 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbVM303.sys -- (ZSMC303)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\KALYPS~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2009.07.15 11:36:52 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007.07.16 18:08:04 | 000,022,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2006.02.23 05:39:06 | 000,011,264 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt)
DRV - [2006.02.23 05:38:32 | 000,009,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2005.10.19 18:00:00 | 000,011,264 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2005.10.18 16:01:38 | 000,011,008 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2005.08.11 15:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2004.10.27 16:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2475029
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT2475029
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
O1 HOSTS File: ([2011.05.24 12:48:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\Toolbar\ShellBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-299502267-484763869-682003330-1004..\Run: [SynTPE.exe] C:\Program Files\SynTPE.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-484763869-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-484763869-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-484763869-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-299502267-484763869-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML File not found
O8 - Extra context menu item: Previesť cieľ odkazu do formátu Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Previesť do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Pridať cieľ odkazu do existujúceho súboru PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Pridať do existujúceho súboru PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} http://everquest2.station.sony.com/syst ... ysinfo.cab (SOESysInfo Control)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A6C00A8-9CED-4C2B-B820-A756E0213F19}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/KALYPS~1/LOCALS~1/Temp/msohtml1/01/clip_image001.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Kalypso real\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kalypso real\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.03.11 11:59:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.03.11 11:59:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.CSW -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1056
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2012.04.24 16:26:37 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kalypso real\Desktop\OTL.exe
[2012.04.24 16:16:08 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2011.06.27 14:29:41 | 003,081,354 | ---- | C] (Autodesk) -- C:\Program Files\MGControl65.EXE
[2011.01.16 16:32:46 | 038,808,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\FileFormatConverters.exe
========== Files - Modified Within 7 Days ==========
[2012.04.24 16:30:36 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.04.24 16:28:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.04.24 16:26:51 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kalypso real\Desktop\OTL.exe
[2012.04.24 16:25:42 | 008,072,280 | ---- | M] () -- C:\WINDOWS\System32\lg.dat
[2012.04.24 16:16:59 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.04.24 16:16:59 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.04.24 16:16:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.04.24 16:16:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.04.24 16:15:30 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.04.24 16:15:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.04.24 16:15:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.04.23 09:50:57 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Kalypso real\Desktop\RSIT.exe
========== Files Created - No Company Name ==========
[2012.04.24 16:30:36 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.04.24 16:16:09 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.04.23 09:50:56 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Kalypso real\Desktop\RSIT.exe
[2012.02.16 21:15:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.05.24 12:40:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.05.24 12:40:48 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.03.14 11:49:13 | 068,138,099 | ---- | C] () -- C:\Program Files\Zoner Photo Studio Professional 12 (Sestavení 5) (12.0.1.5) CZ+KEY.rar
========== LOP Check ==========
[2009.06.04 09:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2011.11.26 12:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2007.03.29 09:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blueberry
[2007.01.29 14:43:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009.07.15 13:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012.01.05 17:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2012.01.05 17:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009.06.04 13:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2007.03.31 11:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.06.04 10:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2007.03.11 12:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\1.0.0.0
[2007.09.14 18:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ACD Systems
[2011.11.26 12:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Ashampoo
[2007.03.29 09:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Blueberry
[2011.11.10 12:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Canon
[2011.11.10 12:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Canon Easy-WebPrint EX
[2007.03.11 12:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\CÍGLER SOFTWARE, a.s
[2009.07.21 10:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\DAEMON Tools Lite
[2007.04.21 09:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ICQ
[2008.04.23 12:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ICQ Toolbar
[2006.12.16 19:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ICQLite
[2007.06.06 11:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\MSNInstaller
[2006.12.15 18:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Opera
[2011.03.23 11:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\PDF reDirect
[2012.04.24 16:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\PriceGong
[2007.04.09 19:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\SecondLife
[2009.12.17 10:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Softland
[2009.07.15 09:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\TeamViewer
[2012.02.07 13:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\The Bat!
[2011.03.14 11:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Zoner
[2009.12.17 10:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
========== Purity Check ==========
========== Custom Scans ==========
< >
< >
< MD5 for: ATAPI.SYS >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.11.02 15:25:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.11.02 15:25:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008.04.14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2006.02.28 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
< MD5 for: CDROM.SYS >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2010.11.02 15:25:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2010.11.02 15:25:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006.02.28 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 13:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 12:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2006.02.28 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
< MD5 for: HAL.DLL >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2010.11.02 15:25:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2010.11.02 15:25:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2006.02.28 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
< MD5 for: SCECLI.DLL >
[2006.02.28 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SVCHOST.EXE >
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006.02.28 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TCPIP.SYS >
[2006.04.20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.02.28 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2006.02.28 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2006.02.28 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< >
< %systemroot%*.* /U /s >
[16 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[13 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\108d8644578af5af4333f94264679a7b\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\108d8644578af5af4333f94264679a7b\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\1cd27d58453bc45b72c3cf357ec8c6ce\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\1cd27d58453bc45b72c3cf357ec8c6ce\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\2dc74abc95c4d6cd6ee5e1abe0e7e256\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\2dc74abc95c4d6cd6ee5e1abe0e7e256\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\38f47e51c38a7a0ebc9c39dca1edd5a6\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\38f47e51c38a7a0ebc9c39dca1edd5a6\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\c96fd9999dc8f96af6e0c593767c2c72\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\c96fd9999dc8f96af6e0c593767c2c72\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\ce3980e828a48318d40932bc7ed338ad\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\ce3980e828a48318d40932bc7ed338ad\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\ce5f0506e9ad054a6cd4c2a90b207e10\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\ce5f0506e9ad054a6cd4c2a90b207e10\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\d6d7b1f3cb291e4c7336512a511a9e58\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\d6d7b1f3cb291e4c7336512a511a9e58\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\daa4daae7e044164b6b67fd9bfc0934f\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\daa4daae7e044164b6b67fd9bfc0934f\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\dd1d31f82e16f1dce87e833fd358b78e\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\dd1d31f82e16f1dce87e833fd358b78e\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
[2007.09.11 10:37:37 | 014,548,240 | ---- | M] (InstallShield Software Corporation) -- C:\freedwgviewer.exe
[2007.10.03 11:23:54 | 010,656,216 | ---- | M] () -- C:\JoostSetup-Beta-1.0.exe
< %ALLUSERSPROFILE%\Application Data\*. >
[2012.01.11 09:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007.01.18 11:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2011.11.26 12:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2007.03.29 09:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blueberry
[2007.01.29 14:43:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2006.12.18 21:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009.07.15 13:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012.01.05 17:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2012.01.05 17:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009.06.04 13:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011.11.29 11:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009.06.04 09:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.01.05 17:23:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011.10.28 11:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011.07.11 11:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2007.03.31 11:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011.01.16 16:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009.06.04 10:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009.11.18 22:57:54 | 000,046,496 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\9.2\ARM\Elevator.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\22621\AcrobatUpdater.exe
[2012.01.03 09:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\22621\AdobeARM.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\22621\AdobeARMHelper.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\22621\ReaderUpdater.exe
[2011.06.06 22:45:23 | 001,560,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1029-7B44-AA1000000001}\setup.exe
[2005.03.08 20:16:10 | 000,023,040 | ---- | M] (CANON INC.) -- C:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\Cnmvsa.exe
[2005.08.26 07:00:00 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\helpkicker.exe
[2011.11.28 12:40:40 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
< %APPDATA%\*. >
[2007.03.11 12:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\1.0.0.0
[2007.09.14 18:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ACD Systems
[2012.01.05 17:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Adobe
[2006.12.16 00:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\AdobeUM
[2006.12.15 17:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Ahead
[2011.11.26 12:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Ashampoo
[2007.03.29 09:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Blueberry
[2011.11.10 12:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Canon
[2011.11.10 12:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Canon Easy-WebPrint EX
[2007.03.11 12:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\CÍGLER SOFTWARE, a.s
[2009.07.21 10:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\DAEMON Tools Lite
[2007.07.10 20:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\dvdcss
[2011.05.24 11:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Google
[2007.01.31 11:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Help
[2007.04.21 09:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ICQ
[2008.04.23 12:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ICQ Toolbar
[2006.12.16 19:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ICQLite
[2006.01.01 01:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Identities
[2007.10.03 11:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Joost
[2007.05.31 08:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Lavasoft
[2006.12.15 20:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Macromedia
[2009.06.04 13:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Malwarebytes
[2012.01.05 12:25:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Kalypso real\Application Data\Microsoft
[2007.04.21 09:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Mozilla
[2007.06.06 11:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\MSNInstaller
[2006.12.15 18:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Opera
[2011.03.23 11:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\PDF reDirect
[2012.04.24 16:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\PriceGong
[2007.04.09 19:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\SecondLife
[2012.04.24 16:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Skype
[2011.07.11 11:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\skypePM
[2009.12.17 10:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Softland
[2007.01.26 13:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Sun
[2007.07.10 11:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\teamspeak2
[2009.07.15 09:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\TeamViewer
[2012.02.07 13:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\The Bat!
[2010.02.05 12:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\U3
[2007.06.15 22:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Ventrilo
[2007.04.13 19:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\vlc
[2011.03.14 11:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\Zoner
< %APPDATA%\*.exe /s >
[2007.05.04 20:45:10 | 000,846,312 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Kalypso real\Application Data\MSNInstaller\msnauins.exe
[2006.08.15 11:15:04 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Kalypso real\Application Data\U3\temp\cleanup.exe
[2006.10.04 14:21:22 | 003,072,000 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\Kalypso real\Application Data\U3\temp\Launchpad Removal.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2012.04.24 16:28:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.07.15 11:36:52 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
[2006.01.01 02:12:07 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006.01.01 02:12:07 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.01.01 02:12:07 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2012.04.24 16:16:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerApp.exe
[2012.04.24 16:16:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
[2012.04.24 16:35:51 | 008,079,252 | ---- | M] () -- C:\WINDOWS\system32\lg.dat
[2012.04.24 16:15:30 | 000,088,566 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
[2012.04.24 16:16:59 | 000,072,332 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2012.04.24 16:16:59 | 000,444,456 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2012.04.24 16:16:59 | 000,526,818 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2012.04.24 16:15:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
< %SYSTEMDRIVE%\*.exe >
[2007.09.11 10:37:37 | 014,548,240 | ---- | M] (InstallShield Software Corporation) -- C:\freedwgviewer.exe
[2007.10.03 11:23:54 | 010,656,216 | ---- | M] () -- C:\JoostSetup-Beta-1.0.exe
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"SynTPE.exe" = C:\Program Files\SynTPE.exe -- [2007.06.13 06:15:34 | 000,045,056 | ---- | M] ()
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2011.10.13 09:27:14 | 017,351,304 | R--- | M] (Skype Technologies S.A.)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008.04.14 02:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2008.04.14 02:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\Program Files\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
[2012.03.05 16:04:30 | 000,949,104 | ---- | M] (Opera Software) MD5=CC7001E619906A0FF78C162A0A39D5B7 -- C:\Program Files\Opera\opera.exe
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.04.24 16:30:36 | 000,000,512 | ---- | M] () MD5=FBAF3C2CBF18FF8643C54C5601C5097A -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2009.06.04 10:12:38 | 000,000,478 | ---- | M] () -- \Documents and Settings\Administrator\Recent\Crack.lnk
[2012.04.24 16:26:12 | 000,001,079 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Application Data\MyAshampoo\Rss\http___crackle_com_rss_media_sxsw_featured_rss.xml
< *keygen* /s >
< *loader* /s >
[2012.04.24 16:16:10 | 000,000,412 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Temporary Internet Files\Content.IE5\F4OXHDB7\AdLoader[1].html
[2012.01.05 12:15:34 | 000,000,723 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Temporary Internet Files\Content.IE5\F4OXHDB7\downloaderror[1].js
[2012.04.24 16:16:10 | 000,000,652 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Temporary Internet Files\Content.IE5\FKWJXXHS\AdLoader[1].htm
[2012.01.05 12:15:32 | 000,007,900 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Temporary Internet Files\Content.IE5\FKWJXXHS\bundleloader[1].js
[2012.03.27 16:12:45 | 000,010,364 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Temporary Internet Files\Content.IE5\YDQ3CF41\AdLoader-31f86c1d55aec17be3f2a203a8e4fb19.min[2].js
[2012.01.05 12:15:34 | 000,001,174 | ---- | M] () -- \Documents and Settings\Kalypso real\Local Settings\Temporary Internet Files\Content.IE5\YDQ3CF41\downloader[1].js
[2005.06.07 13:25:46 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2006.02.28 14:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2008.04.14 02:11:52 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.13 20:31:43 | 000,230,400 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.13 20:31:44 | 000,278,016 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 02:11:52 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2008.04.14 02:11:52 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dllcache\dmloader.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 353 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >
Re: Velmi pomale PC
Spustte znovu OTL
- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kód: Vybrat vše
:otl DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\KALYPS~1\LOCALS~1\Temp\catchme.sys -- (catchme) IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2475029 IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.) IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll File not found O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\Toolbar\ShellBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found O3 - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found O3 - HKU\S-1-5-21-299502267-484763869-682003330-1004\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.) [2011.03.14 11:49:13 | 068,138,099 | ---- | C] () -- C:\Program Files\Zoner Photo Studio Professional 12 (Sestavení 5) (12.0.1.5) CZ+KEY.rar [2009.06.04 10:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} [2008.04.23 12:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalypso real\Application Data\ICQ Toolbar [16 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ] [13 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ] [1 C:\WINDOWS\SoftwareDistribution\Download\108d8644578af5af4333f94264679a7b\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\108d8644578af5af4333f94264679a7b\*.tmp -> ] [1 C:\WINDOWS\SoftwareDistribution\Download\1cd27d58453bc45b72c3cf357ec8c6ce\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\1cd27d58453bc45b72c3cf357ec8c6ce\*.tmp -> ] [1 C:\WINDOWS\SoftwareDistribution\Download\2dc74abc95c4d6cd6ee5e1abe0e7e256\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\2dc74abc95c4d6cd6ee5e1abe0e7e256\*.tmp -> ] [1 C:\WINDOWS\SoftwareDistribution\Download\38f47e51c38a7a0ebc9c39dca1edd5a6\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\38f47e51c38a7a0ebc9c39dca1edd5a6\*.tmp -> ] [1 C:\WINDOWS\SoftwareDistribution\Download\c96fd9999dc8f96af6e0c593767c2c72\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\c96fd9999dc8f96af6e0c593767c2c72\*.tmp -> ] [1 C:\WINDOWS\SoftwareDistribution\Download\ce3980e828a48318d40932bc7ed338ad\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\ce3980e828a48318d40932bc7ed338ad\*.tmp -> ] [1 C:\WINDOWS\SoftwareDistribution\Download\ce5f0506e9ad054a6cd4c2a90b207e10\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\ce5f0506e9ad054a6cd4c2a90b207e10\*.tmp -> ] [1 C:\WINDOWS\SoftwareDistribution\Download\d6d7b1f3cb291e4c7336512a511a9e58\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\d6d7b1f3cb291e4c7336512a511a9e58\*.tmp -> ] [1 C:\WINDOWS\SoftwareDistribution\Download\daa4daae7e044164b6b67fd9bfc0934f\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\daa4daae7e044164b6b67fd9bfc0934f\*.tmp -> ] [1 C:\WINDOWS\SoftwareDistribution\Download\dd1d31f82e16f1dce87e833fd358b78e\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\dd1d31f82e16f1dce87e833fd358b78e\*.tmp -> ] [2012.04.24 16:28:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job @Alternate Data Stream - 353 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF :reg [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"=- "MSMSGS"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run VNC Server.lnk :files %windir%\system32\*.tmp.dll /s %windir%\system32\SET*.tmp /s %windir%\*.tmp :commands [RESETHOSTS] [EMPTYTEMP] [EMPTYFLASH]- Nasledne kliknete na Opravit
- PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
martinstriska
- Návštěvník
- Příspěvky: 4
- Registrován: 23 dub 2012 08:48
Re: Velmi pomale PC
All processes killed
========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\KALYPS~1\LOCALS~1\Temp\catchme.sys not found.
HKU\S-1-5-21-299502267-484763869-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-299502267-484763869-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-299502267-484763869-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ deleted successfully.
C:\Program Files\MyAshampoo\prxtbMyA2.dll moved successfully.
HKEY_USERS\S-1-5-21-299502267-484763869-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-299502267-484763869-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ not found.
File C:\Program Files\MyAshampoo\prxtbMyA2.dll not found.
Registry value HKEY_USERS\S-1-5-21-299502267-484763869-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-21-299502267-484763869-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-21-299502267-484763869-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}\ not found.
File C:\Program Files\MyAshampoo\prxtbMyA2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
File C:\Program Files\Zoner Photo Studio Professional 12 (Sestavení 5) (12.0.1.5) CZ+KEY.rar not found.
C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} folder moved successfully.
C:\Documents and Settings\Kalypso real\Application Data\ICQ Toolbar folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP152.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP154.tmp\System.Core.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP154.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP237.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP257.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP268.tmp\ReachFramework.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP268.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP27E.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2C6.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP31FA.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP352.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP445.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4C2.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP51B.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP549.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP56E.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7C.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8B8.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8C7.tmp folder deleted successfully.
C:\WINDOWS\Installer\MSI14.tmp deleted successfully.
C:\WINDOWS\Installer\MSI15.tmp deleted successfully.
C:\WINDOWS\Installer\MSI15E.tmp deleted successfully.
C:\WINDOWS\Installer\MSI16.tmp deleted successfully.
C:\WINDOWS\Installer\MSI166.tmp deleted successfully.
C:\WINDOWS\Installer\MSI56.tmp deleted successfully.
C:\WINDOWS\Installer\MSI5F.tmp deleted successfully.
C:\WINDOWS\Installer\MSI82.tmp deleted successfully.
C:\WINDOWS\Installer\MSI89.tmp deleted successfully.
C:\WINDOWS\Installer\MSIBB.tmp deleted successfully.
C:\WINDOWS\Installer\MSIC6.tmp deleted successfully.
C:\WINDOWS\Installer\MSIE5D.tmp deleted successfully.
C:\WINDOWS\Installer\MSIE65.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\108d8644578af5af4333f94264679a7b\BIT15.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\1cd27d58453bc45b72c3cf357ec8c6ce\BITE.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\2dc74abc95c4d6cd6ee5e1abe0e7e256\BIT22.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\38f47e51c38a7a0ebc9c39dca1edd5a6\BIT13.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\c96fd9999dc8f96af6e0c593767c2c72\BIT30.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\ce3980e828a48318d40932bc7ed338ad\BIT32.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\ce5f0506e9ad054a6cd4c2a90b207e10\BIT5.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\d6d7b1f3cb291e4c7336512a511a9e58\BIT2F.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\daa4daae7e044164b6b67fd9bfc0934f\BIT1D.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\dd1d31f82e16f1dce87e833fd358b78e\BITB.tmp deleted successfully.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run VNC Server.ln\ not found.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Opera cache emptied: 0 bytes
User: Administrator.KALYPSO
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
User: Kalypso real
->Temp folder emptied: 223111951 bytes
->Temporary Internet Files folder emptied: 76348114 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 31316928 bytes
->Flash cache emptied: 8216 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2906810 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13554930 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 4923395024 bytes
Total Files Cleaned = 5 027,00 mb
[EMPTYFLASH]
User: Administrator
User: Administrator.KALYPSO
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: Kalypso real
->Flash cache emptied: 0 bytes
User: LocalService
User: LogMeInRemoteUser
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.41.0 log created on 04242012_172049
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\KALYPS~1\LOCALS~1\Temp\catchme.sys not found.
HKU\S-1-5-21-299502267-484763869-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-299502267-484763869-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-299502267-484763869-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ deleted successfully.
C:\Program Files\MyAshampoo\prxtbMyA2.dll moved successfully.
HKEY_USERS\S-1-5-21-299502267-484763869-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-299502267-484763869-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ not found.
File C:\Program Files\MyAshampoo\prxtbMyA2.dll not found.
Registry value HKEY_USERS\S-1-5-21-299502267-484763869-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-21-299502267-484763869-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-21-299502267-484763869-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}\ not found.
File C:\Program Files\MyAshampoo\prxtbMyA2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
File C:\Program Files\Zoner Photo Studio Professional 12 (Sestavení 5) (12.0.1.5) CZ+KEY.rar not found.
C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} folder moved successfully.
C:\Documents and Settings\Kalypso real\Application Data\ICQ Toolbar folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP152.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP154.tmp\System.Core.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP154.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP237.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP257.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP268.tmp\ReachFramework.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP268.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP27E.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2C6.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP31FA.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP352.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP445.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4C2.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP51B.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP549.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP56E.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7C.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8B8.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8C7.tmp folder deleted successfully.
C:\WINDOWS\Installer\MSI14.tmp deleted successfully.
C:\WINDOWS\Installer\MSI15.tmp deleted successfully.
C:\WINDOWS\Installer\MSI15E.tmp deleted successfully.
C:\WINDOWS\Installer\MSI16.tmp deleted successfully.
C:\WINDOWS\Installer\MSI166.tmp deleted successfully.
C:\WINDOWS\Installer\MSI56.tmp deleted successfully.
C:\WINDOWS\Installer\MSI5F.tmp deleted successfully.
C:\WINDOWS\Installer\MSI82.tmp deleted successfully.
C:\WINDOWS\Installer\MSI89.tmp deleted successfully.
C:\WINDOWS\Installer\MSIBB.tmp deleted successfully.
C:\WINDOWS\Installer\MSIC6.tmp deleted successfully.
C:\WINDOWS\Installer\MSIE5D.tmp deleted successfully.
C:\WINDOWS\Installer\MSIE65.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\108d8644578af5af4333f94264679a7b\BIT15.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\1cd27d58453bc45b72c3cf357ec8c6ce\BITE.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\2dc74abc95c4d6cd6ee5e1abe0e7e256\BIT22.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\38f47e51c38a7a0ebc9c39dca1edd5a6\BIT13.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\c96fd9999dc8f96af6e0c593767c2c72\BIT30.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\ce3980e828a48318d40932bc7ed338ad\BIT32.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\ce5f0506e9ad054a6cd4c2a90b207e10\BIT5.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\d6d7b1f3cb291e4c7336512a511a9e58\BIT2F.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\daa4daae7e044164b6b67fd9bfc0934f\BIT1D.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\dd1d31f82e16f1dce87e833fd358b78e\BITB.tmp deleted successfully.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run VNC Server.ln\ not found.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Opera cache emptied: 0 bytes
User: Administrator.KALYPSO
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
User: Kalypso real
->Temp folder emptied: 223111951 bytes
->Temporary Internet Files folder emptied: 76348114 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 31316928 bytes
->Flash cache emptied: 8216 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2906810 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13554930 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 4923395024 bytes
Total Files Cleaned = 5 027,00 mb
[EMPTYFLASH]
User: Administrator
User: Administrator.KALYPSO
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: Kalypso real
->Flash cache emptied: 0 bytes
User: LocalService
User: LogMeInRemoteUser
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.41.0 log created on 04242012_172049
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Re: Velmi pomale PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478Panel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
Doporucuji provest defragmentaci disku
- Nejjednodussi (ale nejmene ucinny) zpusob je pomoci utility ve windowsech
- Kliknete na Tento pocitac, dale na disk kliknete pravym tlacitkem, vyberte Vlastnosti
- prepnete se do zalozky Nastroje
- Nyni vidite pomucky Defragmentace - spustte ji kliknutim na Defragmentovat
- Toto provedte se vsemi disky
- Dalsi moznosti (a mnou doporucenou) je pres programek Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
- Program stahnete, nainstalujte (dejte fajfku pryc u yahoo toolbaru) a spustte
- Kliknete na Analyzovat
- Pokud je ve sloupci Fragmentováno vice jak 5%, doporucuji provest defragmentaci (klik na Defragmentovat)
- Postup provedte se vsemi disky
- Posledni moznost je pres jednoduchy programek JKDefrag http://www.stahuj.centrum.cz/utility_a_ ... /jkdefrag/
- Vyhodou programku je, ze se neinstaluje
- Staci tedy jen stahnout dle verze vaseho OS a rozbalit
- Nasledne spustit pomoci souboru JKDefrag pripadne JKDefrag64
- Probehne analyza disku a nasledne i defragmentace
Napiste co PC"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?